DETAILED ACTION

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Status of Claims

	Claims 1-2, 5, 7, 10, 13, 17, 19, 21, 23-24, 27, 29-30, 46-49, 51-52 are pending.  Claims 3-4, 6, 8-9, 11-12, 14-16, 18, 20, 22, 25-26, 28, 31-45, 50 are cancelled.

Information Disclosure Statement
The information disclosure statement (IDS) submitted on 10/22/2020 is in compliance with the provisions of 37 CFR 1.97.  Accordingly, the information disclosure statement is being considered by the examiner.
The information disclosure statement (IDS) submitted on 9/15/2020 is in compliance with the provisions of 37 CFR 1.97.  Accordingly, the information disclosure statement is being considered by the examiner.

Claim Rejections - 35 USC § 101
35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.


Claims 21, 23-24, 27, 29-30 are rejected under 35 U.S.C. 101 because the claimed invention is directed to non-statutory subject matter.  The claim(s) does/do not fall within at least one of the four categories of patent eligible subject matter because the claim recites an apparatus/system (“the device”) without reciting any physical components which comprise the device.  While the claim recites first/second/third communication links, broadest reasonable interpretation of a “communication link” includes software per se, such as a “communication session” or virtual network.  Software does not fall within a statutory category of invention; therefore claim 21 is not statutory.  None of claims 23-24, 27, 29-30 fix this and are therefore rejected for the same reasons.
Claims 47-49, 51-52 are rejected under 35 U.S.C. 101 because the claimed invention is directed to non-statutory subject matter.  The claim(s) does/do not fall within at least one of the four categories of patent eligible subject matter because the claim recites an apparatus/system (“the service”) without reciting any physical components which comprise the service.  While the claim recites first/second communication links, broadest reasonable interpretation of a “communication link” includes software per se, such as a “communication session” or “virtual network”.  Software does not fall within a statutory category of invention; therefore claim 21 is not statutory.  None of claims 48-49, 51-52 fix this and are therefore rejected for the same reasons.

Claim Rejections - 35 USC § 102
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –

(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale, or otherwise available to the public before the effective filing date of the claimed invention.


(a)(2) the claimed invention was described in a patent issued under section 151, or in an application for patent published or deemed published under section 122(b), in which the patent or application, as 

Claim(s) 1-2, 46-49 is/are rejected under 35 U.S.C. 102(a)(2) as being anticipated by Loladia et al (US 10,382,203).

Regarding Claim 1:
Loladia teaches a method for associating a device to a user of a service hosted at a remote location (abstract, three-way pairing handshake for internet-of-things (IoT) service, IoT device, and companion application on a mobile device), the method comprising the steps of: 
a. establishing a direct network connection between the device and a user computing device (col 3 line 40-65, companion application and IoT device set to pairing mode to establish short-range wireless communication link); 
b. generating a key on the user computing device and sending the key to the device (col 10 line 1-18, user supplies login data to companion app; companion app authenticates self to identity service; identity service returns service managed identifier (client ID) recognized by IoT service; col 10 line 19-41, once pairing session is active, companion app sends client ID received from identity service to IoT device over communication link established for pairing session); 
c. establishing a network connection between the service and the device, wherein the device provides the key to the service (col 10 line 19-41, the IoT device generates a token request message to send to the IoT service over a second communication link (e.g., using an MQTT or HTTP message sent over a wireless network connection); the request may include the client ID received over the first communication link and a device identifier (device ID) representing the IoT device; col 11 line 24-41, IoT device establishes independent connection with IoT service); 
d. establishing a network connection between the user computing device and the service, wherein the user computing device sends a request to the service to associate with the device, and (col 10 line 42-col 11 line 10, IoT service generates token which includes device ID and client ID received from IoT device; IoT service sends token to IoT device; IoT device sends token to companion app over first communication link; companion app sends token and client ID as part of pairing request to IoT service; col 4 line 41-53, mobile device connected to local network including Internet uplink, allowing mobile device to communicate with cloud computing platform including IoT service; col 16 line 43-67, link established between application (i.e. “companion app”) and IoT service); and, 
e. comparing, by the service, the key provided by the device and the key provided by the user computing device, wherein an association between the device and the user is made if the respective keys are the same (col 10 line 55-col 11 line 10, IoT service validates token in pairing request, including extracting client ID and device ID received from IoT device from token and comparing to client ID and device ID in pairing request; if client IDs match, IoT device is associated with client ID and paired with companion app of mobile device).

