Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
2.	Claims 1-20 are pending. 



Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains.  Patentability shall not be negated by the manner in which the invention was made.


3.	Claims 1, 9, and 15 are rejected under 35U.S.C 103 as being unpatentable over Rameez Loladia (US 10447683), in view of Brown Michael (EP 1881665), hereinafter Michael.

	Regarding claim 1:
	Loladia discloses receiving an authentication message from a third party server, the authentication message identifying a network device; receiving a zero touch provisioning (ZTP) request comprising a certificate from the network device At 405, the IoT device 400 sends a self-provisioning request to the provisioning service 236. The request may correspond to a MQTT subscription to a provisioning topic provided by the provisioning service 236, includes the provisioning certificate stored on the IoT device 400. The request may also include other data, such as a hardware device identifier, a geolocation of the device, user account credentials, and the like. At 410, the provisioning service forwards the request to the authentication service 237 (Loladia, column 9, [lines 55-65]). Examiner interprets the request forward from provisioning service is equivalent authentication message from a third party server, and also provisioning certificate stored on the IoT device 400 is certificate of the network device. Loladia also teaches zero touch provisioning (ZTP) techniques provide a zero-touch approach to provisioning the IoT device at initial startup of the device (Loladia, column 2, [lines 40-41]).
Determining the network device is associated with a third party that manages the third party server based on the certificate at 415, the authentication service 237 validates the request based on an evaluation of the provisioning certificate. As stated, the provisioning certificate is previously registered with the IoT service 117. The authentication service 237 may evaluate the provisioning certificate against a registry of provisioning certificates to ensure that the provisioning certificate has not been previously invalidated, corresponds to a valid provisioning certificate in the registry, etc. At step 420, the authentication service 237 sends a confirmation of the validation to the provisioning service 236 (Loladia, column 10, [lines 1-8]). The provisioning certificate may include information uniquely identifying the group associated with the devices, such as an ID number associated with the device group, manufacturer ID, and the like" and "The manufacturer can then register the provisioning certificate and other information with the IoT service on the cloud platform" (415 validates it, that means, it's really from the manufacturer).
However, Loladia fails to disclose transmitting a redirect message comprising a root certificate chain indicating that the network device is to send the ZTP request to the third party server.
Michael teaches during activation of the device, provide a device certificate request to the mobile data server for the device, the device certificate request including at least a user identifier, a device identifier and a device public key, wherein the device certificate request is forwarded from the mobile data server to a predefined certification authority; and receive a device certificate from the predefined certification authority in response to the device certificate request (Michael, para 14), and further teaches predefined certification authority is a third party (Michael, para 39). Therefore, it would have been obvious to one ordinary skill in the art before the effective filing date of the 

Regarding claim 9:
Claim 9 is rejected under the same reason set forth in rejection of claim 1.

Regarding claim 15:
Claim 15 is rejected under the same reason set forth in rejection of claim 1.

4.	Claims 2, 4, 10, 12, 16, 18  are rejected under 35U.S.C 103 as being unpatentable over Rameez Loladia (US 10447683), in view of Brown Michael (EP 1881665), and further in view of Shachar Shaty (US 20100251144), hereinafter Shaty.

Regarding claim 2:
Loladia and Michael disclose the ZTP request (please see rejection of claim 1), but fail to disclose receiving a reauthentication message from the first third party server indicating that a second third party server associated with the first third party server is a third party server with permission. Shaty teaches the central services server stores an identifier of a session between the secure zone and the central services server, as described hereinabove with reference to step 122 of method 100 of FIG. 2. The central services server may use this identifier for a re-authentication check before providing a profile including verified information, as described hereinabove with reference to FIG. 4. The web content delivered to or via the secure zone may include any of the applications described hereinabove, such as with reference to FIGS. 3, 4, 5, and/or 6, for example, a seal media object, or transactions controls (e.g., for secure login) (Shaty, paragraph 148). Therefore, it would have been obvious to someone skilled in the art before the effective filling date of claimed invention to combine the teaching of Loladia with that of Shaty in order to secure communication between the user's browser and the third party server (Shaty, paragraph 8).


