DETAILED ACTION
This final office action is in response to claims 1-15 filed on 10/25/2021 for examination. Claims 1-15 are being examined and are pending.

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  

Information Disclosure Statement
The information disclosure statement (IDS) submitted on 07/14/2021 has been considered by the examiner. 

Response to Amendment
The amendment filed October 25, 2021 has been entered. Claims 1-15 remain pending in the application. The claims have been amended. Applicant’s arguments and amendments to the claims have overcome each and every drawings objection and 112 rejection previously set forth in the Non-Final Office Action mailed July 12, 2021. Claims 1-15 have been amended and have necessitated a new ground(s) of rejection in this Office Action. Therefore, Applicants’ arguments filed on 10/25/2021 have been fully considered but are moot in view of the new ground(s) of rejection because the arguments do 

Claim Rejections - 35 USC § 112
The following is a quotation of the first paragraph of 35 U.S.C. 112(a):
(a) IN GENERAL.—The specification shall contain a written description of the invention, and of the manner and process of making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it pertains, or with which it is most nearly connected, to make and use the same, and shall set forth the best mode contemplated by the inventor or joint inventor of carrying out the invention.

Claims 1-15 is/are rejected under 35 U.S.C. 112(a) or 35 U.S.C. 112 (pre-AIA ), first paragraph, as failing to comply with the written description requirement. The claim(s) contains subject matter which was not described in the specification in such a way as to reasonably convey to one skilled in the relevant art that the inventor or a joint inventor, or for applications subject to pre-AIA  35 U.S.C. 112, the inventor(s), at the time the application was filed, had possession of the claimed invention. Particularly, claim 1 recites “operating at the trusted connected system location” (claim 1, lines 3 and 9). The specification appears to fail to recite the aforementioned feature(s), with the amended claim adding new matter to the application. Independent claim 9 recites a similar deficiency. Dependent claims 2-8 (of claim 1), and 10-15 (of claim 9) are rejected under like rationale.

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:


