DETAILED ACTION

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
EXAMINER’S AMENDMENT
An examiner’s amendment to the record appears below. Should the changes and/or additions be unacceptable to applicant, an amendment may be filed as provided by 37 CFR 1.312. To ensure consideration of such an amendment, it MUST be submitted no later than the payment of the issue fee. Authorization for this examiner’s amendment was given in an interview with Marc Kaufman on 12/2/21. Applicant agreed to move up 9, 18 respectively with independent claims 1, 10 as: 

1. (Currently Amended) A method implemented by one or more computing devices for managing use of an asset, the method comprising: 
accomplishing a registration procedure between an asset device physically coupled with an asset and an owner device associated with an owner of the asset, wherein the registration procedure comprises: exchanging public keys between the owner device and the asset device, the public keys being signed by a certificate authority with a certificate of identity; deriving a shared secret; and protecting communications between the owner device and the asset device by encrypting and signing the communication using the public keys and the shared secret; 

transmitting the secure policy from user device to the asset device; requesting, by the user device, a specified use of the asset; and 
enforcing the policy by the asset device whereby the request is granted only when the requested use corresponds to the policy attributes in the policy.

2. (Previously Presented) The method of claim 1, wherein the secure policy is bound to a fingerprint of the user device and further comprising the policy owner device encrypting and signing the policy.

3. (Previously Presented) The method of claim 2, wherein the policy owner device is controlled by the owner of the asset.

4. (Previously Presented) The method of claim 2, wherein the policy owner device is controlled by a party other than the owner of the asset who has been given rights to create policies.

5. (Previously Presented) The method of claim 2, wherein the asset device stores a data structure including a user ID, a user fingerprint, access policy attributes, and a shared 

6. (Previously Presented) The method of claim 2, wherein the user device stores a data structure including an asset ID, and asset fingerprint, and a shared secret with the policy owner.

7. (Previously Presented) The method of claim 2, wherein the use of the asset includes physical access to an interior of the asset.

8. (Previously Presented) The method of claim 2, wherein the asset is a computing resource and the use includes access to the computing resource.

9. (cancelled).

10. (Currently Amended) An apparatus for managing use of an asset, the apparatus comprising: 
at least one computer processor; 
at least one memory device coupled to the at least one computer processor and storing instructions thereon which, when executed by the at least one processor, cause the at least one processor to: 
accomplish a registration procedure between an asset device physically coupled with an asset and an owner device associated with an owner of the asset, wherein the registration procedure comprises: exchanging public keys between the owner device and the asset device, the public keys being signed by a signed by a certificate authority with a certificate of identity; deriving a shared secret; and protecting communications between the owner device and the asset device by encrypting and signing the communication using the public keys and the shared secret; 
transmit a secure policy associated with a user from a policy owner device to a user device associated with the user, wherein the secure policy includes policy  attributes defining conditions and limitations for using controlling use of the asset and is distinct from cryptographic keys used to secure the communication to the asset[[.]]; 
transmit the secure policy from user device to the asset device; request, by the user device, a specified use of the asset; and 
enforcing the policy by the asset device whereby the request is granted only when the requested use corresponds to policy attributes in the policy.

11. (Previously Presented) The apparatus of claim 10, wherein the secure policy is bound to a fingerprint of the user device and further comprising the policy owner device encrypting and signing the policy.

12. (Previously Presented) The apparatus of claim 10, wherein the policy owner device is controlled by the owner of the asset.



14. (Previously Presented) The apparatus of claim 10, wherein the asset device stores a data structure including a user ID, a user fingerprint, access policy attributes, and a shared secret with the owner device, and wherein the owner device stores a data structure including an asset ID, an asset fingerprint, access policy attributes, and the shared secret.

15. (Previously Presented) The apparatus of claim 10, wherein the user device stores a data structure including an asset ID, and asset fingerprint, and a shared secret with the policy owner.

16. (Previously Presented) The apparatus of claim 10, wherein the use of the asset includes physical access to an interior of the asset.

17. (Previously Presented) The apparatus of claim 10, wherein the asset is a computing resource and the use includes access to the computing resource.

18. (Cancelled).
Allowable Subject Matter
The following is an examiner’s statement of reasons for allowance:
exchanging public keys between the owner device and the asset device, the public keys being signed by a certificate authority with a certificate of identity; deriving a shared secret; and protecting communications between the owner device and the asset device by encrypting and signing the communication using the public keys and the shared secret; 
transmitting a secure policy associated with a user from a policy owner device to a user device associated with the user, wherein the secure policy includes policy attributes defining conditions and limitations for controlling use of the asset and is distinct from cryptographic keys used to secure the communication to the asset; transmitting the secure policy from user device to the asset device; requesting, by the user device, a specified use of the asset; and enforcing the policy by the asset device whereby the request is granted only when the requested use corresponds to the policy attributes in the policy.
The dependent claims, being definite, further limiting, and fully enabled by the specification are also allowed.

	
Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to MOHAMMED WALIULLAH whose telephone number is (571)270-7987.  The examiner can normally be reached on 8.30 to 430 PM.

If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Yin-Chen Shaw can be reached on 1-571-272-8878.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.






/MOHAMMED WALIULLAH/Primary Examiner, Art Unit 2498