Loladia, Michael and Shaty disclose after transmitting the redirect message, receiving a reauthentication message from the third party server identifying that the network device is ready to be reauthenticated if the same user 26 is confirmed to be requesting information at check step 204, the entity ID of the key is returned from the database. At a verification information display step 208, central services server 20, or seal repository server 152, using the entity ID, retrieves additional information regarding the entity and/or the URL from seal repository server 152, and displays this information to user 24 (Shaty, paragraph 130). Therefore, it would have been obvious to someone skilled in the art before the effective filling date of claimed invention to combine the teaching of Loladia with that of Shaty in order to secure communication between the user's browser and the third party server (Shaty, paragraph 8).

Regarding claim 10:
Claim 10 is rejected under the same reason set forth in rejection of claim 2.

.Regarding claim 12:
Claim 12 is rejected under the same reason set forth in rejection of claim 4.

Regarding claim 16:
Claim 16 is rejected under the same reason set forth in rejection of claim 2.

Regarding claim 18:
Claim 18 is rejected under the same reason set forth in rejection of claim 4.

5.	Claims 3, 8, 11, 14, 17, and 20 are rejected under 35U.S.C 103 as being unpatentable over Rameez Loladia (US 10447683), in view of Brown Michael (EP 1881665), and further in view of Keith R. Vogel (US 20050080899), hereinafter Vogel.


Loladia and Michael disclose the ZTP request (please see rejection of claim 1), but fail to disclose receiving a reauthentication message from the first third party server indicating that the network device is being assigned to a second third party server; updating the root certificate chain to indicate that, after being authenticated by the first third party server.
Vogel disclose attempts to access a web page which requires a trusted root certificate that the client computer does not have (act 282). This requested web page redirects the client web browser 110 to a new web page that hosts update root control 118 (act 284). This redirection may be direct to the web page hosting control 118, or alternatively may be indirect (e.g., passing through one or more intermediate web pages), update root control 118 is executed at client 104 (or alternatively at server 102) and is passed a parameter by the new web page that Specifies a uniform resource locator (URL) of a certificate trust list (act 286). The URL specified by the new web page is the location where a certificate trust list resides that includes the necessary root certificates to be added to root store 112 of client computer 104 (Vogel, paragraph 65).
It would have been obvious to someone skilled in the art before the effective filling date of claimed invention to combine the teaching of Loladia with that of Vogel in order to update the root certificates on the client computer, allowing the integrity of existing root certificates as well as any new root certificates to be maintained.

Regarding claim 8:
Loladia, Michael and Vogel disclose authenticating the network device based on the authentication message wherein the redirect message is sent in response to authenticating the network device the control verifies the integrity of the message, and thus the integrity of the certificate trust list contained therein, by establishing a certificate chain from the signer certificate to a root certifi cate in the client's root certificate store (Vogel, paragraph 11), and Khosravi teaches the ZTP request supplicant 202 may be an Intel(R) AMT/ VPro platform capable of Zero Touch Provisioning (ZTP) as an example. ZTP may comprise a configuration system capable of initiating provisioning supplicant 202 substantially without user intervention (Khosravi, column 4, [lines 47-51]).


Regarding claim 11:
Claim 11 is rejected under the same reason set forth in rejection of claim 3.

Regarding claim 14:
Claim 14 is rejected under the same reason set forth in rejection of claim 8.

Regarding claim 17:
Claim 17 is rejected under the same reason set forth in rejection of claim 3.

Regarding claim 20:
Claim 20 is rejected under the same reason set forth in rejection of claim 8.

6.	Claim 5 is rejected under 35U.S.C 103 as being unpatentable over Rameez Loladia (US 10447683), in view of Brown Michael (EP 1881665), and further in view of Richard Rabbat (US 8543715), hereinafter Rabbat.

