DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Status of Claims:
Claims 1-22 are pending in this Office Action.
Claims 21 and 22 are new.
Claims 21-22 are rejected.

Response to Arguments
Applicant’s arguments, see Remarks pages 8-10, filed 10/14/2021, with respect to the rejection(s) of claim(s) 1 under 35 USC § 103 have been fully considered and are persuasive.  Therefore, the rejection has been withdrawn. However, upon further consideration, a new ground(s) of rejection is made in view of Boyle et al. (U.S. Publication 2003/0070063) in view of Narasimhan et al. (U.S. Publication 2012/0179802).

In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains.  Patentability shall not be negated by the manner in which the invention was made.
The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459 (1966), that are applied for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.

Claims 1-2, 8-9, 15-16, and 21-22 are rejected under 35 U.S.C. 103 as being unpatentable over Boyle et al. (U.S. Publication 2003/0070063) [Applicant’s IDS] in view of Narasimhan et al. (U.S. Publication 2012/0179802).
As per claim 1, Boyle disclose a method of provisioning an on-premise device within an on-premise communications network, the method comprising:
connecting, via a network connection, an on-premise gateway system in the on-premise communications network with an off-premise device provisioning service system in an off-premise communications network (On-premise will be taught later. Boyle: paragraph 0025 and fig. 3A;  the provisioning server is a distributed server connectable to multiple cable modems or other customer provided equipment (CPE)….a central server to which the provisioning server connects…paragraph 0028; central server in one embodiment is a remote server (i.e. off-premise device));
communicating one or more device provisioning records between the off-premise device provisioning service system and an on-premise device provisioning service of the on-premise gateway system via the network connection (On-premise will be taught later. Boyle: paragraph 0025 and fig. 1; The provisioning server stores configuration files (i.e. records) created from configuration profile information that is stored on a central server to which the provisioning server connects);
disconnecting the network connection between the on-premise communications network and the off-premise communications network (On-premise will be taught later. Boyle: paragraph 0004; a central server storing configuration profiles and configuration information is not available, for example situations in which a power outage has occurred or a communication line has been cut…paragraph 0028 and fig. 2 – step 204; If the central server is not available…paragraph 0033; the directory server and the DHCP server are maintained at different locations and by different entities. The DHCP server relies on the directory server for configuration files, but stores known good files locally so that in the event of unavailability of the directory server, a request for configuration information from a cable modem or other CPE requiring configuration information is still granted…paragraph 0038; If the directory server is unavailable, no response is received, or information relating to the unavailability of the directory server is received. When no information or an unavailable signal is received from the directory server, the program retrieves a known good configuration file from local storage, either on a hard drive or other mass storage of the provisioning server);
responding to a discovery request received from the on-premise device via the on-premise communications network, while the network connection is disconnected (On-premise will be taught later. Boyle: paragraph 0032 and figs. 3B-3C; If the central server is not available, a refusal (370) or no message at all is received from the central server. At this point, if a cable modem profile is not received from the directory server 310, then a locally cached copy of the last known configuration file created from a cable modem profile received from the directory server 310 is retrieved from local storage…Once the last known configuration has been retrieved locally, the DHCP server 306 sends a DHCP offer (358) to the cable modem 302…paragraph 0038; If the directory server is unavailable, no response is received, or information relating to the unavailability of the directory server is received. When no information or an unavailable signal is received from the directory server, the program retrieves a known good configuration file from local storage, either on a hard drive or other mass storage of the provisioning server);
receiving, at the on-premise device provisioning service of the on-premise gateway system, a provisioning request from the on-premise device via the on-premise communications network, while the network connection is disconnected, responsive to the responding operation (On-premise will be taught later. Boyle: paragraph 0028 and figs. 2 and 3C; Method 200 comprises an access device contacting a local server connected to a central server for a configuration file in block 202, and determining in block 204 whether the central server is available…paragraph 0032; Once the DHCP offer has been received by the cable modem 302, the cable modem sends a DHCP request message (360) confirming receipt of the offer, requesting access given the IP address, subnet mask, DNS, and gateway interface address…paragraph 0038; If the directory server is unavailable, no response is received, or information relating to the unavailability of the directory server is received. When no information or an unavailable signal is received from the directory server, the program retrieves a known good configuration file from local storage, either on a hard drive or other mass storage of the provisioning server); and
provisioning, by the on-premise device provisioning service of the on-premise gateway system, the on-premise device based on the one or more provisioning records, while the network connection is disconnected, responsive to receiving the provisioning request (On-premise will be taught later. Boyle: paragraph 0028 and figs. 2 and 3C; If the central server is not available, a known configuration file is retrieved from a secondary location in block 208…paragraph 0032; Once the request is made and acknowledged, the cable modem 302 obtains the locally retrieved configuration file (372) having the transmitted locally retrieved configuration file…paragraph 0038; If the directory server is unavailable, no response is received, or information relating to the unavailability of the directory server is received. When no information or an unavailable signal is received from the directory server, the program retrieves a known good configuration file from local storage, either on a hard drive or other mass storage of the provisioning server).
