DETAILED ACTION
  	This Office Action is in response to the amendment filed on 11/29/2021 in which Claims 1-18 are presented for examination on the merits. Claims 1-18, now re-numbered as claims 1-13 are pending.
Notice of Pre-AIA  or AIA  Status
 	The present application is being examined under the first inventor to file provisions of the AIA . 
EXAMINER’S AMENDMENT
1.	An examiner’s amendment to the record appears below. Should the changes and/or additions be unacceptable to applicant, an amendment may be filed as provided by 37 CFR 1.312. To ensure consideration of such an amendment, it MUST be submitted no later than the payment of the issue fee.
     	Authorization for this examiner's amendment was given in a telephone interview with applicant’s representative Brigid Laffey on January 21, 2022. The examiner-initiated interview summary (PTO 413B) is attached herein.

	Response to Arguments
2.	In view of the claim amendments filed on 11/29/2021 and the Examiner’s amendments presented below, applicant’s arguments in pages 5-7 of the REMARKS with respect to the rejection under 35 U.S.C § 103(a) have been fully considered. Especially the following arguments in the remarks are persuasive “…advantageously, the method of claim 1 can selectively authorize the computing device to perform the requested action using relatively small processing requirements that are suitable for embedded device computation in an industrial setting without the use of relatively large 
	In view of the aforesaid amendments and upon further search/consideration, the rejections to the respective claims under 35 U.S.C. 103(a) mailed on 09/16/2021 are hereby withdrawn. 
Amendment to the Claims
3.	CLAIMS:
	Please amend the claims below as follows:
1.  (Currently Amended)  A method comprising:
	receiving, at a computing device, a token, wherein the token comprises a cryptographically signed list of rights or actions that the computing device is authorized to perform; a
	requesting, using the computing device, an action of a receiving device in an industrial location, wherein requesting the action involves sending the token as part of a request from the computing device, wherein a signature included in the token is checked against a cryptographic key to ensure the signature and list of the token are valid and selectively authorize the computing device to perform the action;   wherein the computing device initiates connections to a trusted external network, and wherein trusted locations are listed in the computing device and also in an enterprise firewall in a remote network to which a plurality of computing devices are connected; and 
	determining, using at least the receiving device, whether the computing device is associated with an authorized user of locally connected networks at the industrial location.  




7.  (Canceled)  

8.  (Currently Amended)  The method of claim 1 

13.  (Currently Amended)  A system configured to provide security at an edge, wherein the system comprises:
	a computing device configured to support authentication and role-based authorization for users, applications, and receiving devices; wherein the role-based authorization comprises accessing user mapping and matching an assigned role for an identified user to be authorized via the computing device; 
wherein the authentication processes comprise at least one of a connected scenario, a disconnected scenario, and a WI-FI-based access; 
wherein the computing device is also configured to determine environment parameters at the edge and use the environment parameters to dynamically adapt authentication processes for the users; and 
wherein the computing device is an edge gateway and comprises a containerized structure that includes native security measures, third-party managed security services, and monitoring solutions installed thereon.

14.  (Canceled)  

15.  (Canceled)  

16.  (Canceled)  