Regarding Claim 2:
Loladia teaches the method of claim 1.  In addition, Loladia teaches the method further comprising the step of placing the device into an enrollment mode (col 10 line 19-41, user initiates pairing mode on IoT device).

Regarding Claim 46:
Loladia teaches a method for associating a device to a user of a service hosted at a remote location (abstract, three-way pairing handshake for internet-of-things (IoT) service, IoT device, and companion application on a mobile device), the method for the service comprising the steps of: 
(col 10 line 19-41, the IoT device generates a token request message to send to the IoT service over a second communication link (e.g., using an MQTT or HTTP message sent over a wireless network connection); the request may include the client ID received over the first communication link and a device identifier (device ID) representing the IoT device; col 11 line 24-41, IoT device establishes independent connection with IoT service); 
b. receiving a first key from the device  (col 10 line 19-41, the request may include the client ID received over the first communication link and a device identifier (device ID) representing the IoT device); 
c. connecting to a user computing device via a second communication link (col 10 line 42-col 11 line 10, IoT service generates token which includes device ID and client ID received from IoT device; IoT service sends token to IoT device; IoT device sends token to companion app over first communication link; companion app sends token and client ID as part of pairing request to IoT service; col 4 line 41-53, mobile device connected to local network including Internet uplink, allowing mobile device to communicate with cloud computing platform including IoT service; col 16 line 43-67, link established between application (i.e. “companion app”) and IoT service); 
d. receiving, from the user computing device, a request for the user to associate with the device, wherein the request includes a second key (col 10 line 42-col 11 line 10, IoT service generates token which includes device ID and client ID received from IoT device; IoT service sends token to IoT device; IoT device sends token to companion app over first communication link; companion app sends token and client ID as part of pairing request to IoT service); and, 
e. comparing the first key received from the device and the second key received from the user computing device, wherein the service makes an association between the device and the user if the first and second keys are the same (col 10 line 55-col 11 line 10, IoT service validates token in pairing request, including extracting client ID and device ID received from IoT device from token and comparing to client ID and device ID in pairing request; if client IDs match, IoT device is associated with client ID and paired with companion app of mobile device).

Regarding Claim 47:
Loladia teaches a service for associating a device to a user of the service hosted at a remote location (abstract, three-way pairing handshake for internet-of-things (IoT) service, IoT device, and companion application on a mobile device), the service comprising: 
a. a first communication link to connect to the device, wherein the first communication link transmits a first key from the device to the service (col 10 line 19-41, the IoT device generates a token request message to send to the IoT service over a second communication link (e.g., using an MQTT or HTTP message sent over a wireless network connection); the request may include the client ID received over the first communication link and a device identifier (device ID) representing the IoT device; col 11 line 24-41, IoT device establishes independent connection with IoT service); and, 
b. a second communication link to connect to a user computing device, wherein the service receives a request from the user computing device via the second communication link for the user to associate with the device, and wherein the request includes a second key (col 10 line 42-col 11 line 10, IoT service generates token which includes device ID and client ID received from IoT device; IoT service sends token to IoT device; IoT device sends token to companion app over first communication link; companion app sends token and client ID as part of pairing request to IoT service; col 4 line 41-53, mobile device connected to local network including Internet uplink, allowing mobile device to communicate with cloud computing platform including IoT service; col 16 line 43-67, link established between application (i.e. “companion app”) and IoT service); 
wherein the service compares the first key to the second key, and wherein the service makes an association between the device and the user if the first and second keys are the same (col 10 line 55-col 11 line 10, IoT service validates token in pairing request, including extracting client ID and device ID received from IoT device from token and comparing to client ID and device ID in pairing request; if client IDs match, IoT device is associated with client ID and paired with companion app of mobile device).

