Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
2.	EXAMINER’S NOTE: The claims have been reviewed and considered under the new guidance pursuant to the 2019 Revised Patent Subject Matter Eligibility Guidance (PEG 2019) issued January 7, 2019.
3.	This communication is in response to Applicant’s amendment filed on 01 November 2021. The Examiner contacted the Applicant's representative and presented proposed claim amendments to place the application in better condition for an allowance by amending all independent claims to overcome the prior art and incorporate the claim language recited in dependent claims 30, 39, and 47 - "verify the first user authentication, based on the first information to perform the first onboarding action and verify the second user authentication, based on the second onboarding action". After conducting an interview, the proposal was accepted and authorization was given for an Examiner’s Amendment on 16 December 2021. Claims 30, 39, and 47 have been canceled. Claims 26, 35, and 43 have been amended. Claims 51-53 have been added. Claims 26-29, 31-38, 40-46, and 48-53 remain pending. 

Response to Arguments
4.	In response to Applicant’s arguments, as disclosed in the remarks, filed
on 01 November 2021, with respect to the prior art not expressly disclosing wherein the device uses a first communication protocol, the first onboarding device uses a second communication protocol, and the second onboarding device uses a third communication 

EXAMINER’S AMENDMENT
5.	An examiner’s amendment to the record appears below. Should the changes and/or additions be unacceptable to applicant, an amendment may be filed as provided by 37 CFR 1.312. To ensure consideration of such an amendment, it MUST be submitted no later than the payment of the issue fee.
Authorization for this examiner’s amendment was given in an interview with Attorney Jerome M. Sundin, Reg. No. 78,632 on 13 December 2021.The application has been amended as follows: 
Please amend the following claims:

	communications circuitry;
processing circuitry; and
	at least one storage device including instructions embodied thereon, wherein the instructions, which when executed by the processing circuitry, configure the processing circuitry to perform operations for user-authorized onboarding in the IoT network, the operations to:
	obtain, from a first onboarding device operating with a first trusted execution environment (TEE), via the communications circuitry, first information to perform a first onboarding action on the device, wherein the first onboarding action is based on a first privilege level established from a first user authentication;
verify the first user authentication, based on the first information to perform the first onboarding action;
	perform the first onboarding action on the device using the first information;
obtain, from a second onboarding device operating with a second TEE distinct from the first TEE, via the communications circuitry, second information to perform a second onboarding action on the device, wherein the second onboarding action is based on a second privilege level established from a second user authentication, and wherein the second onboarding device is distinct from the first onboarding device; and
verify the second user authentication, based on the second information to perform the second onboarding action;
perform the second onboarding action on the device using the second information; 
wherein the device uses a first communication protocol, the first onboarding device uses a second communication protocol, and the second onboarding device uses a third communication protocol, and wherein the 

	Claim 27. 	(Previously Presented) The device of claim 26, wherein the first and second onboarding actions are performed as part of a plurality of onboarding actions performed on the device, the plurality of onboarding actions including: connectivity, discovery, trust establishment, service provisioning, and device configuration actions.

	Claim 28. 	(Previously Presented) The device of claim 27, wherein respective onboarding actions of the plurality of onboarding actions are performed on the device in response to approvals provided by a plurality of respective user agents; and
wherein the respective user agents prompt user interaction to obtain the approvals for the plurality of onboarding actions from respective human users.

	Claim 29. 	(Previously Presented) The device of claim 26, the operations further to:
initiate a first request of the first onboarding action to the first onboarding device, wherein the first information to perform the first onboarding action is provided in response to the first request; and
initiate a second request of the second onboarding action to the second onboarding device, wherein the second information to perform the second onboarding action is provided in response to the second request.

	Claim 30. 	(Canceled) 

	Claim 31. 	(Previously Presented) The device of claim 26, wherein the first onboarding action and the second onboarding action are conducted in response to respective user authentications obtained with a three-way authorization protocol, 
wherein the approval from the authorization service is received in an OAuth2, OpenID-Connect, or Kerberos interaction obtained on behalf of the at least one user agent.

