DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
1.	Claims 1-20 are pending.
2.	Claims 8-14 has overcome the 101 rejection, necessitated by current amendment.

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

The factual inquiries for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.
s 1-20 is/are rejected under 35 U.S.C. 103 as being unpatentable over Kreft [US 20140108786] in view of Cutter, et al. [US 20060085646].
As per claim 1:	Kreft teaches a method for licensing features of industrial devices employed in an industrial automation environment, the method comprising: 
provisioning, by a system comprising a processor, a security certificate for an industrial device signed by a certificate authority [Kreft: 0064; a certificate which contains the data record signed by the issuing (certificate) authority], wherein the security certificate comprises a first public key associated with the industrial device, and wherein a first private key paired with the first public key [Kreft: 0064, 0202; various forms of a certificate and its related keys (pair)] is securely stored in a hardware root of trust within the industrial device; [Kreft: 0169-0172; creating and recording a fingerprint of the un-tampered semiconductor module, securing this fingerprint by using a certificate signed by an Certification Authority, and storing the certified fingerprint in a semiconductor non-volatile memory. This certificate may be signed by the Root Certification Authority (RCA) or another Certification Authority that can be validated against the RCA's certificate containing the public key part of the RCA's public key-pair. Thus, the fingerprint keys (of private/public key pair) associates to the certificate of the hardware/device or “hardware root of trust within the industrial device” per se. More examples of hardware root trust, 0195, 0201]
generating, by the system, a device information package comprising a license [Kreft: 0245, e.g. license information] to enable one or more functions of the industrial device based on the security certificate for the industrial device [Kreft:0099], wherein the device information package is encrypted with the first public key associated with the industrial device [Kreft: 0200-0202, 0217] and the device information package is signed by the certificate authority using a second private key associated with the certificate authority; and [Kreft: 0226; the private key used to encrypt the fingerprint differs from the private key used for encrypting the random secret key. Further, the public keys corresponding to the private keys to encrypt the fingerprint and random secret key are assumed to be provided in form of a certificate originating from the Root Certification Authority. This means the public keys are signed by a Root Certification Authority using a private signing key (part) of a signing key-pair. Thus, the fingerprint’s private key (e.g. of the key pair of the hardware/device, discussed above) and random secret key’s private key (e.g. of the key pair of the license info or “device information package”) refers to the claimed first and second private keys, where these private keys (of private/public key pair) relates to the CA. More examples of different keys- 0267, 0344-0345]
providing, by the system, the device information package to the industrial device, wherein the industrial device is configured to validate the device information package using a second public key paired with the second private key associated with the certificate authority and decrypt the device information package with the first private key associated with the industrial device [Kreft: 0217; the public key part of a public key-pair used for encrypting the random secret key is assumed to be known to the bootstrapping hardware (in order of being able to decrypt, verify and execute). Para 0514; the protected application needs for example a cryptographic key to decrypt data or an embedded firmware. The required secret (i.e. the key) is not stored in any non-volatile digital memory or storage; it is part of the analog PUF information mechanism of the cocoon. Thus, the cryptographic key to decrypt data suggests private key (of a key pair) associated with hardware/device for decryption of the device information package. See also 0325], and enable the one or more functions of the industrial device based on the license included in the device information package. [Kreft: 0267, 0341-0345] 