Regarding Claim 48:
Loladia teaches the service of claim 47.  In addition, Loladia teaches wherein the service is an Internet based service (col 4 line 41-53, mobile device connected to local network including Internet uplink, allowing mobile device to communicate with cloud computing platform including IoT service; IoT service accessed over Internet, and is therefore Internet based service).

Regarding Claim 49:
Loladia teaches the service of claim 47.  In addition, Loladia teaches wherein the first communication link connects the device to the service via a premise network (col 4 line 41-53, IoT device connected to local network including Internet uplink, allowing IoT device to communicate with cloud computing platform), wherein the second communication link connects the user computing device to the service via the premise network (col 4 line 41-53, mobile device connected to local network including Internet uplink, allowing mobile device to communicate with cloud computing platform), and wherein the premise network is one of a wireless network, a cellular network, and a hardwired network (col 4 line 41-53, local network, e.g. wireless network).

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:


Claims 5, 13 is/are rejected under 35 U.S.C. 103 as being unpatentable over Loladia, and further in view of Tschofenig et al (PGPUB 2017/0359338).

Regarding Claim 5:
Loladia teaches the method of claim 1.  In addition, Loladia teaches wherein the step of generating a key on the user computing device and sending the key to the device includes generating a message including the key, and sending the message to the device (col 10 line 19-41, once pairing session is active, companion app sends client ID received from identity service to IoT device over communication link established for pairing session).
Loladia does not explicitly teach generating a message including information for the device to connect to the service, and sending the message to the device.
However, Tschofenig teaches the concept of generating a message including information for a device to connect to a service, and sending the message to the device (abstract, authentication device used to create secure connection between Internet of Things device and service provider; paragraph 38, aim of the discovery step is to tell the IoT device what service provider it is required to establish a link with; the user provides information about the service provider via the authentication device to the IoT device; paragraph 61, 67, prior to the registration exchanges a discovery phase takes place; during this discovery phase the IoT device learns what service provider to establish a link with).
It would have been obvious to one or ordinary skill in the art before the effective filing date of the claimed invention to combine the information message teachings of Tschofenig with the Internet-of-things device association teachings of Loladia, in order to allow a user to specify which service to 

Regarding Claim 13:
Loladia teaches a method for associating a device to a user of a service hosted at a remote location (abstract, three-way pairing handshake for internet-of-things (IoT) service, IoT device, and companion application on a mobile device), the method for the device comprising the steps of: 
a. connecting to a user computing device via a direct network connection (col 3 line 40-65, companion application and IoT device set to pairing mode to establish short-range wireless communication link); 
b. receiving a message from the user computing device, wherein the message includes a generated key (col 10 line 1-18, user supplies login data to companion app; companion app authenticates self to identity service; identity service returns service managed identifier (client ID) recognized by IoT service; col 10 line 19-41, once pairing session is active, companion app sends client ID received from identity service to IoT device over communication link established for pairing session);
c. establishing a network connection to the service (col 10 line 19-41, the IoT device generates a token request message to send to the IoT service over a second communication link (e.g., using an MQTT or HTTP message sent over a wireless network connection); the request may include the client ID received over the first communication link and a device identifier (device ID) representing the IoT device; col 11 line 24-41, IoT device establishes independent connection with IoT service); and, 
(col 10 line 19-41, the request may include the client ID received over the first communication link and a device identifier (device ID) representing the IoT device); 
wherein the device is associated with the user if the key provided by the device to the service matches the key that the service receives from the user computing device (col 10 line 55-col 11 line 10, IoT service validates token in pairing request, including extracting client ID and device ID received from IoT device from token and comparing to client ID and device ID in pairing request; if client IDs match, IoT device is associated with client ID and paired with companion app of mobile device).
Loladia does not explicitly teach wherein the message includes information required for the device to connect to the service.
However, Tschofenig teaches the concept wherein a message includes information required for a device to connect to a service (abstract, authentication device used to create secure connection between Internet of Things device and service provider; paragraph 38, aim of the discovery step is to tell the IoT device what service provider it is required to establish a link with; the user provides information about the service provider via the authentication device to the IoT device; paragraph 61, 67, prior to the registration exchanges a discovery phase takes place; during this discovery phase the IoT device learns what service provider to establish a link with).
It would have been obvious to one or ordinary skill in the art before the effective filing date of the claimed invention to combine the information message teachings of Tschofenig with the Internet-of-things device association teachings of Loladia, in order to allow a user to specify which service to connect to using an IoT device, as well as provide a new device with the necessary information to connect to a service regardless of whether the service information is preloaded on the IoT device, thereby improving compatibility and user experience.