However Boyle does not explicitly mention on-premise.
However Narasimhan teaches:
on-premise (Narasimhan: paragraph 0041 and fig. 1A;  teaches that user devices 126 and corporate resources and servers 122 are customer premises 120 (i.e. on-premise) and external network 130 (i.e. off-premise)).
Therefore it would have been obvious for one of ordinary skill in the art before the effective filing date of the claimed invention to utilize the teachings as in Narasimhan with Narasimhan: paragraph 0009).
As per claim 2, the modified Boyle teaches the method of claim 1, wherein the operations of responding to the discovery request, receiving the provisioning request, and provisioning the on-premise device occur before the communicating operation and the disconnecting operation (Boyle: paragraph 0032 and fig. 3C; If the central server is not available, a refusal (370) or no message at all is received from the central server… the cable modem sends a DHCP request message (360) confirming receipt of the offer, requesting access given the IP address, subnet mask, DNS, and gateway interface address. If this message sent to the DHCP server 306 from the cable modem 302 contains the proper information, that is the information transmitted in the DHCP offer, the DHCP server 306 acknowledges the request (362). Once the request is made and acknowledged, the cable modem 302 obtains the locally retrieved configuration file (372) having the transmitted locally retrieved configuration file).
Regarding claims 8-9, they are substantially similar to claims 1-2, respectively, and are rejected in the same manner, the same arts and reasoning applying. 
Regarding claims 15-16, they are substantially similar to claims 1-2, respectively, and are rejected in the same manner, the same arts and reasoning applying.
As per claim 21, the modified Boyle teaches the method of claim 1, wherein the operation of provisioning provisions the on-premise device for user with on-premise resources while the network connection is disconnected (Boyle: paragraphs 0030-0032; server configures device for network communication… If the central server is not available, a refusal (370) or no message at all is received from the central server. At this point, if a cable modem profile is not received from the directory server 310, then a locally cached copy of the last known configuration file created from a cable modem profile received from the directory server 310 is retrieved from local storage. When the central server (remote server) is not available (disconnected) to provide the configuration file (resource), the configuration file is retrieved from local storage (on-premise)). 
	As per claim 22, the modified Boyle teaches the method of claim 1,further comprising: provisioning, by the off-premise provisioning service, the on-premise device to access off-premise resources while the network connection is connected (Boyle: paragraph 0007; retrieving a new configuration profile for the access device if the central server is available…paragraph 0030; a process of creating a configuration file for an access device in which a central server is available. When a user wishes to access the communications network to which it is connected, it sends a request (350) to a dynamic host configuration protocol (DHCP) server 306 for configuration information. The request is received at a cable modem termination system (CMTS) 308. The CTMS inserts a gateway interface address and forwards the request 3(52) to the DHCP server 306. The DHCP receives the request, and attempts to retrieve a cable modem profile (354) for creating a configuration file from a directory server 310. If the directory server is available, a cable modem profile is retrieved (356) from the directory server 310.  The configuration file (resource) is retrieved from the central server (remote server) when the central server is available (connected), otherwise the configuration file is retrieved from a local storage).

Claims 3-7, 10-14, and 17-20 are rejected under 35 U.S.C. 103 as being unpatentable over Boyle et al. (U.S. Publication 2003/0070063) [Applicant’s IDS], in view of Narasimhan et al. (U.S. Publication 2012/0179802), and further in view of Worsley (U.S. Patent No. 9,064,117) [Applicant’s IDS].
 As per claim 3, the modified Boyle teaches the method of claim 1.