	Cutter discloses most current DRM solutions rely on unique identification of user devices where each license is typically bound to a unique playback device (or consumer electronics device), so the license stored in one device cannot be transferred or used by another device [Cutter: 0019]. Cutter discusses the individualization process where the certificate authority's individualization service generates a unique dynamic link library ("DLL") that is bound to the client computer using its hardware ID and a public/private key pair is generated. The corresponding public key is used as the player's identifier when requesting a license and a clearinghouse will encrypt the license using this key [Cutter: 0020]. Each license contains rights and restrictions, defining how the data in a file may be used, and under what conditions [Cutter: 0025]. As such, the function(s) in terms of “a license to enable one or more functions of the industrial device”, can be given the broadest reasonable interpretation (BRI) as purpose or utility of a device, e.g. condition, or play/playback, or accessibility (rights/restrictions). Cutter further discloses the license works in conjunction with a device certificate that allows the encrypted 
	Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine Cutter with Kreft to teach “a license to enable one or more functions of the industrial device based on the security certificate for the industrial device” for the reason to solve manufacturing problems associated with generating unique and verifiable device certificates for each consumer electronics device such that the device creates a unique device certificate based on the templates built into the device to allow the device access to the content, when the proper license is present.
Claim 2:  As reject with the same motivation as in claim 1, Kreft: 0202 in view of Cutter: 0020 [request for license works in conjunction with a device certificate]; discussing the method of claim 1 further comprising receiving, by the system, a request for the license from the industrial device, wherein the request for the license includes the security certificate.
further comprising validating, by the system, the security certificate prior to generating the device information package comprising the license.
Claim 4:  Kreft: 0060, 0371; discussing the method of claim 1 further comprising issuing, by the system, a revocation of the license to the industrial device, wherein the industrial device is configured to revoke the license to disable the one or more functions of the industrial device based on the revocation.
Claim 5:  Kreft: 0063, 0371; discussing the method of claim 4 wherein the industrial device is configured to generate a record that indicates the license was revoked and sign the record using the first private key associated with the industrial device.
Claim 6:  Kreft: 0060; discussing the method of claim 1 wherein the second public key is securely stored in the hardware root of trust within the industrial device.
Claim 7:  Kreft: 0226; discussing the method of claim 1 wherein the security certificate is signed by a third private key associated with the certificate authority.
As per claim 8:	Kreft teaches a non-transitory computer-readable medium having stored thereon instructions that, in response to execution, cause a system comprising a processor to perform operations, the operations comprising: 
provisioning a security certificate for an industrial device signed by a certificate authority [Kreft: 0064; a certificate which contains the data record signed by the issuing (certificate) authority], wherein the security certificate comprises a first public key associated with the industrial device [Kreft: 0064, 0202; various forms of a certificate and its related keys (pair)], and wherein a first private key paired with the first public key is securely stored in a hardware root of trust within the industrial device; [Kreft: 0169-0172; creating and recording a fingerprint of the un-tampered semiconductor module, securing this fingerprint by using a certificate signed by an Certification Authority, and storing the certified fingerprint in a semiconductor non-volatile memory. This certificate may be signed by the Root Certification Authority (RCA) or another Certification Authority that can be validated against the RCA's certificate containing the public key part of the RCA's public key-pair. Thus, the fingerprint keys (of private/public key pair) associates to the certificate of the hardware/device or “hardware root of trust within the industrial device” per se. More examples of hardware root trust, 0195, 0201] 
generating a device information package for the industrial device comprising a license [Kreft: 0245, e.g. license information] to enable one or more functions of the security certificate for the industrial device, wherein the device information package is encrypted with the first public key associated with the industrial device [Kreft: 0200-0202, 0217] and the device information package is signed by the certificate authority using a second private key associated with the certificate authority; and [Kreft: 0226; the private key used to encrypt the fingerprint differs from the private key used for encrypting the random secret key. Further, the public keys corresponding to the private keys to encrypt the fingerprint and random secret key are assumed to be provided in form of a certificate originating from the Root Certification Authority. This means the public keys are signed by a Root Certification Authority using a private signing key (part) of a signing key-pair. Thus, the fingerprint’s private key (e.g. of the key pair of the hardware/device, discussed above) and random secret key’s private key (e.g. of the key pair of the license info or “device information package”) refers to the claimed first and second private keys, where these private keys (of private/public key pair) relates to the CA. More examples of different keys- 0267, 0344-0345] 
