DETAILED ACTION

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . 
Claims 1, 14, 18, 26 were amended, claims 1-29 are pending.
Priority
Acknowledgment is made of applicant’s claim for foreign priority under 35 U.S.C. 119 (a)-(d). The certified copy has been filed in parent Application No.GB 1810472.9, filed on August 07, 2018.
Response to Arguments
Applicant’s arguments with respect to claim(s) have been considered but are moot because the new ground of rejection does not rely on any reference applied in the prior rejection of record for any teaching or matter specifically challenged in the argument.

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1, 4-14, 17-20, 22-29, are rejected under 35 U.S.C. 103 as being unpatentable over OCAK et al(US 20190007836 A1, considering PCT filing date) in view of BONE(US 20160234183 A1).

With regards to claim 1, OCAK discloses, A method for maintaining registration of a client device with a Lightweight Machine-to-Machine (LwM2M) server, the method performed by the client device comprising: 
establishing a secure communication session with the LwM2M server comprising performing a Transport Layer Security (TLS) or Datagram Transport Layer security (DTLS) handshake with the LwM2M server (FIG 1; FIG 5 step 21 and associated text; [0011] The objective is according to an aspect achieved by a client device for setting up a connection with a server device, wherein the client and the server device support a Light Weight Machine to Machine, LWM2M protocol.); 
receiving a registration confirmation message from the LwM2M server confirming that the client device has been added to a client registration directory, ([0057] [0060] Once the LWM2M server 6a, 6b verifies the ticket, it sends Finished response to the LWM2M client 5a, 5b. Thus, secure DTLS connection is established between the LWM2M client 5a, 5b and the LWM2M server 6a, 6b with minimum number of handshake messages. [0033] The DTLS connection setup starts with a DTLS handshake procedure, involving exchange of handshaking messages. When the DTLS connection is established, the bootstrap server rewrites the security object of the LWM2M client with information of the corresponding LWM2M server. Next, the LWM2M client establishes a DTLS connection with the LWM2M server by exchanging DTLS handshake messages with the LWM2M server….However, the percentage of the DTLS handshakes is high in LWM2M client's network use, both for number of messages and payload size, when the LWM2M client sends/receives a small number of messages after registering to the LWM2M server or if the LWM2M client needs to be bootstrapped frequently.[0004]);

OCAK does not exclusively but BONE discloses  the registration having a defined lifetime ([0344] In addition, or as an alternative, to setting the Endpoint Client Name in this way, the DM client 116 (or more generally the UE 110) may set the value of another parameter of the Register operation—the “Lifetime”. The Lifetime parameter sets a time period for which the registration of the DM client 116 (or more generally the UE 110) should remain valid.), 
initiating, before expiry of the defined lifetime, a further TLS or DTLS handshake with the LwM2M server (056] This means that the M2M device may identify that the lifetime of the security information has expired, or is close to expiry, before the existing secure interface expires. It may then attempt a new bootstrapping run before the registered secure interface expires, thereby making it possible to obtain new bootstrapped data and set up a new secure interface, or refresh the existing secure interface, before the existing secure interface expires.), 
where the further TLS or DTLS handshake including client data is used to identify the client device so as to maintain the registration of the client device within the client registration directory ([0284] If the keys and associated counter values are not stored in the above recommended way, they SHALL be treated as session keys with a lifetime no greater than the duration of the Registration Lifetime. The LWM2M Client 

With regards to claim 4, 24 OCAK further discloses, where said establishing a secure communication session with the LwM2M server comprises using a key exchange and handshake process that uses Constrained Application Protocol (CoAP) messages (FIG 1 and associated text; [0032] The DTLS is a protocol which provides communications privacy for datagram protocols. DTLS is based on TLS (Transport Layer Security) and offers equivalent security measures. Since DTLS is designed for datagram protocols, it is the most used security protocol for CoAP and LWM2M messages. DTLS secure session between the client and the server is established through a handshake process. There are multiple ways for authenticating the nodes in the DTLS handshake, the most common methods being pre-shared key (PSK), x.509 certificates, and Raw Public Key (RPK).).

With regards to claim 5, OCAK further discloses, where said establishing a secure communication session with the LwM2M server includes providing a client device certificate to the LwM2M server ([0032] DTLS secure session between the client and the server is established through a handshake process. There are multiple ways for x.509 certificates, and Raw Public Key (RPK) ) and optionally also comprises providing a hash of the client device certificate to the LwM2M server.