Claims 7, 19 is/are rejected under 35 U.S.C. 103 as being unpatentable over Loladia in view of Tschofenig, and further in view of Kim et al (PGPUB 2020/0275249)

Regarding Claim 7:
Loladia in view of Tschofenig teaches the method of claim 5.
Neither Loladia nor Tschofenig explicitly teaches the method further comprising the steps of: 
a. requesting the device for a public encryption key; 
b. encrypting the message by the user computing device prior to sending the message to the device; and, 
c. decrypting the message by the device using a private encryption key.
However, Kim teaches the concept of a method comprising the steps of: 
a. requesting a device for a public encryption key (paragraph 135-140, second device requests public key KPU of user of first device; first device transmits public key KPU to second device); 
b. encrypting a message by a user computing device prior to sending the message to the device (paragraph 135-140, in operation, second device encrypts data with public key KPU and transmits encrypted information to first device); and, 
c. decrypting the message by the device using a private encryption key (paragraph 135-140, first device decrypts encrypted information with private key KPR of user of first device).
It would have been obvious to one or ordinary skill in the art before the effective filing date of the claimed invention to combine the public key encryption teachings of Kim with the Internet-of-things device association teachings of Loladia in view of Tschofenig, in order to incorporate the well-known advantages of public-key encryption techniques, such as assuring integrity, identity, and confidentiality, while preventing exposure of secret key materials during key transfer.

Regarding Claim 19:
Loladia in view of Tschofenig teaches the method of claim 13.
Neither Loladia nor Tschofenig explicitly teaches the method further comprising the steps of: 
a. sending a public encryption key of the device to the user computing device upon request by the user computing device; and, 
b. decrypting the message using a private encryption key.
However, Kim teaches a method comprising the steps of: 
a. sending a public encryption key of a device to a user computing device upon request by the user computing device (paragraph 135-140, second device requests public key KPU of user of first device; first device transmits public key KPU to second device); and, 
b. decrypting a message using a private encryption key (paragraph 135-140, in operation, second device encrypts data with public key KPU and transmits encrypted information to first device; paragraph 135-140, first device decrypts encrypted information with private key KPR of user of first device).
It would have been obvious to one or ordinary skill in the art before the effective filing date of the claimed invention to combine the public key encryption teachings of Kim with the Internet-of-things device association teachings of Loladia in view of Tschofenig, in order to incorporate the well-known advantages of public-key encryption techniques, such as assuring integrity, identity, and confidentiality, while preventing exposure of secret key materials during key transfer.

Claim 10 is/are rejected under 35 U.S.C. 103 as being unpatentable over Loladia, and further in view of Tanner (PGPUB 2009/0006636).