	Claim 32. 	(Previously Presented) The device of claim 31, the operations further to log information for the approval from the at least one user agent and log information for the approval from the authorization service to a blockchain ledger.

	Claim 33. 	(Previously Presented) The device of claim 31, wherein the three-way authorization protocol includes: 
a request from the respective onboarding device to the user agent to obtain the approval, a response from the user agent to indicate the approval, a request from the respective onboarding device to the authorization service to obtain an authorization service token, and a response from the authorization service to indicate the authorization service token; and 
wherein information to perform the respective onboarding action includes information based on the authorization service token and the response from the user agent. 

	Claim 34.	 (Previously Presented) The device of claim 26, wherein communications in the IoT network to perform the operations are conducted according to one or more Open Connectivity Foundation (OCF) specifications, and wherein one or more of the communications comprise Representational State Transfer (RESTful) interactions among one or more IoT network topologies.

	Claim 35. 	(Currently Amended) A method for user-authorized onboarding in an Internet of Things (IoT) network, comprising a plurality of operations executed with a processor and memory of a device, the operations comprising:
 environment (TEE), first information to perform a first onboarding action on the device, wherein the first onboarding action is based on a first privilege level established from a first user authentication;
verifying the first user authentication, based on the first information to perform the first onboarding action; 
performing the first onboarding action on the device using the first information;
obtaining, from a second onboarding device operating with a second TEE distinct from the first TEE, second information to perform a second onboarding action on the device, wherein the second onboarding action is based on a second privilege level established from a second user authentication, and wherein the second onboarding device is distinct from the first onboarding device; and
verifying the second user authentication, based on the second information to perform the second onboarding action;
performing the second onboarding action on the device using the second information;
wherein the device uses a first communication protocol, the first onboarding device uses a second communication protocol, and the second onboarding device uses a third communication protocol, and wherein communications circuitry coupled to the processor converts communications from the first communication protocol, the second communication protocol, and the third communication protocol to a standard communication protocol to provide multi-standard connectivity enabling the device, the first onboarding device, and the second onboarding device to communicate with each other. 

	Claim 36. 	(Previously Presented) The method of claim 35, further comprising:
performing the first and second onboarding actions on the device as part of a plurality of onboarding actions performed on the device, the plurality of onboarding actions including: connectivity, discovery, trust establishment, service provisioning, and device configuration actions;


	Claim 37. 	(Previously Presented) The method of claim 36, wherein the respective user agents prompt user interaction to obtain the approvals for the plurality of onboarding actions from respective human users.

	Claim 38. 	(Previously Presented) The method of claim 35, further comprising:
initiating a first request of the first onboarding action to the first onboarding device, wherein the first information to perform the first onboarding action is provided in response to the first request; and
initiating a second request of the second onboarding action to the second onboarding device, wherein the second information to perform the second onboarding action is provided in response to the second request.

	Claim 39.	 (Canceled)

	Claim 40. 	(Previously Presented) The method of claim 35, wherein the first onboarding action and the second onboarding action are conducted in response to respective user authentications obtained with a three-way authorization protocol, wherein the three-way authorization protocol includes obtainment of approval from at least one user agent and obtainment of approval from an authorization service on behalf of the respective onboarding device; and
wherein the approval from the authorization service is received in an OAuth2, OpenID-Connect, or Kerberos interaction obtained on behalf of the at least one user agent.

	Claim 41. 	(Previously Presented) The method of claim 40, further comprising:
logging information for the approval from the at least one user agent and log information for the approval from the authorization service to a blockchain ledger.

wherein information to perform the respective onboarding action includes information based on the authorization service token and the response from the user agent. 

