DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Continued Examination Under 37 CFR 1.114
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection.  Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114.  Applicant's submission filed on 09/29/2021 has been entered.
 
Response to Amendment
The amendment filed 09/29/2021 has been entered. Claims 21-26, 28-29, 32-34, 36 and 39-40 have been amended. Claims 21-40 are pending and are examined herein.

Response to Arguments

Applicant argues that the prior art only discloses enforcing security at the cloud-based level, where the presently claimed system enforces security at the device level. (Applicant Arguments/Remarks, page 11).
However, Examiner relies on Logue to teach these limitations, see the newly crafted rejection, infra. Logue teaches a device level authentication module 122 that is operable to authenticate the client device 104 [Fig. 4, C.14:L.49-50].

Claim Objections
Claims 21, 2, 24, 28, 31, 36 and 38 are objected to because of the following informalities:  
Claim 21 recites in line 21, “a request for a data source upload” which is unclear. For the purpose of prior art analysis, Examiner assumes this likely intended to recite, “a request for data upload from the data source device”.
Similarly, Examiner assumes the limitation “store the data source upload…” in line 25,  likely intended to recite “store the uploaded data…” and the limitation “reject the data source upload…” in line 27, likely intended to recite “reject the data upload…”.

Claims 24, 28, 31, 36 and 38 are objected for the same reason. Examiner assumes the limitation “…the data source upload…”,  likely intended to recite “…the data upload…”.
Claim 28 recites in line 23, “reject the upload data request…” which Examiner assumes likely intended to recite, “reject the data upload request…”
Appropriate correction is required.

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective 

Claims 21-24 are rejected under 35 U.S.C. 103 as being unpatentable over Logue et al. (US Patent No. 8539567, hereinafter “Logue”) in view of Asenjo et al. (US 2015/0281233 A1, hereinafter “Asenjo”) further in view of Bayyapu (US 2005/0015488, hereinafter “Bayyapu”).