Regarding Claim 10:
(col 4 line 41-53, mobile device connected to local network including Internet uplink, allowing mobile device to communicate with cloud computing platform including IoT service; IoT service accessed over Internet, and is therefore Internet based service).
Loladia does not explicitly teach wherein the key includes a randomly generated alphanumeric string.
However, Tanner teaches the concept wherein a key includes a randomly generated alphanumeric string (paragraph 20, registration keys defined to determine how to register a device; registration keys may be formulated according to any suitable unique identification method, e.g. randomly generated alphanumeric string).
It would have been obvious to one or ordinary skill in the art before the effective filing date of the claimed invention to combine the randomly generated alphanumeric string teachings of Tanner with the Internet-of-things device association teachings of Loladia.  It is well-known in the art to generate codes using alphanumeric strings; at a certain level of abstraction, every computer code implemented on a modern computer system, using binary, can be considered an alphanumeric string.  Therefore, it would at least be obvious to a person of ordinary skill in the art to rely on the default means of representing computer data.  Further, randomly generated strings provide the benefit of increasing the entropy of the code thereby making it more difficult for an attacker to impersonate or guess the code, and improving the security environment.

Claim 17 is/are rejected under 35 U.S.C. 103 as being unpatentable over Loladia in view of Tschofenig, and further in view of Queralt et al (PGPUB 2018/0097640).

Regarding Claim 17:

Neither Loladia nor Tschofenig explicitly teaches the method further comprising the step of opening a device-based service, wherein the device-based service is a web server that is configured to process the message from the user.
However, Queralt teaches the concept of a method comprising a step of opening a device-based service, wherein the device-based service is a web server that is configured to process a message from a user (paragraph 70-71, user device including app for accessing service; app activated to transmit a request received by relying party web server; relying party web server then requests authentication from FIDO server).
It would have been obvious to one or ordinary skill in the art before the effective filing date of the claimed invention to combine the web server teachings of Queralt with the Internet-of-things device association teachings of Loladia in view of Tschofenig, in order to utilize common and well-understood structures for communicating over a network, such as web servers or services, to improve compatibility between various devices.

Claims 21, 24 is/are rejected under 35 U.S.C. 103 as being unpatentable over Loladia, and further in view of Yu (PGPUB 2020/0145372).

Regarding Claim 21:
Loladia teaches a device associated to a user of a service hosted at a remote location (abstract, three-way pairing handshake for internet-of-things (IoT) service, IoT device, and companion application on a mobile device), the device comprising: 
b. a second communication link to make a direct network connection to a user computing device (col 3 line 40-65, companion application and IoT device set to pairing mode to establish short-range wireless communication link), wherein a message is received from the user computing device after the user computing device joins the peer-to-peer network (col 10 line 19-41, once pairing session is active, companion app sends client ID received from identity service to IoT device over communication link established for pairing session); 
c. a message received from the user computing device via the second communication link, wherein the message includes a generated key (col 10 line 1-18, user supplies login data to companion app; companion app authenticates self to identity service; identity service returns service managed identifier (client ID) recognized by IoT service; col 10 line 19-41, once pairing session is active, companion app sends client ID received from identity service to IoT device over communication link established for pairing session); and, 
d. a third communication link to connect to the service, wherein the device provides the key to the service via the third communication link (col 10 line 19-41, the IoT device generates a token request message to send to the IoT service over a second communication link (e.g., using an MQTT or HTTP message sent over a wireless network connection); the request may include the client ID received over the first communication link and a device identifier (device ID) representing the IoT device; col 11 line 24-41, IoT device establishes independent connection with IoT service); 
wherein the device is associated with the user if the key provided by the device to the service matches a key that the service receives from the user computing device (col 10 line 55-col 11 line 10, IoT service validates token in pairing request, including extracting client ID and device ID received from IoT device from token and comparing to client ID and device ID in pairing request; if client IDs match, IoT device is associated with client ID and paired with companion app of mobile device).
Loladia does not explicitly teach a. a first communication link to start a peer-to-peer network.
However, Yu teaches the concept of a first communication link to start a peer-to-peer network (paragraph 13-14, subscriber access device provides service set identifier in advertisement; multiple clients connect to subscriber access device connected through service set, i.e. first/second/third/etc. communication links).
It would have been obvious to one or ordinary skill in the art before the effective filing date of the claimed invention to combine the communication link advertisement teachings of Yu with the Internet-of-things device association teachings of Loladia, in order to provide the means to automatically generate a peer-to-peer network, relying on ad hoc device advertisements to allow devices to determine the appropriate configuration without requiring user input, thereby allowing multiple clients to connect to a network independently.