Claim(s) 1-5 and 8-13 is/are rejected under 35 U.S.C. 103 as being unpatentable over Lau et al. (US20150121070, Hereinafter “Lau”) in view of Lee (US20100042835, Hereinafter “Lee”) and Oguma et al. (US20170111177, Hereinafter “Oguma”).
Regarding claim 1, Lau teaches a computing platform for onboarding a device into a trusted connected system by establishing a secure communication pathway with the device located at a trusted connected system ([0025] and [0001] – a new device is added to the device key registry of known devices <i.e., onboarded into the trusted connected system>; [0009-010] – transmissions between devices protected using encryption <i.e., secure communication established>; Further, this preamble is not construed to provide life, meaning, and vitality to the claim, and is being construed by Examiner merely as an intended use, see MPEP2111.02), the computing platform comprising: 
one or more memory storage areas ([0009-010] – processors with memory used to perform system); and one or more processors collectively configured ([0009-010] – processors with memory used to perform system) to: 
receive, over a network, device data comprising a unique machine identifier corresponding to the device and a first public cryptography key ([0011] – request for firmware is sent to management system; [0029-030] and [0035] – server receives public cryptography key and device ID over a network); and 
generate a device-specific installation package ([0023] and [0038] – token is embedded in a firmware package and encrypted <i.e., the device’s installation package created>; [0034] – embedded token is a unique string of characters unique to the device <i.e., package is device specific>) comprising: 
the unique machine identifier ([0023] and [0038] – token is included in the firmware package; [0034] – the token is a unique string of characters unique to the device <i.e., unique machine identifier>); and 
a device agent ([0008-009], and [0026] – device firmware included in firmware package, and installed to update or provide services on the device <i.e., firmware is a device agent>); 
encrypt the device-specific installation package via the first public cryptography key ([0038] – firmware package <i.e., device specific installation package, see, e.g., [0034] with [0038]> encrypted using the public key and transmitted to the device); 
provide the device-specific installation package to the device ([0038] – firmware package <i.e., device specific installation package, see, e.g., [0034] with [0038]> encrypted using the public key and transmitted to the device).
While Lau further discloses providing an installation package and establishing secure communication pathways using encryption (see, e.g., [0024], [0026]), Lau appears to fail to specifically disclose the package comprising a second public cryptography key generated by the one or more processors as a part of a second public-private cryptography key pair; an executable installation script configured to cause the device to install the device agent and to initiate a secure communication connection between the device and the computing platform by passing a message encrypted with the second public cryptography key back to the computing platform; establish a secure communication pathway with the device upon receipt of the encrypted message from the device. Lau further appears to fail to specifically disclose the first public cryptography of the device is generated by the device in response to a command provided to the device from an external device while the device is operating at the trusted connected system location.
However, Lee teaches a system for providing an installation package and establishing secure communication pathways using encryption (see, e.g., abstract, [0030]), with the installation package comprising a second public cryptography key generated by the one or more processors as a part of a second public-private cryptography key pair ([0030] – software package to be installed on the receiving terminal 110 includes an RSA public cryptography key <i.e., is part of a public-private cryptography key pair>; [0002] – system uses standard computing systems <i.e., provided via processors>); 
an executable installation script configured to cause the device to install the device agent and to initiate a secure communication connection between the device and the computing platform by passing a message encrypted with the second public cryptography key back to the computing platform ([0030] – RSA public key is contained within a software package and sent to the receiving terminal. Receiving terminal installs the device program included in the software package and sends a response message to the providing server. The RSA public key contained within the software package is used to encrypt the response message, which establishes secure communication); and
establish a secure communication pathway with the device upon receipt of the encrypted message from the device ([0030] – RSA public key is contained within a software package and sent to the receiving terminal. Receiving terminal installs the device program included in the software package and sends a response message to the providing server. The RSA public key contained within the software package is used to encrypt the response message, which enables secure communication).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to implement Lau with the teachings of Lee, wherein the device specific installation package comprises a second public cryptography key generated by the one or more processors as a part of a second public-private cryptography key pair; an executable installation script configured to cause the device to install the device agent and to initiate a secure communication connection between the device and the computing platform by passing a message encrypted with the second public cryptography key back to the computing platform; and to establish a secure Lee at [0005] and [0030]).
While the combination of Lau and Lee teach generating a public key used to join a device into an ecosystem (see, e.g., Lau at [0023], [0025]), the combination of Lau and Lee appear to fail to specifically disclose wherein the public key is generated by the device in response to a command provided to the device from an external device while the device is operating at the trusted connected system location.
However, Oguma teaches a system for onboarding computers into an computing ecosystem wherein each system uses a public key (see, e.g., [0018] and [0064]), wherein the public key is generated by the device in response to a command provided to the device from an external device while the device is operating at the trusted connected system location ([0064] – at an assembly plant and by a management device <i.e., at a trusted connected system location>, a public key creation command is issued to a computing system. The computing system then generates a public key in response to the received creation command <i.e., computing system is operating to respond to provided commands>; see also [0018] – replacement computers can join existing computing ecosystems using the public key).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to implement the combination of Lau and Lee with the teachings of Oguma, wherein the public key is generated by the device in response to a command provided to the device from an external device while the device is operating at the trusted connected system location, to provide computer specific keys pairs for establishing protected communications with new computing systems (see, e.g., Oguma at [0064] and [0018]).

Regarding claim 2, the combination of Lau, Lee, and Oguma teach the computing platform of claim 1, wherein establishing a secure communication pathway comprises: decrypting the encrypted message received from the device using a private cryptography key of the second public-private cryptography key pair (Lee at [0030], [0019] – the response message <containing an activation request and a key> is sent to the RAS using the RSA public key, which decrypts the message using standard RSA encryption techniques <i.e., using the public key’s private key>); and upon verifying contents of the encrypted message received from the device, establishing the secure communication pathway (Lee at [0030] – the response message’s request is verified, and encrypted communication occurs between the devices using the exchanged keys <i.e., establishes the secure communication pathway>).  
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to implement the combination of Lau, Lee, and Oguma with the teachings of Lee, wherein establishing a secure communication pathway comprises: decrypting the encrypted message received from the device using a private cryptography key of the second public-private cryptography key pair; and upon verifying contents of the encrypted message received from the device, establishing the secure communication pathway, to protect the communications from malicious intrusions (see, e.g., Lee at [0005] and [0030]).