Regarding Claim 21, Logue teaches a system for providing access to a historian comprising: a historian server [e.g., remote server 102 in Fig. 1]; and a data source device [e.g., Client device 104 in Fig. 1] comprising a configurator module and a non­transitory computer readable medium comprising instructions that when executed by a processor cause the data source device to implement ([Fig. 4], a authentication module 122. [Fig. 35] computer-readable medium 2510): communicate, by the configurator module, with the historian server and the publisher module ([Fig. 14, C.14:L.18-22, 28-32], The client device 104 includes a number of different functional modules, including a security module 120, an authentication module 122, a reconciliation module 124, … The security module 120 is operable to provide secure  communications between the client device and other elements of the system 100, such as the registration server 112 and/or synchronization server 114);
accept, by the configurator module, a data source device registration request to register the data source device as a registered data source ([Fig 10, C.25:L.57-60]], communicates a registration request to the registration server 112. [Fig. 11, C.30:L.60-61] The access device communicate a registration request to the registration server 112);
generate, by the configurator module, a data source ID and a data source secret in response to the data source device registration request ([C.70:L.1-2, 6-14],  the registration server 112 generates assigned credentials for the connected client device 104… The assigned credentials may include, e.g., an assigned identifier that uniquely identifies the client device 104…The assigned credentials may also include an assigned secret where the assigned secret is a unique string or data sequence associated with the client device that is known only to the client device and the registration server); 
send, by the configurator module, the data source ID and the data source secret to the historian server as a historian data source ID and a historian data source secret ([C.70:L.1-6], …the registration server 112 …stores the assigned credentials in a storage element accessible by various elements of the remote server 102. For example, the registration server 112 may store the assigned credentials as the assigned credentials 199 in the storage element 118. Since, Logue teaches the registration server 112 stores the assigned credentials in a storage element 118 [Fig. 3], therefore, the examiner interpreted the registration 
send, by the configurator module, the data source ID and the data source secret to the publisher module as a client data source ID and a client data source secret ([C.70:L.1-2, 6-19],  the registration server 112 generates assigned credentials for the connected client device 104… The assigned credentials may include, e.g., an assigned identifier that uniquely identifies the client device 104…The assigned credentials may also include an assigned secret where the assigned secret is a unique string or data sequence associated with the client device that is known only to the client device and the registration server…Once the assigned credentials are generated, the assigned credentials are communicated to the client device 104.);
receive, by the publisher module, the client data source ID and the client data source secret from the configurator module ([C.70:L.47-51], Upon receiving a communication from a client device 104, processing continues to operation 1864, where the synchronization server 114 determines whether or not it received assigned credentials [e.g., the client data source ID and the client data source secret] from the client device 104);
encrypt, by the publisher module, the client data source ID and the client data source secret ([C.73:L.38-41]…the assigned credentials that are stored at the 
compare, by the configurator module, the client data source ID and the client data source secret to the historian data source ID and the historian data source secret, respectively, to check if they are a valid match ([C.71:L.1-3, 10-20]] the synchronization server 114 determines whether the assigned credentials presented by the client device are valid….  the synchronization server 114 compares the received assigned credentials [e.g., the client data source ID and the client data source secret]  with previously stored assigned credentials [e.g., the historian data source ID and the historian data source secret]. If the received assigned credentials are identical to the previously stored assigned credentials associated with the connected client device 104, then the received credentials are determined to be valid);
reject the data source upload if the match is not valid ([Fig. 28D, C.71:L.1-7] In operation 1870, the synchronization server 114 determines whether the assigned credentials presented by the client device are valid. If they are valid, processing may continue…Otherwise, processing may continue to operation 1868 where access is denied); 
wherein the data source ID and the data source secret uniquely identifies the registered data source ([C.70:L.6-16], The assigned credentials may include, ; and
wherein the system is configured to enforce security of communication with the historian at the data source device ([Fig. 28D, C.70:L.57-59, 65-67], the synchronization server 114, prior to granting access to one or more secure resources, determines whether or not its connection with the client device 104 is secure….If the synchronization server 114 determines that its connection with the client device 104 is secure, then processing may continue).
However, Logue does not explicitly teach, but Asenjo teaches a historian server ([⁋ 0067], process historian data for archival storage in a historical database on cloud storage in cloud platform); receive, by the configurator module, a request for a data source upload ([⁋ 0053], The data can be transmitted to the cloud platform 302 by the cloud agent 340. [Fig. 13, ⁋ 0087], At 1306, one or more data packets that are encrypted based on the access key are received from the cloud agent device); store the data source upload on the historian server if the match is valid ([⁋ 0047], after a cloud agent device is authenticated, the cloud data processing component 203 can be configured to receive, at a cloud platform that authenticated the cloud agent device, one or more data packets from the cloud ; wherein the configuration module is configured and arranged to allow automatic uploading from the registered data source to the historian regardless of whether a user is connected to the registered data source ([⁋ 0067] user can define an upload frequency and ([⁋ 0040], After being authorized by the cloud platform 102, the cloud agent can transfer data to storage associated with the cloud platform 102. Therefore, it would be realized that based on the define frequency, the cloud agent automatically upload the data to the cloud platform regardless of whether a user is connected to the registered data source).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to incorporate the teachings of Asenjo with Logue in order to upload data to a historian server in a cloud platform from authorized device as taught by Asenjo, because it would ensure secure uploading data to a historian server.
Logue in view of Asenjo do not explicitly teach, however, Bayyapu teaches a publisher module ([⁋ 0089], a subscriber module for registering a subscription request and a publisher module for sending data to the initiating data acquisition device).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to incorporate the teachings of Bayyapu with Logue and Asenjo in order to have a publisher module to 

Regarding Claim 22, while, Logue teaches the system of claim 21, wherein the client data source ID and the client data source secret are received together with the request from the registered data source ([C.16:L.49-55], the assigned credentials may include one or more of a variety of information, such as a scheme that identifies the type of credentials (i.e., assigned credentials), an identifier (e.g., a serial number, a MAC address, etc.) that uniquely identifies the device, and a secret (e.g., a random number) that is known to the client device 104 and the remote server 102. [Fig. 28D] In operation 1864, receive the assigned credentials).
However, Logue in view of Bayyapu do not explicitly teach, but Asenjo teaches the client data source ID and the client data source secret are received together  with the data source upload uploaded data for each data source upload request ([⁋⁋ 0069-0070], …cloud agent encapsulates or packages the compressed data file by adding customer-specific header information to yield a compressed data packed. …header can include a unique customer identifier, a site identifier representing a particular plant facility,…information associated with the header can be related to an access key for a cloud agent that generated the compressed data packet. …cloud agent 340 sends a data packet to the cloud-based remote 
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to incorporate the teachings of Asenjo with Logue and Bayyapu in order to receive the assigned credentials together with the data upload request as taught by Asenjo, because it would ensure uploading data from an secured device.

Regarding Claim 23, Logue teaches the system of claim 22, wherein the configurator module is configured and arranged to accept user information from the registered data source, the user information comprising user credentials ([C.30:L.60-67], The access device 110 may then communicate a registration request to the registration server 112… the access device 110 may not have a device identifier hard coded therein. Rather, a user may enter a user identifier (e.g., a login name) as the device identifier, which is subsequently communicated as part of the registration request).