Regarding Claim 24:
Loladia in view of Yu teaches the device of claim 21.  In addition, Loladia teaches wherein the device is placed into an enrollment mode (col 10 line 19-41, user initiates pairing mode on IoT device), and 
Yu teaches wherein the device advertises an identification of the peer-to-peer network so the user computing device can join the peer-to-peer network of the device (paragraph 13-14, advertisement of service set identifiers (SSID)).
The rationale to combine Loladia and Yu is the same as provided for claim 21 due to the overlapping subject matter between claims 21 and 24.

Claim 23 is/are rejected under 35 U.S.C. 103 as being unpatentable over Loladia in view of Yu, and further in view of Tschofenig.

Regarding Claim 23:
(abstract, IoT device), an audio/video device, a security device, an occupancy sensor, a surge protective device, a Universal Serial Bus device, a circuit breaker, a circuit breaker controller, and a circuit breaker aggregator.
Neither Loladia nor Yu explicitly teaches wherein the message further includes information required for the device to connect to the service.
However, Tschofenig teaches the concept wherein a message includes information required for a device to connect to a service (abstract, authentication device used to create secure connection between Internet of Things device and service provider; paragraph 38, aim of the discovery step is to tell the IoT device what service provider it is required to establish a link with; the user provides information about the service provider via the authentication device to the IoT device; paragraph 61, 67, prior to the registration exchanges a discovery phase takes place; during this discovery phase the IoT device learns what service provider to establish a link with).
It would have been obvious to one or ordinary skill in the art before the effective filing date of the claimed invention to combine the information message teachings of Tschofenig with the Internet-of-things device association teachings of Loladia and Yu, in order to allow a user to specify which service to connect to using an IoT device, as well as provide a new device with the necessary information to connect to a service regardless of whether the service information is preloaded on the IoT device, thereby improving compatibility and user experience.

Claim 27 is/are rejected under 35 U.S.C. 103 as being unpatentable over Loladia in view of Yu, and further in view of Queralt.

Regarding Claim 27:
Loladia in view of Yu teaches the device of claim 21.
Neither Loladia nor Yu explicitly teaches wherein the device further comprises a device-based service, wherein the device-based service is a web server that is configured to start up on the peer-to-peer network and to process the message from the user computing device.
However, Queralt teaches wherein a device further comprises a device-based service, wherein the device-based service is a web server that is configured to start up on a peer-to-peer network and to process a message from a user computing device (paragraph 70-71, user device including app for accessing service; app activated to transmit a request received by relying party web server; relying party web server then requests authentication from FIDO server).
It would have been obvious to one or ordinary skill in the art before the effective filing date of the claimed invention to combine the web server teachings of Queralt with the Internet-of-things device association teachings of Loladia in view of Yu, in order to utilize common and well-understood structures for communicating over a network, such as web servers or services, to improve compatibility between various devices.

Claim 29 is/are rejected under 35 U.S.C. 103 as being unpatentable over Loladia in view of Yu and Queralt, and further in view of Vandenheste (PGPUB 2019/0021133).

Regarding Claim 29:
Loladia in view of Yu and Queralt teaches the device of claim 27.

However, Vandenheste teaches the concept wherein a first communication link is disconnected after a device receives a message from a user computing device, and wherein a device-based service shuts down when the first communication link is disconnected (paragraph 26, method for controlling wireless communication between a mobile device and a IoT device; comprising maintaining a wireless connection for a period of time, and terminating the wireless connection in response to the elapse of the period of time; the period of time is determined dynamically based on the operation status associated with the mobile device and/or the IoT device; the operation status includes one or more of: a power level of the mobile device, a power level of the electronic device, an operating state of the mobile device, an operating state of the electronic device, a time or period of connection or disconnection between the mobile device and the electronic device, an application running actively on the mobile device or in a background of the mobile device; paragraph 39, upon enabling wireless connection, information is transferred between mobile device and electronic device; paragraph 41, wireless connection is terminated in response to a timeout event).
It would have been obvious to one or ordinary skill in the art before the effective filing date of the claimed invention to combine the connection termination teachings of Vandenheste with the Internet-of-things device association teachings of Loladia in view of Yu and Queralt, in order to conserve device power and resources by termination a connection once said connection was no longer in use, which would be beneficial in an environment comprising mobile devices and Internet of Things devices, many of which rely on battery power to function.