With regards to claim 8, 20 OCAK further discloses, where the client data comprises a client device identifier ([0085] setting up 33 one of a DTLS and a TLS connection to the server device 6a, 6b using an identity of the client device 5a, 5b,) and information about the client device is contained within a handshake message or an identifier extracted from a certificate or a client hello message ([0032]; DTLS secure session between the client and the server is established through a handshake process. There are multiple ways for authenticating the nodes in the DTLS handshake, the most common methods being pre-shared key (PSK), x.509 certificates, and Raw Public Key (RPK).  ).

With regards to claim 9, OCAK further discloses, where the client data comprises any of a Pre-Shared Key, a Session ID or a Session Ticket ([0032]; DTLS secure session between the client and the server is established through a handshake process. There are multiple ways for authenticating the nodes in the DTLS handshake, the most common methods being pre-shared key (PSK), x.509 certificates, and Raw Public Key (RPK).   ).

With regards to claim 10, OCAK further discloses, where said performing the further TLS or DTLS handshake includes sending a certificate message comprising a client certificate and using the client certificate for identifying which client registration to maintain ([0032]; DTLS secure session between the client and the server  x.509 certificates, and Raw Public Key (RPK).).

With regards to claim 11, OCAK further discloses, where said performing the further TLS or DTLS handshake includes sending a pre-shared key in a client hello message, the pre- shared key being used for identifying which client device registration to maintain ([0012]; setting up one of a DTLS and TLS connection to the server device using an identity of the client device; [0032]; DTLS secure session between the client and the server is established through a handshake process. There are multiple ways for authenticating the nodes in the DTLS handshake, the most common methods being pre-shared key (PSK), x.509 certificates, and Raw Public Key (RPK).).

With regards to claim 12, 22 OCAK further discloses, where said performing the further TLS or DTLS handshake includes using information in a client hello message comprising a client identifier in a certificate for locating a client device entry within the client registration directory ([0012]; setting up one of a DTLS and TLS connection to the server device using an identity of the client device; [0032]; DTLS secure session between the client and the server is established through a handshake process. There are multiple ways for authenticating the nodes in the DTLS handshake, the most common methods being pre-shared key (PSK), x.509 certificates, and Raw Public Key (RPK)).

further comprising using a session resumption with a Session ID or a Session Ticket sent in a client hello message, where the Session ID or Session Ticket is used to identify which client device registration to maintain ([0015]; The bootstrap server is configured to: set up one of a Datagram Transport Layer Security, DTLS, connection and a Transport Layer Security, TLS with the client device; perform a bootstrapping procedure with the client device; set up one of a DTLS and TLS connection to the server device using an identity of the client device; indicate, to the server device desire to use one of a DTLS and a TLS session resumption, and receiving a session ticket in response; and send, to the client device the session ticket and a session key, enabling the client device to set up the connection to the server device as one of a DTLS and a TLS session resumption.  [0032] ).

Claims 14, 26 are client and server device claims substantially similar limitations  corresponding the method performed in claim 1, also rejected accordingly.

Claim 18 is the method performed by server substantially similar to method claim 1, also rejected accordingly.

Claims 17, 29 are product claims corresponding to method claims 1, 18 also rejected accordingly.

With regards to claim 19, OCAK in view of BONE further teaches, creating an entry in the client registration directory including storing, in the client registration directory, at least one of: a client device identifier, a security credential associated with the client device, a hash of the security credential, and a cryptographic hash function used to generate the hash (BONE[0027] HLR/HSS 140, the "Home Location Register" or "Home Subscriber System", is the existing 3GPP system which stores subscription details and credentials (the K and IMSI)  ).

With regards to claim 25, OCAK in view of BONE do not but well known in the art deleting the entry in the client registration directory if the further TLS or DTLS message is not received before expiry of the defined lifetime (Zou [0030] According to an example embodiment, the controller of the access terminal deletes pre-registration session information if a corresponding timer expires. ; Claims 12).77

With regards to claim 27-28, OCAK in view of BONE further discloses, the client registration directory; where the communication circuitry is communicatively coupled to an external client registration directory and sends instructions to the client registration directory to create an entry for the client device  (BONE [0352] Furthermore, the BSF 130 is also configured to communicate with the HLR/HSS 140 via Zh 180 so that it may utilise the mobile network data contained in the HLR/HSS 140 as part of the GBA process. The interface and communication methods between the BSF 130 and the HLR/HSS 140 via Zh 180 may be of any suitable type. The HLR/HSS 140 may be any server side element that stores subscription details and credentials for each UICC issued by an operator. [0029] HLR/HSS 140, the "Home Location Register" or .