However the modified Boyle does not explicitly mention wherein the operations of responding to the discovery request, receiving the provisioning request, and provisioning the on-premise device occur after the communicating operation and the disconnecting operation.
However Worsley teaches:
wherein the operations of responding to the discovery request, receiving the provisioning request, and provisioning the on-premise device occur after the communicating operation and the disconnecting operation (Worsley: col. 11, lines 5-7; The communicating 304 may, alternatively or additionally, be performed before, during, and/or after the connection of the provisioning device 102 to the target computer 106).
Therefore it would have been obvious for one of ordinary skill in the art before the effective filing date of the claimed invention to utilize the teachings as in Worsley with the teachings as in Boyle. The motivation for doing so would have been in order to provision Worsley: col. 1, lines 22-24).
As per claim 4, the modified Boyle teaches the method of claim 1.
However the modified Boyle does not explicitly mention authenticating the on-premise device using the one or more device provisioning records via the on-premise communications network.
However Worsley teaches:
authenticating the on-premise device using the one or more device provisioning
records via the on-premise communications network (Worsley: col. 4, lines 45-48; target computers attempting to provision themselves from the provisioning service/authority 104 may need to authenticate with the provisioning service/authority 104 prior to provisioning).
Therefore it would have been obvious for one of ordinary skill in the art before the effective filing date of the claimed invention to utilize the teachings as in Worsley with the teachings as in Boyle. The motivation for doing so would have been in order to provision computers in network environments that are not yet secure, or that have limited operational capabilities (Worsley: col. 1, lines 22-24).
As per claim 5, the modified Boyle teaches the method of claim 1.
However the modified Boyle does not explicitly mention registering a cryptographic identity of the on-premise device to access one or more in-gateway solutions.
However Worsley teaches:
registering a cryptographic identity of the on-premise device to access one or more in-gateway solutions (Worsley: col. 7, lines 25-30; the authorization logic may provide an identification of the target computer 106 to the provisioning service/authority 104, and may receive in return an authorization to provision the target computer 106 as well as a designation of a particular boot image 134 that should be provided to the target computer 106…col. 7, lines 42-47; the provisioning device 102 may notify the provisioning service/authority 104 that certain credentials have been issued to a target computer 106, and may also provide an identification of the target computer 106 such as a MAC (media access control) address of the target computer 106…col. 10, lines 9-12; Security measures, including authentication and encryption procedures, may be used to ensure that only authorized devices are able to access the provisioning service/authority 104…col. 11, lines 38-42; An action 308 comprises identifying the connected target computer 106. For example, the target computer 106 may be configured to boot from the connected provisioning device 102, and during this process may report its MAC address or some other identifier to the provisioning device).
Therefore it would have been obvious for one of ordinary skill in the art before the effective filing date of the claimed invention to utilize the teachings as in Worsley with the teachings as in the modified Boyle. The motivation for doing so would have been in order to provision computers in network environments that are not yet secure, or that have limited operational capabilities (Worsley: col. 1, lines 22-24).
As per claim 6, the modified Boyle teaches the method of claim 1.
However the modified Boyle does not explicitly mention registering a cryptographic identity of the on-premise device to access one or more on-premise solutions external to the on-premise gateway system, wherein the one or more on-premise solutions are 
However Worsley teaches:
registering a cryptographic identity of the on-premise device to access one or more on-premise solutions external to the on-premise gateway system, wherein the one or more on-premise solutions are communicatively coupled to the on-premise gateway system by the on-premise communications network (Worsley: col. 7, lines 25-30; the authorization logic may provide an identification of the target computer 106 to the provisioning service/authority 104, and may receive in return an authorization to provision the target computer 106 as well as a designation of a particular boot image 134 that should be provided to the target computer 106…col. 7, lines 42-47; the provisioning device 102 may notify the provisioning service/authority 104 that certain credentials have been issued to a target computer 106, and may also provide an identification of the target computer 106 such as a MAC (media access control) address of the target computer 106…col. 10, lines 9-12; Security measures, including authentication and encryption procedures, may be used to ensure that only authorized devices are able to access the provisioning service/authority 104…col. 11, lines 38-42; An action 308 comprises identifying the connected target computer 106. For example, the target computer 106 may be configured to boot from the connected provisioning device 102, and during this process may report its MAC address or some other identifier to the provisioning device).