Regarding claim 3, the combination of Lau, Lee, and Oguma teach the computing platform of claim 1, wherein receiving device data comprises receiving manual input provided by a user via a platform dashboard user interface (Lee at [0017-018] – the user provides manual input instructions via a keyboard and graphical user interface <i.e., dashboard> to request the secure communications/authorization request <i.e., part of receiving the authorization request at [0030] comprises the user manually providing input to the dashboard>; see also [0023] users provide manual input to authorize the device).  
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to implement the combination of Lau, Lee, and Oguma with the teachings of Lee, Lee at [0018], [0030]).

Regarding claim 4, the combination of Lau, Lee, and Oguma teach the computing platform of claim 1, wherein receiving device data comprises receiving device data correlated with an untrusted device (Lau at [0029] and [0035] – server receives public key and device ID of a connecting device <i.e., device data correlated with a device>; with Lee at [0005] and [0030] – connecting device transmissions can be malicious or have intrusions <i.e., devices are untrusted>); and wherein establishing a secure communication pathway with the device converts the untrusted device into a trusted device (Lee at [0030] – RSA public key is contained within a software program and sent to the receiving terminal. Receiving terminal installs the program and sends a response message to the providing server. The RSA public key contained within the software download is used to encrypt the response message. The communications are protected and the device is validated by authorizing the activation request <i.e., the device and communications are now trusted>).  
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to implement the combination of Lau, Lee, and Oguma with the teachings of Lee, wherein receiving device data comprises receiving device data correlated with an untrusted device; and wherein establishing a secure communication pathway with the device converts the untrusted device into a trusted device, to protect against malicious intrusions in the systems or their communications (see, e.g., Lee at [0005] and [0030]).

Regarding claim 5, the combination of Lau, Lee, and Oguma teach the computing platform of claim 1, wherein providing the device-specific installation package to the device comprises: generating a device-specific URI accessible by the device via a network (Lau at [0019] – a unique device ID <i.e., the URI> of the device is generated; [0035-036] – the unique device ID <i.e., URI> is provided by the user to access the installation package for the device; see also [0034] – a unique token of the device is generated); and pointing the device-specific URI to a download script causing the device to download the device-specific installation package upon accessing the device-specific URI (Lau at [0035-037] and [0041] – Unique device ID <i.e., the URI> is used in the system by the device to request the device firmware package <i.e., the device access the device ID to download the package>. This device ID is stored in association with the installation package information <i.e., device ID points to the package information>. Then a device-specific installation package is downloaded to the user device using stored software instructions <i.e., device ID points to a script to cause the download>).  

Regarding claim 8, the combination of Lau, Lee, and Oguma teach the computing platform of claim 1, wherein generating the device-specific installation package further comprises determining whether the device is capable of maintaining a trusted connection between the device agent and the computing platform based at least in part on output of an executable pre-install script executing on the external device (Lau at [0037] – the device information is checked against different versions of the installation package at the providing server <i.e., external device>, and a package fitting the device’s capabilities is selected and provided <which establishes the trusted connection, see, e.g., Lee at [0030]> <i.e., the package type is determined compatible>). It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to implement the combination of Lau, Lee, and Oguma, wherein generating the device-specific installation package further comprises determining whether the device is capable of maintaining a trusted connection between the monitoring agent and the computing platform, so incompatible firmware or software instructions establishing a secure connection will not be provided (see, e.g., Lau at [0037] with Lee at [0030]).