providing the device information package to the industrial device, wherein the industrial device is configured to validate the device information package using a second public key paired with the second private key associated with the certificate authority, decrypt the device information package with the first private key associated with the industrial device Kreft: 0217; the public key part of a public key-pair used for encrypting the random secret key is assumed to be known to the bootstrapping hardware (in order of being able to decrypt, verify and execute). Para 0514; the protected application needs for example a cryptographic key to decrypt data or an embedded firmware. The required secret (i.e. the key) is not stored in any non-volatile digital memory or storage; it is part of the analog PUF information mechanism of the cocoon. Thus, the cryptographic key to decrypt data suggests private key (of a key pair) associated with hardware/device for decryption of the device information package. See also 0325], and enable the one or more functions of the industrial device based on the license included in the device information package. [Kreft: 0267, 0341-0345] 
	Kreft discusses key generation unit (PK/ID Generator & License Info) is a circuitry to generate keys, e.g. the session keys for a transaction, keys for the umbrella encryption, the CASTOR's public key-pair (SUDI and PUDI, the latter is contained in the CASTOR root certificate), and numerous other keys required for the execution of transactions and management functions in the system [Kreft: 0267]. Thus, Kreft suggest one or more functions of the industrial device based on the license included in the device information package (e.g. license info). However, Kreft did not clearly discuss “a license to enable one or more functions of the industrial device based on the security certificate for the industrial device”.
	Cutter discloses most current DRM solutions rely on unique identification of user devices where each license is typically bound to a unique playback device (or consumer electronics device), so the license stored in one device cannot be transferred or used by 
	Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine Cutter with Kreft to teach “a 
Claim 9:  As reject with the same motivation as in claim 1, Kreft: 0202 in view of Cutter: 0020, 0026 [request for license works in conjunction with a device certificate]; discussing the non-transitory computer-readable medium of claim 8 wherein operations further comprise receiving a request for the license from the industrial device, wherein the request for the license includes the security certificate.
Claim 10:  Kreft: 0032, 0195; discussing the non-transitory computer-readable medium of claim 9 wherein the operations further comprise validating the security certificate prior to generating the device information package comprising the license.
Claim 11:  Kreft: 0060, 0371; discussing the non-transitory computer-readable medium of claim 8 wherein the program instructions further comprise issuing a revocation of the license to the industrial device, wherein the industrial device is configured to revoke the license to disable the one or more functions of the industrial device based on the revocation.
Claim 12:  Kreft: 0063, 0371; discussing the non-transitory computer-readable medium of claim 11 wherein the industrial device is configured to generate a record that indicates the license was revoked and sign the record using the first private key associated with the industrial device.
non-transitory computer-readable medium of claim 8 wherein the second public key is securely stored in the hardware root of trust within the industrial device.
Claim 14:  Kreft: 0226; discussing the non-transitory computer-readable medium of claim 8 wherein the security certificate is signed by a third private key associated with the certificate authority.
As per claim 15:	Kreft teaches a system for licensing features of industrial devices employed in an industrial automation environment, the system comprising: 
a memory that stores executable components; and [Kreft: 0072]
a processor, operatively coupled to the memory, that executes the executable components, the executable components comprising program instructions stored on the memory that, when executed by the processor, direct the processor to at least: [Kreft: 0082]
provision a security certificate for an industrial device signed by a certificate authority [Kreft: 0064; a certificate which contains the data record signed by the issuing (certificate) authority], wherein the security certificate comprises a first public key associated with the industrial device [Kreft: 0064, 0202; various forms of a certificate and its related keys (pair)], and wherein a first private key paired with the first public key is securely stored in a hardware root of trust within the industrial device; [Kreft: 0169-0172; creating and recording a fingerprint of the un-tampered semiconductor module, securing this fingerprint by using a certificate signed by an Certification Authority, and storing the certified fingerprint in a semiconductor non-volatile memory. This certificate may be signed by the Root Certification Authority (RCA) or another Certification Authority that can be validated against the RCA's certificate containing the public key part of the RCA's public key-pair. Thus, the fingerprint keys (of private/public key pair) associates to the certificate of the hardware/device or “hardware root of trust within the industrial device” per se. More examples of hardware root trust, 0195, 0201] 