	Claim 43.	 (Currently Amended) At least one non-transitory device-readable storage medium comprising instructions, wherein the instructions, when executed by a processing circuitry of a device, cause the processing circuitry to perform operations for user-authorized onboarding in an Internet of Things (IoT) network, with operations comprising:
obtaining, from a first onboarding device operating with a first trusted execution environment (TEE), first information to perform a first onboarding action on the device, wherein the first onboarding action is based on a first privilege level established from a first user authentication;
verifying the first user authentication, based on the first information to perform the first onboarding action;
performing the first onboarding action on the device using the first information;
obtaining, from a second onboarding device operating with a second TEE distinct from the first TEE, second information to perform a second onboarding action on the device, wherein the second onboarding action is based on a second privilege level established from a second user authentication, and wherein the second onboarding device is distinct from the first onboarding device; and
verifying the second user authentication, based on the second information to perform the second onboarding action;
performing the second onboarding action on the device using the second information;


	Claim 44. 	(Previously Presented) The storage medium of claim 43, the operations further comprising:
performing the first and second onboarding actions on the device as part of a plurality of onboarding actions performed on the device, the plurality of onboarding actions including: connectivity, discovery, trust establishment, service provisioning, and device configuration actions;
wherein respective onboarding actions of the plurality of onboarding actions are performed on the device in response to approvals provided by a plurality of respective user agents.

	Claim 45. 	(Previously Presented) The storage medium of claim 44, wherein the respective user agents prompt user interaction to obtain the approvals for the plurality of onboarding actions from respective human users.

	Claim 46. 	(Previously Presented) The storage medium of claim 43, the operations further comprising:
initiating a first request of the first onboarding action to the first onboarding device, wherein the first information to perform the first onboarding action is provided in response to the first request; and
initiating a second request of the second onboarding action to the second onboarding device, wherein the second information to perform the second onboarding action is provided in response to the second request.


	Claim 48. 	(Previously Presented) The storage medium of claim 43, wherein the first onboarding action and the second onboarding action are conducted in response to respective user authentications obtained with a three-way authorization protocol, wherein the three-way authorization protocol includes obtainment of approval from at least one user agent and obtainment of approval from an authorization service on behalf of the respective onboarding device;
wherein the approval from the authorization service is received in an OAuth2, OpenID-Connect, or Kerberos interaction obtained on behalf of the at least one user agent.

	Claim 49. 	(Previously Presented) The storage medium of claim 48, the operations further comprising:
logging information for the approval from the at least one user agent and log information for the approval from the authorization service to a blockchain ledger.

	Claim 50. 	(Previously Presented) The storage medium of claim 48, wherein the three-way authorization protocol includes: a request from the respective onboarding device to the user agent to obtain the approval, a response from the user agent to indicate the approval, a request from the respective onboarding device to the authorization service to obtain an authorization service token, and a response from the authorization service to indicate the authorization service token; and 
wherein information to perform the respective onboarding action includes information based on the authorization service token and the response from the user agent.

	Claim 51.	(New) The device of claim 26, wherein at least one of the first communication protocol, the second communication protocol, or the third communication protocol is at least one of: Optimized Link State Routing (OLSR) 

	Claim 52.	(New) The method of claim 35, wherein at least one of the first communication protocol, the second communication protocol, or the third communication protocol is at least one of: Optimized Link State Routing (OLSR) protocol, Better Approach to Mobile Ad-Hoc Networking (B.A.T.M.A.N.) routing protocol, or OMA Lightweight M2M (LWM2M) protocol.

	Claim 53.	(New) The storage medium of claim 43, wherein at least one of the first communication protocol, the second communication protocol, or the third communication protocol is at least one of: Optimized Link State Routing (OLSR) protocol, Better Approach to Mobile Ad-Hoc Networking (B.A.T.M.A.N.) routing protocol, or OMA Lightweight M2M (LWM2M) protocol.

