Notice of Pre-AIA  or AIA  Status
The application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Continued Examination Under 37 CFR 1.114
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection.  Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114.  Applicant's submission filed on 3/3/2022 has been entered.
Claims 1-19 and 21 are pending.

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.


Claims 4-5, 7-9 , 12, 15 are rejected under 35 U.S.C. 103 as being unpatentable over WO 2017/120243 to Afero, hereinafter Afero, in view of US 20160006739 to Huang et al., hereinafter Huang. Afero is cited in IDS dated 6/23/2020.
Regarding claim 4, Afero discloses 
One or more non-transitory computer-readable storage media storing instructions that, upon execution by one or more processors of a system, cause the system to perform operations ([0188]) comprising:  storing an association between a computing device and a user account, the user account associated with a local area network ([0112]-[0114]: cloud service stores in database user account associated with SSID of router, credentials, data identifying a IoT or computing device);  receiving a certificate of the computing device ([0080]: provide public key embedded in certificate of new IoT  to hub and server);  determining the association between the computing device and the user account based at least in part on the certificate (although Afero does not teach an explicit relationship between the new IoT certificate and the user account, Afero discloses the user account include the new IoT identity ([0108]) and also the new IoT certificate is provided to the cloud service 120 which stores user account data in a database ([00112]-[0114]); it would be common sense to store the received IoT device certificate ([0080]) in the user account in the database as well, the IoT device certificate storing  the identity of the IoT, as known in the art); authenticating the computing device based at least in part on the association being determined ([0108][0114]: lookup database to verify association); sending, to the computing device based at least in part on the computing device being authenticated, data that is signed with a private key of the system ([0114]: authenticate IoT device and transmit credentials securely, [0144]: the cloud service sending messages signed with private key, which will be verified by IoT device using the service’s public key to provide additional layer of authentication); 
Afero discloses the possibility to use user credentials and other layers of authentication ([0108]) but does not explicitly teach receiving, after an authentication of the system by the computing device, a request of the computing device for a credential of the local area network, the authentication being based at least in part on the data ...
In an analogous art, Huang discloses allowing a wireless device to access the network ([0004]).   Huang discloses authenticating the wireless device ([0020]), receiving, after an authentication of the system by the computing device ([0072]: receive authentication request, may include certificate; [0074] perform authentication and Fig. 3, 314: provide data i.e list of network identifiers) , a request of the computing device for a credential of the local area network, the authentication being based at least in part on the data, ([0081][0082] Fig. 3, step 322 send association request for network access or [0083] send request for authentication to second LAN, interpreted as the request for credentials to the server), and  sending the credential to the computing device based at least in part on the request ([0082] sending an association confirmation to wireless device).
It would have been obvious to a skilled artisan before the instant application was filed to send request fro credentials after authentication as taught by Huang because it would facilitate access to the LAN by the wireless device in a secure manner.

Regarding claim 5, Afero in view of Huang discloses the one or more non-transitory computer-readable storage media of claim 4, wherein each of the certificate and the request is received from the computing device via a data connection between   

Regarding claim 7, Afero in view of Huang discloses the one or more non-transitory computer-readable storage media of claim 4, wherein the operations further comprise:  receiving, in response to a scan by a remote device of a barcode associated with the computing device, first data from the barcode about a public key of the computing device and second data about the user account (Afero Fig. 8A, [0095]: scan barcode data including public key or certificate [0080]; [0100] the barcode also includes pairing code that identify encryption keys to build secure connection between the Iot device and the hub, and the hub and cloud service for a particular user account), wherein the association between the computing device and the user account is generated based at least in part on the first data and the second data (although Afero does not teach an explicit relationship between the new IoT certificate and the user account, Afero discloses the user account include the new IoT identity ([0108]) and also the new IoT certificate or public key is provided to the cloud service 120 which stores user account data in a database ([00112]-[0114]); it would have been obvious to a skilled artisan before the application was filed to store the received IoT device certificate ([0080]) and the keys to build the secure connection in the user account in the database 

Regarding claim 8, Afero in view of Huang discloses the one or more non-transitory computer-readable storage media of claim 4, wherein the operations further comprising:  receiving, from a mobile device, barcode data from a barcode associated with the computing device, the barcode data comprising a personal identification number (PIN), wherein the association between the computing device and the user account comprises the PIN based at least in part on the barcode data (Afero [0056][0057]: hub reads Iot barcode including a unique ID, which is transmitted to the cloud service for validation; the cloud service database stores user account data, IoT device identifier, network credentials [0108]-[0112]; it would have been obvious to also include in the account the unique ID for authenticating the IoT device).  

Regarding claim 9, Afero in view of Huang discloses the one or more non-transitory computer-readable storage media of claim 8, wherein the operations further comprise:  receiving a hash of the PIN from the computing device (Afero [0056]: receive unique ID, [0057] perform a hash and transmit to cloud service for validation), wherein authenticating the computing device is based at least in part on the certificate (Afero [0080], the PIN associated with the computing device, and the hash of the PIN ([0057]: receive unique ID from barcode, send to cloud service for validation by checking hash of the ID).  