Claim 30 is/are rejected under 35 U.S.C. 103 as being unpatentable over Loladia in view of Yu, and further in view of Kim.

Regarding Claim 30:
Loladia in view of Yu teaches the device of claim 21.
Neither Loladia nor Yu explicitly teaches the device further comprising a private encryption key and a public encryption key of the device, wherein the device sends the public encryption key to the user computing device to receive the message, and wherein the device uses the private encryption key to decrypt the message.
However, Kim teaches a device further comprising a private encryption key and a public encryption key of the device (paragraph 135-140, first device public key KPU and private key KPR), wherein the device sends the public encryption key to a user computing device to receive a message (paragraph 135-140, second device requests public key KPU of user of first device; first device transmits public key KPU to second device), and wherein the device uses the private encryption key to decrypt the message (paragraph 135-140, first device decrypts encrypted information with private key KPR of user of first device).
It would have been obvious to one or ordinary skill in the art before the effective filing date of the claimed invention to combine the public key encryption teachings of Kim with the Internet-of-things device association teachings of Loladia in view of Yu, in order to incorporate the well-known advantages of public-key encryption techniques, such as assuring integrity, identity, and confidentiality, while preventing exposure of secret key materials during key transfer.

Claims 51-52 is/are rejected under 35 U.S.C. 103 as being unpatentable over Loladia, and further in view of Tanner.

Regarding Claim 51:
Loladia teaches the service of claim 47.  In addition, Loladia teaches wherein the first and second keys are the same key (col 10 line 55-col 11 line 10, IoT service validates token in pairing request, including extracting client ID and device ID received from IoT device from token and comparing to client ID and device ID in pairing request; if client IDs match, IoT device is associated with client ID and paired with companion app of mobile device).
Loladia does not explicitly teach wherein the key is a randomly generated key.
However, Tanner teaches the concept wherein a key is a randomly generated key (paragraph 20, registration keys defined to determine how to register a device; registration keys may be formulated according to any suitable unique identification method, e.g. randomly generated alphanumeric string).
It would have been obvious to one or ordinary skill in the art before the effective filing date of the claimed invention to combine the randomly generated alphanumeric string teachings of Tanner with the Internet-of-things device association teachings of Loladia.  Randomly generated strings provide the benefit of increasing the entropy of the code thereby making it more difficult for an attacker to impersonate or guess the code, and improving the security environment.

Regarding Claim 52:
Loladia teaches the service of claim 47.
Loladia does not explicitly teach wherein the first and second keys include an alphanumeric string.
However, Tanner teaches the concept wherein first and second keys include an alphanumeric string (paragraph 20, registration keys defined to determine how to register a device; registration keys may be formulated according to any suitable unique identification method, e.g. randomly generated alphanumeric string).
It would have been obvious to one or ordinary skill in the art before the effective filing date of the claimed invention to combine the randomly generated alphanumeric string teachings of Tanner with the Internet-of-things device association teachings of Loladia.  It is well-known in the art to generate codes using alphanumeric strings; at a certain level of abstraction, every computer code implemented on a modern computer system, using binary, can be considered an alphanumeric string.  Therefore, it would at least be obvious to a person of ordinary skill in the art to rely on the default means of representing computer data.

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to FORREST L CAREY whose telephone number is (571)270-7814. The examiner can normally be reached 9:00AM-5:30PM M-F.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Ashok Patel can be reached on 5712723972. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and 





/FORREST L CAREY/Examiner, Art Unit 2491                                                                                                                                                                                         

/LINGLAN E EDWARDS/Primary Examiner, Art Unit 2491