Regarding claim 9, Lau teaches a computer-implemented method for onboarding a device into a trusted connected system by establishing a secure communication pathway between a device and a computing platform ([0001] – secure updates are provided to devices; [0009-010] – transmissions between devices protected using encryption <i.e., secure communication established>; [0025] – a new device is added to the device key registry <i.e., onboarded into the trusted connected system>; Further, this preamble is not construed to provide life, meaning, and vitality to the claim, and is being construed by Examiner merely as an intended use, see MPEP2111.02), the method comprising: 
receiving, over a network, device data comprising a unique machine identifier corresponding to the device and a first public cryptography key generated ([0011] – request for firmware is sent to management system; [0029-030] and [0035] – server receives public cryptography key and device ID over a network);  27Attorney Docket No.: 066517/000310US 
and generating a device-specific installation package ([0023] and [0038] – token is embedded in a firmware package and encrypted <i.e., the device’s installation package created>; [0034] – embedded token is a unique string of characters unique to the device <i.e., package is device specific>) comprising: 
the unique machine identifier ([0023] and [0038] – token is included in the firmware package; [0034] – the token is a unique string of characters unique to the device <i.e., unique machine identifier>); and 
a device agent ([0008-009], and [0026] – device firmware included in firmware package, and installed to update or provide services on the device <i.e., firmware is a device agent>);
encrypting the device-specific installation package via the first public cryptography key ([0038] – firmware package <i.e., device specific installation package, see, e.g., [0034] with [0038]> encrypted using the public key and transmitted to the device); and
providing the device-specific installation package to the device ([0038] – firmware package <i.e., device specific installation package, see, e.g., [0034] with [0038]> encrypted using the public key and transmitted to the device).
While Lau further discloses providing an installation package and establishing secure communication pathways using encryption (see, e.g., [0024], [0026]), Lau appears to fail to specifically disclose the package comprising a second public cryptography key generated by the one or more processors as a part of a second public-private cryptography key pair; an executable installation script configured to cause the device to install the device agent and to initiate a secure communication connection between the device and the computing platform by passing a message encrypted with the second public cryptography key back to the computing platform; establish a secure communication pathway with the device upon receipt of the encrypted message from the device. Lau further appears to fail to specifically disclose the first public cryptography of the device is generated by the device in response to a command provided to the device from an external device while the device is operating at the trusted connected system location.
However, Lee teaches a system for providing an installation package and establishing secure communication pathways using encryption (see, e.g., abstract, [0030]), with comprising generating a second public-private cryptography key pair comprising a second public cryptography key  ([0030] – software package to be installed on the receiving terminal 110 includes a generated RSA public cryptography key <i.e., is part of a public-private cryptography key pair>; [0002] – system uses standard computing systems <i.e., provided via processors>); 
the installation package comprising the second public cryptography key ([0030] – software package to be installed on the receiving terminal 110 includes an RSA public cryptography key <i.e., is part of a public-private cryptography key pair>; [0002] – system uses standard computing systems <i.e., provided via processors>); 
an executable installation script configured to cause the device to install the device agent and to initiate a secure communication connection between the device and the computing platform by passing a message encrypted with the second public cryptography key back to the computing platform ([0030] – RSA public key is contained within a software package and sent to the receiving terminal. Receiving terminal installs the device program included in the software package and sends a response message to the providing server. The RSA public key contained within the software package is used to encrypt the response message, which establishes secure communication); 
and establishing a secure communication pathway with the device upon receipt of the encrypted message from the device ([0030] – RSA public key is contained within a software package and sent to the receiving terminal. Receiving terminal installs the device program included in the software package and sends a response message to the providing server. The RSA public key contained within the software package is used to encrypt the response message, which enables secure communication).  
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to implement Lau with the teachings of Lee, generating a second public-private cryptography key pair comprising a second public cryptography key; the device specific installation package comprising the second public cryptography key; an executable installation script configured to cause the device to install the device agent and to initiate a secure communication connection between the device and the computing platform by passing a message encrypted with the second public cryptography key back to the computing platform; and establishing a secure communication pathway with the device upon receipt of the encrypted message from the device, to protect the communications from malicious intrusions (see, e.g., Lee at [0005] and [0030]).
While the combination of Lau and Lee teach generating a public key used to join a device into an ecosystem (see, e.g., Lau at [0023], [0025]), the combination of Lau and Lee appear to fail to specifically 
However, Oguma teaches a system for onboarding computers into an computing ecosystem (see, e.g., [0018] and [0064]), wherein the public key is generated by the device in response to a command provided to the device from an external device while the device is operating at the trusted connected system location ([0064] – at an assembly plant and by a management device <i.e., at a trusted connected system location>, a public key creation command is issued to a computing system. The computing system then generates a public key in response to the received creation command <i.e., computing system is operating to respond to provided commands>; see also [0018] – replacement computers can join existing computing ecosystems using the public key).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to implement the combination of Lau and Lee with the teachings of Oguma, wherein the public key is generated by the device in response to a command provided to the device from an external device while the device is operating at the trusted connected system location, to provide computer specific keys pairs for establishing protected communications with new computing systems (see, e.g., Oguma at [0064] and [0018]).