Allowable Subject Matter
6.	Claims 26-29, 31-38, 40-46, and 48-53 are allowed.
7.	The following is an examiner’s statement of reasons for allowance: The present invention is directed towards a method and system for user-authorized onboarding using a public authorization service within Internet of Things (IoT). Claims 26, 35, and 43 identifies the uniquely distinct features “verifying the first user authentication, based on the first information to perform the first onboarding action;  performing the first onboarding action on the device using the first information; obtaining, from a second onboarding device operating with a second TEE distinct from the first TEE, second information to perform a second onboarding action on the device, wherein the second onboarding action is based on a second privilege level established from a second user authentication, and wherein the second onboarding device is distinct from the first onboarding device; and verifying the second user authentication, based on the second information to perform the second onboarding action; performing the second onboarding action on the device using the second information; wherein the device uses a first communication protocol, the first onboarding device uses a second communication protocol, and the second onboarding device uses a third communication protocol, and wherein communications circuitry coupled to the processor converts communications from the first communication protocol, the second communication protocol, and the third communication protocol to a standard communication protocol to provide multi-standard connectivity enabling the device, the first onboarding device, and the second onboarding device to communicate with each other”. 
The closest prior art, Rongo et al. (Pub No. 2015/0121470) discloses peer-to-peer onboarding of internet of things (IoT) devices over various communication interfaces. The disclosure generally relates to apparatus and method for setting up or onboarding a first Internet of Things (IoT) device that has limited or no interfacing capability itself to connect to a network through a second IoT device in communication with the network, by sending a request to a second device in communication with the network and receiving permission to initiate communication with the network.
However, Rongo et al. fail to anticipate or render obvious the claimed limitations of verifying the first user authentication, based on the first information to perform the first onboarding action;  performing the first onboarding action on the device using the first information; obtaining, from a second onboarding device operating with a second TEE distinct from the first TEE, second information to perform a second onboarding action on 
The closest prior art, Lu (Pub No. 2014/0189799) discloses multi-factor authorization for authorizing a third-party application to use a resource. Enhanced security for limited access through multi-factor authorization to cloud computing resources. The enhanced security is obtained by utilizing a personal security device to perform certain security operations as part of an authorization protocol such that an authorization grant is confirmed using two independent factors such as evidence of knowledge of a secret plus possession of a personal security device. The personal security device may also store an access token and perform cryptographic operations evidencing possession of the access token. Other systems and methods are disclosed.

The closest prior art, Lee (Pub No. 2018/0063879) discloses apparatus and method for interoperation between internet-of-things devices. Disclosed herein are an apparatus and method for interoperation between Internet-of-Things (IoT) devices. The IoT device interoperation method uses an IoT device interoperation apparatus and includes performing an endpoint discovery procedure between an Open Connectivity 
However, Lee fail to anticipate or render obvious the claimed limitations of verifying the first user authentication, based on the first information to perform the first onboarding action;  performing the first onboarding action on the device using the first information; obtaining, from a second onboarding device operating with a second TEE distinct from the first TEE, second information to perform a second onboarding action on the device, wherein the second onboarding action is based on a second privilege level established from a second user authentication, and wherein the second onboarding device is distinct from the first onboarding device; and verifying the second user authentication, based on the second information to perform the second onboarding action; performing the second onboarding action on the device using the second information; wherein the device uses a first communication protocol, the first onboarding device uses a second communication protocol, and the second onboarding device uses a third communication protocol, and wherein communications circuitry coupled to the processor converts communications from the first communication protocol, the second communication protocol, and the third communication protocol to a standard communication protocol to provide multi-standard connectivity enabling the device, the first onboarding device, and the second onboarding device to communicate with each other.
claims 26, 35, and 43 and the respective dependent claims 27-29, 31-34, 36-38, 40-42, 44-46, and 48-53 are in condition for allowance.

Conclusion
Any comments considered necessary by applicant must be submitted no later than the payment of the issue fee and, to avoid processing delays, should preferably accompany the issue fee.  Such submissions should be clearly labeled “Comments on Statement of Reasons for Allowance.”
Any inquiry concerning this communication or earlier communications from the examiner should be directed to COURTNEY D FIELDS whose telephone number is (571)272-3871. The examiner can normally be reached IFP M-F 8am-4:30pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, SHEWAYE GELAGAY can be reached on (571)272-4219. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-





/COURTNEY D FIELDS/Examiner, Art Unit 2436                                                                                                                                                                                                        December 16, 2021

/SHEWAYE GELAGAY/Supervisory Patent Examiner, Art Unit 2436