Therefore it would have been obvious for one of ordinary skill in the art before the effective filing date of the claimed invention to utilize the teachings as in Worsley with the Worsley: col. 1, lines 22-24).
As per claim 7, the modified Boyle teaches the method of claim 1.
However the modified Boyle does not explicitly wherein the off-premise device provisioning service system registers a cryptographic identity of the on-premise device to access one or more off-premise solutions, after the communicating operation.
However Worsley teaches:
wherein the off-premise device provisioning service system registers a cryptographic identity of the on-premise device to access one or more off-premise solutions, after the communicating operation (Worsley: col. 7, lines 25-30; the authorization logic may provide an identification of the target computer 106 to the provisioning service/authority 104, and may receive in return an authorization to provision the target computer 106 as well as a designation of a particular boot image 134 that should be provided to the target computer 106…col. 7, lines 42-47; the provisioning device 102 may notify the provisioning service/authority 104 that certain credentials have been issued to a target computer 106, and may also provide an identification of the target computer 106 such as a MAC (media access control) address of the target computer 106…col. 10, lines 9-12; Security measures, including authentication and encryption procedures, may be used to ensure that only authorized devices are able to access the provisioning service/authority 104…col. 11, lines 38-42; An action 308 comprises identifying the connected target computer 106. For example, the target computer 106 may be configured to boot from the connected provisioning device 102, and during this process may report its MAC address or some other identifier to the provisioning device).
Therefore it would have been obvious for one of ordinary skill in the art before the effective filing date of the claimed invention to utilize the teachings as in Worsley with the teachings as in the modified Boyle. The motivation for doing so would have been in order to provision computers in network environments that are not yet secure, or that have limited operational capabilities (Worsley: col. 1, lines 22-24).
Regarding claims 10-14, they are substantially similar to claims 3-7, respectively, and are rejected in the same manner, the same arts and reasoning applying.
Regarding claims 17-20, they are substantially similar to claims 3 and 5-7, respectively, and are rejected in the same manner, the same arts and reasoning applying.

REMARKS
	Applicant submitted arguments to overturn the rejection on 10/14/2021. The examiner maintains the rejections, see remarks below. 
The applicant Argues:
Argument 1:  Applicant argues that the Boyle reference fails to teach any of a device provisioning service, gateway system, and a communication network that is “on-premise” with a device as recited in claim 1. Remarks – page 9.
In response, the examiner respectfully submits: The examiner agrees and withdraws the previous rejection and issues this new ground of rejection as a non-final rejection.  Examiner has incorporated the Narasimhan reference to teach the structure of the claim. See 103 Rejection above.
Argument 2:  Applicant argues that the Boyle reference fails to teach “disconnecting the network connection between the on-premise communications network and the off-premise communication network” as recited in claim 1. Remarks – page 9.
In response, the examiner respectfully submits: The examiner agrees and withdraws the previous rejection and issues this new ground of rejection as a non-final rejection. The examiner agrees that Boyle cannot anticipate the disconnecting limitation, however examiner has incorporated the Narasimhan reference to teach the structure of the claim. At least figure 1A of the Narasimhan reference, shown that the user device 126, corporate resources and server 122 are located on the Customer Premises 120 (i.e. on-premise) and the other components as Device management and actions 138, Policy Management 137, consolidated user view 136, Behavior, security and compliance monitoring dashboard 134 are located on the External network 130 (i.e. off-premise). Further, the Boyle reference teaches in paragraphs 0004, 0028, 0033, and 0038 that the central server (i.e. remote server – “off-premise”) is not available, for example situations in which a power outage has occurred or a communication line has been cut or unavailable signal is received, then the configuration file is retrieved from local storage of the provisioning server. This clearly indicates that the central server has been disconnected from the network. Thus, the combination of Boyle in view of Narasimhan teaches the disconnecting limitation.  


Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to KARINA J. GARCIA-CHING whose telephone number is (571)270-7159.  The examiner can normally be reached on Monday - Wednesday (9:00 AM - 5:00 PM).
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Vivek Srivastava can be reached on (571) 272-7304.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/KARINA J GARCIA-CHING/Examiner, Art Unit 2449                                                                                                                                                                                                                                                                                                                                                                                      
/VIVEK SRIVASTAVA/Supervisory Patent Examiner, Art Unit 2449