Regarding claim 5:
	Loladia, Michael and Rabbat disclose wherein the redirect message includes a maximum number of third party servers the network device can be redirected to before performing a security check the redirect limit specifies a maximum number of user redirects the users web browser may perform for a third party resource corresponding to the frame element. A user redirect request associated with the third-party resource is handled based on the determined redirect limit (Rabbat, column 2, [lines 15-20]). Therefore, it would have been obvious to someone skilled in the art before the effective filling date of claimed invention to combine the teaching of Loladia with that of Rabbat in order to reduced risk of spam, better privacy control by limiting the number of cookies that can get stored on a user's system after each redirect, and better accountability and transparency from third-party content providers (Rabbat, column 2, [lines 6-10]).


7.	Claim 6 is rejected under 35U.S.C 103 as being unpatentable over Rameez Loladia (US 10447683), in view of Brown Michael (EP 1881665), and further in view of Coach Wei (US 8209415), hereinafter Wei.

	Regarding claim 6:
Loladia, Michael and Rabbat disclose number of third party servers the redirect limit specifies a maximum number of user redirects the users web browser may perform for a third party resource corresponding to the frame element. A user redirect request associated with the third-party resource is handled based on the determined redirect limit (Rabbat, column 2, [lines 15-20]), but fail to disclose automatically shutting down after being redirected to more third party servers than the maximum number of third party servers. However, Wei teaches the web operator configures whether the system is allowed to launch new server instances in response to traffic demand spikes and the associated node management policy. Also, the web operator configures whether the system is allowed to shut down server nodes if capacity exceeds demand by a certain threshold (Wei, column 10, [lines 15-20]). Therefore, it would have been obvious to someone skilled in the art before the effective filling date of claimed invention to combine the teaching of Loladia with that of Wei in order to monitoring and control of access to the API.

s 7, 13, 19 are rejected under 35U.S.C 103 as being unpatentable over Rameez Loladia (US 10447683), in view of Brown Michael (EP 1881665), and further in view of Chachi Prasad (US 20160012498), hereinafter Prasad.

	Regarding claim 7:
Loladia, Michael and Prasad disclose wherein the certificate comprises an organization name , and wherein determining the network device is associated with the third party that manages the third party server based on the certificate comprises: determining the organization name included in the certificate matches an original equipment manufacturer (OEM) name; transmitting an organization status request to a network management device; and receiving an organization status indicating that the network device is associated with the third party that manages the third party server the OEM manufacturer or administrator chooses a specific item by accessing a drop down list of OEM products on the screen (Prasad, paragraph 144), and further once the indicia, symbology, or code is detected, it is communicated to the OEM manufacturer's computer database, SYNCA’s data base or any another Internet web-based database, which is searched for a match for the detected indicia, symbology, or code. If there is a match with the codes and symbology in the database maintained by the OEM manufacturer or administrator, the product is deemed as a genuine OEM product. If there is no match, then, the product is deemed to be an imitation or a knockoff (Prasad, paragraph 141). Therefore, it would have been obvious to someone skilled in the art before the effective filling date of claimed invention to combine the teaching of Loladia with that of Prasad in order to secure both for data mining information when allowed or screed or secured from being shared in data mining operations (Prasad, paragraph 163).
	
Regarding claim 13:
Claim 13 is rejected under the same reason set forth in rejection of claim 7.

Regarding claim 19:
Claim 19 is rejected under the same reason set forth in rejection of claim 7.
Conclusion
Any inquiry concerning this communication from the examiner should be directed to Thanh Le whose telephone number is 571-272-8556. The examiner can normally be reached on Monday-Friday 8:00a.m to 5p.m. EST
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor Nickerson Jeffrey L can be reached on (469) 295-9235.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system. Status information for published applications may be obtained from either obtained from either Private PAIR or Public PAIR. Status information for unpublished application is available through Private PAIR only. For more information about the PAIR system, see http://pair-direct.uspto.gov . Should you have question on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automatic information system, call 800-786-9199 (In USA or CANADA) or 571-272-1000.

/Jeffrey Nickerson/             Supervisory Patent Examiner, Art Unit 2432                                                                                                                                                                                           
/THANH H LE/             Examiner, Art Unit 2432                                                                                                                                                                                           
/FATOUMATA TRAORE/             Primary Examiner, Art Unit 2436