DETAILED ACTION
This final office action is in response to applicant’s claim amendments/arguments filed January 18, 2022. Claims 1-20 are pending.
Response to Arguments
While applicant has changed the scope of the claims by way of amendments, the examiner continues to rely on prior arts on the record and so will address applicant’s arguments below for clarifying the teaching of prior art.
	Applicant argued, “Amended independent claim 1 recites a method that is performed by an Internet-of-Things (IoT) device. For example, amended independent claim 1 recites "transmitting, from the IoT device, an initialization token to the gateway" and "receiving, at the IoT device, a response token including an encrypted message in response to transmitting the initialization token." In rejecting claim 1, the Office cited Freeman and Yamamoto. However, neither Freeman or Yamamoto mentions IoT devices. Further, Rodriguez does not cure at least the deficiencies above.”
	Examiner carefully reviewed the applicant’s arguments and respectfully disagrees. Applicant didn’t argue about inventive concept taught by the prior arts, rather argued that the inventive concept is not performed by an Internet-of-Things (IoT) device. Any ordinary skill in the art would be able to use a well-known smart device (i.e. IoT device) to perform the claimed invention that was taught by the prior arts. Prior art Freeman taught “a method for confidential electronic communication between a sender workstation and a receiver workstation whereby privacy is guaranteed for the electronic communications transmitted over the internet.” Para. 0021. Pretty much any physical object can be transformed into an IoT device if it can be connected to the internet to be controlled or communicate information as applicant defined IoT device as hand-held devices, multiprocessor systems, microprocessor-based or programmable consumer electronics, minicomputers, mainframe computers, and the like.” Para. 0031. Here, programmable consumer electronics are clearly IoT devices. The Internet of Things includes home appliances, door locks, doorbells, thermostats, lighting, sleep monitors, security cameras, fitness bands, as well as sensors for traffic monitoring etc. which are microprocessor-based or programmable consumer electronics.
Applicant presents no further arguments. 
For the above reasons, it is believed that the rejections should be sustained. 
Accordingly, THIS ACTION IS MADE FINAL. See MPEP 706.07(a). Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

The factual inquiries for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or non-obviousness.
This application currently names joint inventors. In considering patentability of the claims the examiner presumes that the subject matter of the various claims was commonly owned as of the effective filing date of the claimed invention(s) absent any evidence to the contrary.  Applicant is advised of the obligation under 37 CFR 1.56 to point out the inventor and effective filing dates of each claim that was not commonly owned as of the effective filing date of the later invention in order for the examiner to consider the applicability of 35 U.S.C. 102(b)(2)(C) for any potential 35 U.S.C. 102(a)(2) prior art against the later invention.
Claims 1, 5-6, 8, 12-13, 15, and 19 are rejected under 35 U.S.C. 103 as being unpatentable over US 2009/0006851 A1 to Freeman et al. hereinafter “Freeman” in view of US 2003/0110374 A1 to Yamamoto et al. hereinafter “Yamamoto”
Regarding claim 1, Freeman disclosed a method of establishing a secured connection between an Internet of Things (IoT) device and a gateway (“a method for confidential electronic communication between a sender workstation and a receiver workstation whereby privacy is guaranteed for the electronic communications transmitted over the internet.” Para. 0021. Pretty much any physical object can be transformed into an IoT device if it can be connected to the internet to be controlled or communicate information as applicant defined IoT device as “Internet of Things (IoT) may refer to a system of inter-connected electronic devices” in the disclosure. “embodiments of the invention may be practiced with other computer system configurations, including hand-held devices, multiprocessor systems, microprocessor-based or programmable consumer electronics, minicomputers, mainframe computers, and the like.”  Para 0031. Here, programmable consumer electronics are IoT devices. The Internet of Things includes home appliances, door locks, doorbells, thermostats, lighting, sleep monitors, security cameras, fitness bands, as well as sensors for traffic monitoring etc. which are microprocessor-based or programmable consumer electronics.), comprising: 
transmitting, from the IoT device, an initialization token to the gateway (Para. 0025. Transmitting a confidential mail token to a recipient organization gateway server. “A message envelope is generated 225 and it includes an encryption of the electronic message that has been encrypted with the session content encryption key and a confidential mail token. The message envelope is transmitted from the sender's organization server to a recipient organization gateway server 230”); 
receiving, at the IoT device, a response token including an encrypted message in response to transmitting the initialization token (Para. 0028. Receiver sending back the confidential mail token and encrypted message to the sender’s organization server. “The receiver establishes an SSL connection with the sender's organization server and transmits the hash of the content encryption key encrypted message, the confidential mail token and the recipient's email address to the sender's organization server using the URL of the sender's organization web service 505.”); 
decrypting, at the IoT device, the encrypted message using a decryption key associated with the initialization token to generate a decrypted message in response to receiving the response token (Para. 0028. “The sender's organization server processes the confidential mail token and extracts the session content encryption key 510. The sender then decrypts the session content encryption key using the sender's organization server public key. As illustrated in FIG. 5F, the sender then uses the session content encryption key to decrypt a hashed content encryption key encrypted message within the confidential mail token 515. The sender's organization server also uses the session content encryption key to decrypt an encryption of the email address of the intended recipient and a content encryption key encryption of the time stamp of the message 520.”); 
validating, at the IoT device, content of the decrypted message after decrypting the encrypted message (Para. 0028. “The sender's organization server then compares the decrypted session content encryption key encrypted hash of the session content encryption key encrypted electronic message with the hash of the session content encryption key encrypted message transmitted by the intended receiver 525. If the sender's organization server's decryption of the hashed content encryption key encryption is the same as the hashed content encryption key encryption generated and transmitted by the receiver 530, and the email address transmitted by the receiver matches the decrypted email address stored by the sender's organization 535, as illustrated in FIG. 5G, then the sender confirms that the encrypted message was delivered to the intended receiver 540.”); 
Freeman did not but the analogous art Yamamoto disclosed transmitting, from the IoT device (IoT device was taught by Freeman above), a certificate request in response to successfully validating the content of the decrypted message; receiving, at the IoT device (IoT device was taught by Freeman above), a certificate in response to the request; validating, at the IoT device (IoT device was taught by Freeman above), the certificate against a certification authority; and transmitting, from the IoT device (IoT device was taught by Freeman above), encrypted data via a secured connection in response to successfully validating the certificate. ([0087] “Further, portable terminal MS may request IP server 20 to transmit public key certificate C2 before transmitting transaction data. Then, portable terminal MS may verify public key certificate C2 obtained from IP server 20 by utilizing public key KEYP2 of IP server 20 obtained from another safe route; encrypt billing data attached to public key certificate C2 by utilizing public key KEYP2; and transmit encrypted billing data to IP server 20.”)
Therefore, it would have been obvious to one having ordinary skill in the art before the applicant(s) invention was filed to modify the invention of Freeman by including the idea of transmitting a certificate request in response to successfully validating the content of the decrypted message; receiving a certificate in response to the request; validating the certificate against a certification authority; and transmitting encrypted data via a secured connection in response to successfully validating the certificate as taught by Yamamoto in order to authenticate the service terminal (Yamamoto, 0024).
Claims 8 and 15 recite similar limitations to claim 1, mutatis mutandis, the subject matter of claims 8 and 15, which is therefore, also considered to be taught by Freeman-Yamamoto combination as above. 
Regarding claim 5, Freeman-Yamamoto combination further disclosed the method of claim 1, further comprising establishing, at the IoT device, the secured connection with the gateway after validating the content of the decrypted message (Freeman, Para. 0028, right column. SSL connection between sender and receiver after validating decrypted message).
Claims 12 and 19 recite similar limitations to claim 5, mutatis mutandis, the subject matter of claims 12 and 19, which is therefore, also considered to be taught by Freeman-Yamamoto combination as above.
Regarding claim 6, Freeman-Yamamoto combination further disclosed the method of claim 5, wherein the secured connection is a Transport Layer Security (TLS) connection (Freeman, Para. 0028. SSL connection. Both SSL and TLS are well-known cryptographic protocols in the art and TLS is the successor of SSL, SSL 3.0 and TLS 1.0 are incredibly similar.).
Claim 13 recite similar limitations to claim 6, mutatis mutandis, the subject matter of claim 6, which is therefore, also considered to be taught by Freeman-Yamamoto combination as above.