17.  (Currently Amended)  The system of claim 13 
Allowable Subject Matter
4.	  Claims 1-3, 5-6, 8-13, and 17-18 are allowed over prior art of record.
Reasons for Allowance
5. 	The following is an examiner’s statement of reasons for allowance:
  	Independent claims 1 and 13 are allowed and the corresponding dependent claims depend upon one of the above-mentioned allowed claims and are therefore allowed by virtue of their dependencies.
	Heldt-Sheller et al. (US 20210176638 A1, prior art on the record) discloses methods and configurations for device connection and operation in an IoT device interconnection setting through the use of a public authorization service. In the techniques, separate authorizations (including through use of a 3-way authorization protocol involving an authentication service such as OAuth2) is used to coordinate device onboarding among several Fog users (e.g., devices in a common network topology) with principles of least privilege. For instance, onboarding tasks used to onboard a particular IoT device may involve a separation-of-duties between different onboarding step(s) and privileges to perform such steps; such separation-of-duties may also apply to different onboarding step(s) tasked among different devices with different (Heldt-Sheller, Paragraph 0015).
 Further, Heldt-Sheller  discloses that respective onboarding steps are assigned for performance by different Fog `owners` (e.g., different users). Each owner relies on an OAuth2 (RFC 6749) user interaction to be notified of and to give approval for the specific onboarding step(s) assigned. This results in multiple clients, having a plurality of privileges, being tasked to perform their respective commissioning approvals regardless 
Li et al. (US 20190014117 A1, cited in PTO-892) discloses various systems and methods of scalable and secure resource isolation and sharing for Internet of Things (IoT) networks, are described. Techniques for requesting inter-domain resource access and enabling resource sharing with use of an inter domain token are also described. In an example, communications in an IoT network to establish connectivity between a first device in a first domain and a second device in a second domain may include: receiving, from the first device at a collaboration cloud service, a request to access a resource of the second device; requesting and receiving, from an authorization provider, an inter-domain authorization token; and requesting, from the second device, access to the resource using the inter-domain authorization token; communications from the first device to access the second device are then performed between the first device and the second device based on a session key obtained with the inter-domain authorization token (Li, abstract).
 	Smith et al. (US 20190349426 A1, cited in PTO-892) discloses that internet can be configured to provide communications to a large number of Internet-of-Things (IoT) devices. Devices can be designed to address the need for network layers, from central servers, through gateways, down to edge devices, to grow unhindered, to discover and make accessible connected resources, and to support the ability to hide and compartmentalize connected resources. Network protocols can be part of the fabric 
  	Although, the cited references above are from same or similar fields of endeavor however, the Applicant’s invention is directed towards methods for securing internet of thing systems. One method includes receiving, at a computing device, a token, wherein the token comprises a cryptographically signed list of rights that the computing device is authorized to request. 
 	The subject matters of the independent claims 1 and 13 are not taught or fairly suggested by the prior art of record, specifically the limitations in claim 1 that recite: “..  wherein a signature included in the token is checked against a cryptographic key to ensure the signature and list of the token are valid and selectively authorize the computing device to perform the action;   wherein the computing device initiates connections to a trusted external network, and wherein trusted locations are listed in the computing device and also in an enterprise firewall in a remote network to which a plurality of computing devices are connected; and determining, using at least the receiving device, whether the computing device is associated with an authorized user of locally connected networks at the industrial location..” in combination with the rest of the limitations recited in the independent claim 1.

 	The claimed subject matters are novel and non-obvious in scope over the prior art of record as the prior-art references fail to teach each and every features of the independent claim(s) including the limitations set forth above.
 	In view of the foregoing, the scope of claimed subject matters renders the invention patentably distinct as none of the prior art of record, either taken by itself or in any combination, would have anticipated or made obvious the invention of the present application at or before the time it was filed.
 	Specifically, the substances of applicant’s arguments in pages 5-7 of the REMARKS filed on 11/29/2021 in view of the claim amendments has been fully considered and are persuasive. Therefore, all of the previous rejections have been removed and the current claims are in condition for allowance.
 	Furthermore, the Examiner performed updated search which does not yield other specific references that reasonably, either alone or in combination, would result a proper rejection of all the claimed features presented in each of the independent claims 1 and 13 under 35 U.S.C 102 or 35 U.S.C.103 with proper motivation. 
 	Any comments considered necessary by applicant must be submitted no later than the payment of the issue fee and, to avoid processing delays, should preferably accompany the issue fee. Such submissions should be clearly labeled "Comments on Statement of Reasons for Allowance."



Conclusion	
6.	Any inquiry concerning this communication or earlier communications from the examiner should be directed to MAHFUZUR RAHMAN whose telephone number is (571)270-7638.  The examiner can normally be reached on Monday thru Friday.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.  
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Yin-Chen Shaw can be reached on 571-272-8878.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/MAHFUZUR RAHMAN/Primary Examiner, Art Unit 2498