Regarding claim 10, the combination of Lau, Lee, and Oguma teach the computer-implemented method of claim 9, wherein establishing a secure communication pathway comprises: decrypting the encrypted message received from the device using a private cryptography key of the second public-private cryptography key pair (Lee at [0030], [0019] – the response message <containing an activation request and a key> is sent to the RAS using the RSA public key, which decrypts the message using standard RSA encryption techniques <i.e., using the public key’s private key>); and upon verifying contents of the encrypted message received from the device, establishing the secure communication pathway (Lee at [0030] – the response message’s request is verified, and encrypted communication occurs between the devices using the exchanged keys <i.e., establishes the secure communication pathway>).  
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to implement the combination of Lau, Lee, and Oguma with the teachings of Lee, wherein establishing a secure communication pathway comprises: decrypting the encrypted message received from the device using a private cryptography key of the second public-private cryptography key pair; and upon verifying contents of the encrypted message received from the device, establishing the secure communication pathway, to protect the communications from malicious intrusions (see, e.g., Lee at [0005] and [0030]).  

Regarding claim 11, the combination of Lau, Lee, and Oguma teach the computer-implemented method of claim 9, wherein receiving device data comprises receiving manual input provided by a user via a platform dashboard (Lee at [0017-018] – the user provides manual input instructions via a keyboard and graphical user interface <i.e., dashboard> to request the secure communications/authorization request <i.e., part of receiving the authorization request at [0030] comprises the user manually providing input to the dashboard>; see also [0023] users provide manual input to authorize the device).  
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to implement the combination of Lau, Lee, and Oguma with the teachings of Lee, wherein receiving device data comprises receiving manual input provided by a user via a platform dashboard user interface, so that users may control when the system initiates/ authorizes the terminal within the system (see, e.g., Lee at [0018], [0030]).

Regarding claim 12, the combination of Lau, Lee, and Oguma teach the computer-implemented method of claim 9, wherein receiving device data comprises receiving device data correlated with an untrusted device (Lau at [0029] and [0035] – server receives public key and device ID of a connecting device <i.e., device data correlated with a device>; with Lee at [0005] and [0030] – connecting device transmissions can be malicious or have intrusions <i.e., devices are unstrusted>); and wherein establishing a secure communication pathway with the device converts the untrusted device into a trusted device (Lee at [0030] – RSA public key is contained within a software program and sent to the receiving terminal. Receiving terminal installs the program and sends a response message to the providing server. The RSA public key contained within the software download is used to encrypt the response message. The communications are protected and the device is validated by authorizing the activation request <i.e., the device and communications are now trusted>).  
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to implement the combination of Lau, Lee, and Oguma with the teachings of Lee, wherein receiving device data comprises receiving device data correlated with an untrusted device; and wherein establishing a secure communication pathway with the device converts the untrusted device into a trusted device, to protect against malicious intrusions in the systems or their communications (see, e.g., Lee at [0005] and [0030]).

Regarding claim 13, the combination of Lau, Lee, and Oguma teach the computer-implemented method of claim 9, wherein providing the device-specific installation package to the device comprises: generating a device-specific URI accessible by the device via a network (Lau at [0019] – a unique device ID <i.e., the URI> of the device is generated; [0035-036] – the unique device ID <i.e., URI> is provided by the user to access the installation package for the device; see also [0034] – a unique token of the device is generated); and28Attorney Docket No.: 066517/000310US pointing the device-specific URI to a download script causing the device to download the device-specific installation package upon accessing the device-specific URI (Lau at [0035-037] and [0041] – Unique device ID <i.e., the URI> is used in the system by the device to request the device firmware package <i.e., the device access the device ID to download the package>. This device ID is stored in association with the installation package information <i.e., device ID points to the package information>. Then a device-specific installation package is downloaded to the user device using stored software instructions <i.e., device ID points to a script to cause the download>).