Claims 7, 14, and 20 are rejected under 35 U.S.C. 103 as being unpatentable over Freeman in view of Yamamoto as applied to claim 1, 8, and 15 above, and further in view of US 2003/0202661 A1 to Rodriguez et al. hereinafter “Rodriguez”.
Regarding claim 7, Freeman-Yamamoto combination disclosed the method of claim 1, the combination does not but the analogous art Rodriguez disclosed wherein decrypting the encrypted message comprises generating, at the IoT device, (IoT device was taught by Freeman above) a decryption key based on a token number, wherein the token number is a random number or a pseudo-random number (Para. 0066. “The random number, token, and decompression/decryption algorithm may then be used to generate the decryption key.”).
Therefore, it would have been obvious to one having ordinary skill in the art before the applicant(s) invention was filed to modify the Freeman-Yamamoto combination by including the idea of decrypting the encrypted message comprises generating a decryption key based on a token number, wherein the token number is a random number or a pseudo-random number as taught by Rodriguez in order to protect digital media content without the complicated key distribution and management problems  (Rodriguez, 0013).
Claims 14 and 20 recite similar limitations to claim 7, mutatis mutandis, the subject matter of claims 14 and 20, which is therefore, also considered to be taught by Freeman-Yamamoto-Rodriguez combination as above.

Allowable Subject Matter
Claims 2-4, 9-11, and 16-18 are objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims.
The following is a statement of reasons for the indication of allowable subject matter:  None of the prior arts on the record teaches the following claim limitations while incorporated into the base claims and any intervening claims.
Claims 2, 9, and 16: prior to transmitting the token, transmitting a plurality of tokens that the gateway failed to respond to.
Claims 3, 10, and 17: after transmitting the token, continuously transmitting a plurality of tokens at a predetermined interval until validating the content of the decrypted message.
Claims 4, 11, and 18: after validating the content of the decrypted message, ignoring a plurality of response tokens.
Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure:
US 2020/0267127 A1 (Mitra et al.): The first computing device 101 may include, but are not be limited to a low power device, an Internet of things (IoT) device or the like. The second computing device 102 may be a portable computing device including, but not limited to, a .
THIS ACTION IS MADE FINAL.  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. 

Any inquiry concerning this communication or earlier communications from the examiner should be directed to SHAWNCHOY RAHMAN whose telephone number is (571)270-7471. The examiner can normally be reached Monday - Friday 8:30A-5P ET.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Taghi T Arani can be reached on 5712723787. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.


/Shawnchoy Rahman/
Primary Examiner, Art Unit 2438