generate a device information package comprising a license [Kreft: 0245, e.g. license information] to enable one or more functions of the industrial device based on the security certificate for the industrial device, wherein the device information package is encrypted with the first public key associated with the industrial device [Kreft: 0200-0202, 0217] and the device information package is signed by the certificate authority using a second private key associated with the certificate authority; and [Kreft: 0226; the private key used to encrypt the fingerprint differs from the private key used for encrypting the random secret key. Further, the public keys corresponding to the private keys to encrypt the fingerprint and random secret key are assumed to be provided in form of a certificate originating from the Root Certification Authority. This means the public keys are signed by a Root Certification Authority using a private signing key (part) of a signing key-pair. Thus, the fingerprint’s private key (e.g. of the key pair of the hardware/device, discussed above) and random secret key’s private key (e.g. of the key pair of the license info or “device information package”) refers to the claimed first and second private keys, where these private keys (of private/public key pair) relates to the CA. More examples of different keys- 0267, 0344-0345] 
provide the device information package to the industrial device, wherein the industrial device is configured to validate the device information package using a second public key paired with the second private key associated with the certificate authority, decrypt the device information package with the first private key associated with the industrial device [Kreft: 0217; the public key part of a public key-pair used for encrypting the random secret key is assumed to be known to the bootstrapping hardware (in order of being able to decrypt, verify and execute). Para 0514; the protected application needs for example a cryptographic key to decrypt data or an embedded firmware. The required secret (i.e. the key) is not stored in any non-volatile digital memory or storage; it is part of the analog PUF information mechanism of the cocoon. Thus, the cryptographic key to decrypt data suggests private key (of a key pair) associated with hardware/device for decryption of the device information package. See also 0325], and enable the one or more functions of the industrial device based on the license included in the device information package. [Kreft: 0267, 0341-0345] 
	Kreft discusses key generation unit (PK/ID Generator & License Info) is a circuitry to generate keys, e.g. the session keys for a transaction, keys for the umbrella encryption, the CASTOR's public key-pair (SUDI and PUDI, the latter is contained in the CASTOR root certificate), and numerous other keys required for the execution of transactions and management functions in the system [Kreft: 0267]. Thus, Kreft suggest one or more functions of the industrial device based on the license included in the device information package (e.g. license info). However, Kreft did not clearly discuss “a license to enable one or more functions of the industrial device based on the security certificate for the industrial device”.
	Cutter discloses most current DRM solutions rely on unique identification of user devices where each license is typically bound to a unique playback device (or consumer electronics device), so the license stored in one device cannot be transferred or used by another device [Cutter: 0019]. Cutter discusses the individualization process where the certificate authority's individualization service generates a unique dynamic link library ("DLL") that is bound to the client computer using its hardware ID and a public/private 
	Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine Cutter with Kreft to teach “a license to enable one or more functions of the industrial device based on the security certificate for the industrial device” for the reason to solve manufacturing problems associated with generating unique and verifiable device certificates for each consumer 
Claim 16:  As reject with the same motivation as in claim 1, Kreft: 0202 in view of Cutter: 0020, 0026 [request for license works in conjunction with a device certificate]; discussing the system of claim 15 wherein the executable components comprising the program instructions further direct the processor to receive a request for the license from the industrial device, wherein the request for the license includes the security certificate.
Claim 17:  Kreft: 0032, 0195; discussing the system of claim 16 wherein the executable components comprising the program instructions further direct the processor to validate the security certificate prior to generating the device information package comprising the license.
Claim 18:  Kreft: 0060, 0371; discussing the system of claim 17 wherein the executable components comprising the program instructions further direct the processing system to issue a revocation of the license to the industrial device, wherein the industrial device is configured to revoke the license to disable the one or more functions of the industrial device based on the revocation.
Claim 19:  Kreft: 0063, 0371; discussing the system of claim 18 wherein the industrial device is configured to generate a record that indicates the license was revoked and sign the record using the first private key associated with the industrial device.
Claim 20:  Kreft: 0060; discussing the system of claim 15 wherein the second public key is securely stored in the hardware root of trust within the industrial device.


Response to Arguments
4.	Applicant’s arguments with respect to claim(s) 1-20 have been considered but are moot because the new ground of rejection does not rely on any reference applied in the prior rejection of record for any teaching or matter specifically challenged in the argument.

Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to LEYNNA TRUVAN whose telephone number is (571)272-3851. The examiner can normally be reached Monday-Friday 8:00AM-5:00PM, EST.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Joseph Hirl can be reached on 571-272-3685. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

LEYNNA TRUVAN
Examiner
Art Unit 2435



/L.TT/Examiner, Art Unit 2435             

/BAOTRAN N TO/Primary Examiner, Art Unit 2435