Regarding Claim 24, Logue teaches the system of claim 23, wherein the configurator module is configured and arranged to accept the data source upload from the registered data source even when there are no user credentials to check ([Fig. 30B, C.77:L.20-30], In operation 2018  the client device 104 communicates its assigned credentials to the synchronization server 114. The assigned credentials typically include a device identifier and a device secret. … operation 2020, where the client device determines whether the assigned credentials it communicated to the synchronization server 114 were successfully accepted (i.e., determined to be valid) by the synchronization server 114. If the assigned credentials were accepted, processing may continue to operation 2022, where the client device communicates with the synchronization server using its assigned credentials. Since, Logue teaches the device communicates with the synchronization server using assigned credentials, therefore, given the broadest reasonable interpretation, the examiner interpreted accept the data source upload [e.g., communication] from the registered data source [e.g., the client device] even when there are no user credentials to check).

Claims 25-27 are rejected under 35 U.S.C. 103 as being unpatentable over Logue in view of Asenjo and Bayyapu further in view of Gorman et al. (US 2014/0283140, hereinafter “Gorman”).

Regarding Claim 25, Although Logue teaches assigned credentials are credentials such as a secret password, known to the client device  and the remote  the system of claim 24, wherein one or more users registering the registered data source do not have access to the data source ID or the data source secret ([⁋ 0033], The server generates unique codes [e.g., data source secret] …The codes may be stored on the user device in the areas of persistent RAM or the like that are inaccessible by the user).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Logue, Asenjo and Bayyapu with Gorman in order to store unique code on the user device in the areas that is inaccessible to the users as taught by Gorman, because it would prevents the unique codes from being corrupted by the user.

Regarding Claim 26, Logue teaches the system of claim 25, further comprising the registered data source ([C.18:L.19-20], client devices 104 (i.e., a subset of all client devices 104 that are registered with the registration server 112)); wherein the data source ID and data source secret are encrypted ([C.69:L.23-25], The default secret may, e.g., be the default identifier encrypted using the manufacturing key identified by the manufacturing key identifier. [C.73:L.38-41], the recently assigned credentials may be encrypted using any suitable key known to both the remote server 102 and the client device 104).
wherein the one or more users cannot copy the data source ID and data secret from the registered data source to another data source device ([⁋ 0033], The server generates unique codes [e.g., data source secret] …The codes may be stored on the user device in the areas of persistent RAM or the like that are inaccessible by the user. Since, Gorman teaches the unique code is inaccessible by the user, therefore, it would be apparent that the user cannot copy the unique code)
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Logue, Asenjo and Bayyapu with Gorman in order to store unique code on the user device in the areas that is inaccessible to the users as taught by Gorman, because it would prevents illegitimate usage of the unique codes.

Regarding Claim 27, Logue in view of Asenjo and Bayyapu do not explicitly teach, but Gorman teaches  the system of claim 26, wherein the registered data source is configured and arranged to block one or more users and/or applications from accessing the data source ID and the data source secret ([⁋ 0033], The server generates unique codes [e.g., data source secret] …The codes may be stored on the user device in the areas of persistent RAM or the like that are inaccessible by the user).
.

Claims 28 and 31 are rejected under 35 U.S.C. 103 as being unpatentable over Logue in view of Asenjo.