Claims 2-3, 15-16 are rejected under 35 U.S.C. 103 as being unpatentable over OCAK et al(US 20190007836 A1) in view of BONE(US 20160234183 A1) and further in view of Nguyen(US 20150009813 A1).

With regards to claim 2, 15 OCAK in view of BONE do not but Nguyen teaches, further comprising: entering a sleep mode after receiving the registration confirmation message ([0155] After a successful registration process in 340 and 350, the MTC device 30 of specific access class changes its status to MTC device 40, as shown in FIG. 1. If the MTC device has no data for transmission as well as reception after the registration process 350, it shall enter the sleep mode to conserve its power as per function 360 of FIG. 5.). It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention was made to modify OCAK in view of BONE’s method with teaching of Nguyen in order to conserve its power (Nguyen [0155])

With regards to claim 3, 16 OCAK in view of BONE teaches, further comprising: entering an awake mode prior to expiry of the defined lifetime (BONE [0318]; However, the LWM2M Server SHOULD send such SMS prior to the expiry of the current Registration, if the LWM2M Client is awake;); and re-establishing a secure communication session with the LwM2M server when sending the further TLS or DTLS handshake ( BONE [0319] As for Section 7.1 (UDP Security), where a session persists across sleep cycles, .

Claims 6, 7, 23 are rejected under 35 U.S.C. 103 as being unpatentable over OCAK et al(US 20190007836 A1) in view of BONE(US 20160234183 A1) and further in view of Simon(US 6871276 B1).

With regards to claim 6, 7, 23 OCAK in view of BONE do not but Simon teaches,  where the hash of the client device certificate is generated by applying a cryptographic hash function to the client device certificate; where the cryptographic hash function is any one of: an MD5 hash function; a Secure Hash Algorithm (SHA) hash function; a SHA-2 hash function; a SHA-3 hash function; or a SHA-256 hash function (SIMON Col 9 line 34-60; One-way hash functions can be used with the invention in different manners. According to one implementation, client device 102 uses a hash function to generate a hash value for the certificate, blinds the hash value,   ). It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention was made to modify OCAK in view of BONE’s method with teaching of Simon in order to secure transaction (Simon col 1 line 10-30)

Claim 21 is rejected under 35 U.S.C. 103 as being unpatentable over OCAK et al(US 20190007836 A1) in view of BONE(US 20160234183 A1) and further in view of Westerlund et al(US 20180205720 A1).

With regards to claim 21 OCAK in view of BONE further discloses, where the further TLS or DTLS handshake message comprises a first hash of a security credential (([0032]; DTLS secure session between the client and the server is established through a handshake process. There are multiple ways for authenticating the nodes in the DTLS handshake, the most common methods being pre-shared key (PSK), x.509 certificates, and Raw Public Key (RPK).), and the method further comprises ([0160] In a verify step 150, an identity of the second peer is verified, in a handshake process with the second peer, by comparing with the second fingerprint, wherein the handshake is only successful when the verification is successful.):
OCAK in view of BONE do not but Westerlund teaches,
 retrieving the security credential and a cryptographic hash function from the client registration directory of the LwM2M server ([0099] 11. The JS code processes the configuration and creates an RTCPeerConnection (if not already done) and the adds the remote configuration information from UA1 102a to the peer connection. Then it retrieves the local configuration information that needs to be provided to UA1 102a to enable it to complete the RTCPeerConnection establishment. This information is then sent back to the F&C server (part of the combined server 101). This will start attempt of UA2 102b to establish an RTCPeerConnection with UA1 102a. [0100] 12. The creation of the 
applying the cryptographic hash function to the security credential to generate a second hash of the security credential ([0034] Each fingerprint may comprise a hash value of a certificate.); 
comparing the second hash with the first hash; and identifying, if the second hash matches the first hash, of the client device within the client registration directory ([0031] The method may further comprise the steps of: receiving a second fingerprint of a certificate of the second peer; and verifying, in a handshake process with the second peer, an identity of the second peer by comparing with the second fingerprint, wherein the handshake is only successful when the verification is successful. ). It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention was made to modify OCAK in view BONE’s method with teaching of Westerlund in order for enabling setting up a secure peer-to-peer connection (Westerlund [0001])

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. US 20190238536 A1.

Any inquiry concerning this communication or earlier communications from the examiner should be directed to MOHAMMED WALIULLAH whose telephone number is (571)270-7987.  The examiner can normally be reached on 8.30 to 430 PM.

If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Yin-Chen Shaw can be reached on 1-571-272-8878.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.






/MOHAMMED WALIULLAH/Primary Examiner, Art Unit 2498