Claim(s) 6 and 14 is/are rejected under 35 U.S.C. 103 as being unpatentable over Lau in view of Lee and Oguma,  further in view of Medvinsky (US6892308, Hereinafter “Medvinsky”).
Regarding claim 6, the combination of Lau, Lee, and Oguma teach the computing platform of claim 1. While the combination of Lau, Lee, and Oguma teach providing a transmission comprising a device-specific installation package (see, e.g., Lau at [0023], [0038]) and receiving a message response (e.g., Lee at [0030]), the combination of Lau, Lee, and Oguma appear to fail to specifically disclose wherein the device-specific installation package further comprises a one-time use nounce; and wherein establishing a secure communication pathway with the device comprises: comparing a nounce value included within the encrypted message received from the device against the one-time use nounce included within the device-specific installation package; upon determining a match between the nounce value and the one-time use nounce, establish the secure communication pathway with the device and invalidate the one-time use nounce.
However, Medvinsky teaches a system for securing communications between devices (see abstract), wherein a first message further comprises a one-time use nounce ([0006] and [0016-017] – a single use nonce is generated by the server and provided to the client, included as part of a first message); and wherein onboarding a device into a trusted connected system further comprises: comparing a nounce value included within the encrypted message received from the device against the one-time use nounce included within the first message ([0006] and [0016-017] – a single use nonce is generated by the server and provided to the client, included as part of a first message, wherein the client then returns a signed nonce with a responding message. Upon receiving the returned signed nonce, the returned signed nonce is compared against the provided nonce); upon determining a match between the nounce value and the one-time use nounce, establish the secure communication pathway with the device and invalidate the one-time use nounce ([0006] and [0016-017] – a single use nonce is generated by the server and provided to the client, included as part of a first message, wherein the client then returns a signed nonce with a responding message. Upon receiving the returned signed nonce, the returned signed nonce is compared against the provided single use nonce. When the nonces match, the system is assured the authenticity of the client and secure communication is established.).
	It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the combination of Lau, Lee, and Oguma with the teachings of Medvinsky, wherein the device-specific installation package further comprises a one-time use nounce; and wherein establishing a secure communication pathway with the device comprises: comparing a nounce value included within the encrypted message received from the device against the one-time use nounce included within the device-specific installation package; upon determining a match between the nounce value and the one-time use nounce, establish the secure communication pathway with the device and invalidate the one-time use nounce, to secure communications of the device-specific installation package message and response messages against replay attacks (see, e.g., Medvinsky at [0016-017]).

Regarding claim 14, the combination of Lau, Lee, and Oguma teach the computer-implemented method of claim 9. While the combination of Lau, Lee, and Oguma teach providing a transmission comprising a device-specific installation package (see, e.g., Lau at [0023], [0038]) and receiving a Lee at [0030]), the combination of Lau, Lee, and Oguma appear to fail to specifically disclose wherein the device-specific installation package further comprises a one-time use nounce; and wherein establishing a secure communication pathway with the device comprises: comparing a nounce value included within the encrypted message received from the device against the one-time use nounce included within the device-specific installation package; upon determining a match between the nounce value and the one-time use nounce, establish the secure communication pathway with the device and invalidate the one-time use nounce.
However, Medvinsky teaches a system for securing communications between devices (see abstract), wherein a first message further comprises a one-time use nounce ([0006] and [0016-017] – a single use nonce is generated by the server and provided to the client, included as part of a first message); and wherein onboarding a device into a trusted connected system further comprises: comparing a nounce value included within the encrypted message received from the device against the one-time use nounce included within the first message ([0006] and [0016-017] – a single use nonce is generated by the server and provided to the client, included as part of a first message, wherein the client then returns a signed nonce with a responding message. Upon receiving the returned signed nonce, the returned signed nonce is compared against the provided nonce); upon determining a match between the nounce value and the one-time use nounce, establish the secure communication pathway with the device and invalidate the one-time use nounce ([0006] and [0016-017] – a single use nonce is generated by the server and provided to the client, included as part of a first message, wherein the client then returns a signed nonce with a responding message. Upon receiving the returned signed nonce, the returned signed nonce is compared against the provided single use nonce. When the nonces match, the system is assured the authenticity of the client and secure communication is established.).
	It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the combination of Lau, Lee, and Oguma with the teachings of Medvinsky, wherein the device-specific installation package further comprises a one-time use nounce; and wherein establishing a secure communication pathway with the device comprises: comparing a nounce value included within the encrypted message received from the device against the one-time use nounce included within the device-specific installation package; upon determining a match between the nounce value and the one-time use nounce, establish the secure communication pathway with the device and invalidate the one-time use nounce, to secure communications of the device-specific installation package message and response messages against replay attacks (see, e.g., Medvinsky at [0016-017]).