Regarding Claim 28, Logue teaches a system for providing access to a historian comprising: a data source device comprising a non-transitory computer readable medium comprising instructions that when executed by a processor (Fig. 35, C.86:L.1-12) implement: a configuration module; wherein the configuration module is configured and arranged to: communicate with the historian server for providing uploaded data to the historian server [e.g., the remote server] ([Fig. 4] authentication module 122, session identification module 126. [C.4:L.2-3] a client device to communicate with a remote server. [C.10:L.28-29], data may be generated by monitoring device 108 and communicated to remote server 102); 
accept a data source registration request to register the data source device as a registered data source ([Fig 10, C.25:L.57-60]], communicates a registration request to the registration server 112. [Fig. 11, C.30:L.60-61] The access device communicate a registration request to the registration server 112);
generate a data source ID and a data source secret when the data source device registration is requested ([C.70:L.1-2, 6-14],  the registration server 112 generates assigned credentials for the connected client device 104… The assigned credentials may include, e.g., an assigned identifier that uniquely identifies the client device 104…The assigned credentials may also include an assigned secret where the assigned secret is a unique string or data sequence associated with the client device that is known only to the client device and the registration server);
send the data source ID and the data source secret to the historian as a historian data source ID and a historian data source secret ([C.70:L.1-6], …the registration server 112 …stores the assigned credentials in a storage element accessible by various elements of the remote server 102. For example, the registration server 112 may store the assigned credentials as the assigned credentials 199 in the storage element 118. Since, Logue teaches the registration server 112 stores the assigned credentials in a storage element 118 [Fig. 3], therefore, the examiner interpreted the registration server 112 send the assigned credentials to the storage element 118 to store the assigned credentials);
store the data source ID and the data source secret as a client data source ID and a client data source secret ([C.16:L.49-55], the assigned credentials may include one or more of a variety of information, such as a scheme that identifies the type of credentials (i.e., assigned credentials), an identifier (e.g., a serial number, a MAC address, etc.) that uniquely identifies the device, and a secret (e.g., a random number) that is known to the client device 104 and the remote server 102. [C.68:L.5-6, 14-17],  the registration server 112 to provide assigned credentials to the client device 104…the client device 104 stores the received assigned credentials. For example, the client device 104 may stored the received credentials as the assigned credentials 128F in storage element 128);
compare the client data source ID and the client data source secret to the historian data source ID and the historian data source secret, respectively, to check if they are a valid match ([C.71:L.1-3, 10-20]] the synchronization server 114 determines whether the assigned credentials presented by the client device are valid….  the synchronization server 114 compares the received assigned credentials [e.g., the client data source ID and the client data source secret]  with previously stored assigned credentials [e.g., the historian data source ID and the historian data source secret]. If the received assigned credentials are identical to the previously stored assigned credentials associated with the connected client device 104, then the received credentials are determined to be valid); 
reject the upload data request if the match is not valid ([Fig. 28D, C.71:L.1-7] In operation 1870, the synchronization server 114 determines whether the assigned credentials presented by the client device are valid. If they are valid, processing may continue…Otherwise, processing may continue to operation 1868 where access is denied);
wherein the configuration module is configured and arranged to accept user information, the user information comprising user credentials ([C.30:L.60-67], The access device 110 may then communicate a registration request to the registration server 112… the access device 110 may not have a device identifier hard coded therein. Rather, a user may enter a user identifier (e.g., a login name) as the device identifier, which is subsequently communicated as part of the registration request);
wherein the system is configured to enforce security of communication with the historian server at the data source device ([Fig. 28D, C.70:L.57-59, 65-67], the synchronization server 114, prior to granting access to one or more secure resources, determines whether or not its connection with the client device 104 is secure….If the synchronization server 114 determines that its connection with the client device 104 is secure, then processing may continue).
However, Logue does not explicitly teach, but Asenjo teaches historian server ([⁋ 0067], process historian data for archival storage in a historical database ; receive a request for a data source upload ([⁋ 0053], The data can be transmitted to the cloud platform 302 by the cloud agent 340. [Fig. 13, ⁋ 0087], At 1306, one or more data packets that are encrypted based on the access key are received from the cloud agent device); send the uploaded data to the historian server if the match is valid ([⁋ 0047], after a cloud agent device is authenticated, the cloud data processing component 203 can be configured to receive, at a cloud platform that authenticated the cloud agent device, one or more data packets from the cloud agent device); wherein the configuration module is configured and arranged to accept the data source upload from the registered data source even when there are no user credentials to check ([⁋ 0067] user can define an upload frequency and ([⁋ 0040], After being authorized by the cloud platform 102, the cloud agent can transfer data to storage associated with the cloud platform 102. Therefore, it would be realized that based on the define frequency, the cloud agent automatically upload the data to the cloud platform regardless of whether a user is connected to the registered data source).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to incorporate the teachings of Asenjo with Logue in order to upload data to a historian server in a cloud platform from authorized device as taught by Asenjo, because it would ensure secure uploading data to a historian server.

Claim 31 is rejected under the same rationale as claim 22.

Claims 29-30 and 32-40 are rejected under 35 U.S.C. 103 as being unpatentable over Logue in view of Asenjo further in view of Gorman.

Claims 29 and 32 are rejected under the same rationale as claim 25.
Claims 30, 33, 35 and 40 are rejected under the same rationale as claim 27.
Claim 34 and 39 are rejected under the same rationale as claim 26.
Claim 36 is rejected under the same rationale as claims 28 and 25.
Claim 37 is rejected under the same rationale as claim 23.
Claim 38 is rejected under the same rationale as claim 24.

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to MOHAMMAD YOUSUF A MIAN whose telephone number is (571)272-9206. The examiner can normally be reached Monday-Friday 8am-4:30pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule 
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, PETER-ANTHONY PAPPAS can be reached on 571-272-7646. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/LANCE LEONARD BARRY/          Primary Examiner, Art Unit 2448                                                                                                                                                                                              

/MOHAMMAD YOUSUF A. MIAN/Examiner, Art Unit 2448