Claim(s) 7 and 15 is/are rejected under 35 U.S.C. 103 as being unpatentable over Lau in view of Lee and Oguma,  further in view of Allen et al. (US20100115269, Hereinafter “Allen”).
Regarding claim 7, the combination of Lau, Lee, and Oguma teach the computing platform of claim 1. The combination of Lau, Lee, and Oguma appear to fail to specifically disclose wherein the one or more processors are further configured to generate a self-signed platform certificate for the device; and wherein the device- specific installation package further comprises the self-signed platform certificate for validating the identity of the computing platform at the network-connected device.  
However, Allen teaches a system for securely providing an installation package to a recipient (see, e.g., abstract, [0014]), wherein the one or more processors are further configured to generate a self-signed platform certificate for the device ([0014] – provider generates a certificate signed by the provider, then includes it into an installation package; [0002] – system uses standard computing systems <i.e., comprises one or more processors>); and wherein the installation package further comprises the self-signed platform certificate for validating an identity of the computing platform at the device ([0014] – provider generates a certificate signed by the provider, then includes it into an installation .
	It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the combination of Lau, Lee, and Oguma with the teachings of Allen, wherein the one or more processors are further configured to generate a self-signed platform certificate for the device; and wherein the device- specific installation package further comprises the self-signed platform certificate for validating the identity of the computing platform at the network-connected device, to ensure the identity and integrity of the of the received installation package (see, e.g., Allen at [0006], [0014]).

Regarding claim 15, the combination of Lau, Lee, and Oguma teach the computer-implemented method of claim 9. The combination of Lau, Lee, and Oguma appear to fail to specifically disclose generating a self- signed platform certificate for the device; and wherein the device-specific installation package further comprises the self-signed platform certificate.  
However, Allen teaches a system for securely providing an installation package to a recipient (see, e.g., abstract, [0014]), further comprising: generating a self-signed platform certificate for the device ([0014] – provider generates a certificate signed by the provider, then includes it into an installation package); and wherein the device-specific installation package further comprises the self-signed platform certificate ([0014] – provider generates a certificate signed by the provider, then includes it into an installation package. The installation package is then sent to the recipient device, which validates the identity of the provider to install the package on the device).  
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the combination of Lau, Lee, and Oguma with the teachings of Allen, further comprising: generating a self- signed platform certificate for the device; and wherein the device-Allen at [0006], [0014]).

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. Goto (US20190306698) and Lee (US20170093585) each teach a system for generating a public key in a connected device in response to a transmitted a command to a device which causes the device to generate it’s public key (see, e.g., Goto at [0070] and Lee at [0062-0063).
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a). 
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to JOSHUA RAYMOND WHITE whose telephone number is (571)272-4365.  The examiner can normally be reached on Monday-Thursday, & Alternate Fridays.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.

Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.






/J.R.W./Examiner, Art Unit 2438                                                                                                                                                                                                                                                                                                                                                                                                         
/TAGHI T ARANI/Supervisory Patent Examiner, Art Unit 2438