Regarding claim 12, Afero discloses:
a computing device comprising (Fig. 1 IoT device 101):  one or more processors; and  one or more memories storing a certificate of the computing device and a public key of a server , the one or more memories further storing instructions that, upon execution by the one or more processors, cause the computing device to:  establish a first data connection to a first local area network (LAN) ([0109]) ;  send the certificate to the server via the first data connection ([0080]);  receive data from the server via the first data connection, the data signed with a private key of the server based at least in part on the certificate  ;  authenticate the server by verifying the data based at least in part on the public key of the server (although receive data based on the certificate is not explicitly disclosed, a device certificate identifies the device as known, Afero also teaches verifying the IoT device identity in lookup database (it would have been obvious to a skilled artisan to verify the device identity included in the certificate as expected because the certificate is made available to the cloud service) and providing credentials based on the verification  [0114], the messages receives from the cloud service signed with a private key  [0144], which will be verified by IoT device using the service’s public key to provide additional layer of authentication);  
Afero discloses the possibility to use user credentials and other layers of authentication ([0108]) but does not explicitly teach: request, after the server is authenticated, a credential of a second LAN from the server via the first data connection;  receive the credential from the server via the first data connection; and  establish a second data connection to the second LAN based at least in part on the credential.
In an analogous art, Huang discloses allowing a wireless device to access the network ([0004]).   Huang discloses authenticating the wireless device ([0020]), receive data from the server via the first data connection, the data ([0072]: receive authentication request, may include certificate; [0074] perform authentication and Fig. 3, 314: provide data i.e list of network identifiers) , request, after the server is authenticated, a credential of a second LAN from the server via the first data connection, ([0081][0082] Fig. 3, step 322 send association request for network access or [0083] send request for authentication to second LAN, interpreted as the request for credentials to the server), and  receive the credential from the server via the first data connection ([0108][0114]: receive requested credential); and  establish a second data connection to the second LAN based at least in part on the credential ([0082] sending an association confirmation to wireless device).
It would have been obvious to a skilled artisan before the instant application was filed to send request fro credentials after authentication as taught by Huang because it would facilitate access to the LAN by the wireless device in a secure manner.

Regarding claim 15, Afero in view of Huang discloses the computing device of claim 12, wherein the execution of the instructions further cause the computing device to:  detect identifiers of secure LANs comprising the second LAN (Afero [0058][0118]: multiples IoT services can be used, suggesting the IoT devices would store their identifiers);  send a request to the server for credentials of the secure LANs; .

Claim 6 is rejected under 35 U.S.C. 103 as being unpatentable over Afero and Huang, and further in view of US 20200205207 to Harrington et al., hereinafter Harrington.
Regarding claim 6, Afero in view of Huang discloses the one or more computer-readable storage media of claim 4, wherein each of the certificate and the request is received via a data connection between the computing device and a second computing device over a second local area network, and wherein the operations further comprise:  receiving barcode data associated with the computing device (Afero [0095], Fig. 8A, IoT’s barcode data including the public key of the IoT device is scanned by reader in phone (second computing device) or by the hub’s reader and transmitted to cloud service over secure connection, the public key contained in a certificate (Afero [0080]);
Afero or Huang does  not teach requesting, based at least in part on the barcode data being received, the second computing device to set-up the second local area network for a time period. In an analogous art, Harrington discloses a first device sending to a router parameters for setting up a wireless connection, the parameters including an amount of time for the connection, and devices authorized to join the connection ([0006]-[0009). It would have been obvious to a skilled artisan before the 

Claim 11 is rejected under 35 U.S.C. 103 as being unpatyentable over Afero and Huang and further in view of US 20100077216 to Kramer et al., hereinafter Kramer.
Regarding claim 11, Afero in view of Huang discloses the one or more non-transitory computer-readable storage media of claim 4, wherein the system is a back end server that stores credentials of local area networks (Afero [0108]: IoT service or cloud service  stores network credentials in a database, Fig. 12, 1220), and wherein the data is signed by generating a hash from the message and encrypting the hash with a private key of the system (Afero [0144]: cloud service generates message, with digital signature, which is known to use a private key encrypting a hash over part of the message).  
Afero or Huang does not explicitly teach: wherein the data comprises a message received in an HTTPS request from the computing device. In an analogous art, Kramer discloses a client device sending a https request to request a filename, the server responding with the filename in the response, and signing the response (Fig. 3320, 330, [0057). It would have been obvious to a skilled artisan before the instant application was filed for the cloud service in Afero/Huang receive request for credentials in a https request and responds as taught by Kramer because it would ensure confidentiality of the message over a secure connection.

Claims  13-14 and 19 are rejected under 35 U.S.C. 103 as being unpatentable over Afero and Huang, and further in view of US 20140215583 to Ding et al., hereinafter Ding.

Regarding claim 13, Afero in view of Huang discloses the computing device of claim 12; while Afero discloses the Iot device connecting to the hub using Bluetooth LE or another wireless communication channel ([0096][0109], Afero or Huang does not explicitly teach:
 wherein the execution of the instructions further cause the computing device to store a service set identifier (SSID) of the first LAN, wherein the first LAN is a hidden network, and wherein the first data connection is established based at least in part on the SSID from the one or more memories.  In an analogous art, Ding discloses a mobile device storing the SSID of a hotspot, connecting to the hotspot ([0023], teaching the limitation. It would have been obvious to a skilled artisan to configure the IoT device with a particular SSID to connect to a first LAN (hidden to other devices not configured with the SSID) because it would allow securing connecting the IoT device to a first, preset LAN.

Regarding claim 14, Afero in view of Huang discloses the computing device of claim 12, but does not teach the rest of the limitations. In an analogous art, Ding discloses a device using a preset SSID to connect to a first LAN ([0023]), wherein data traffic from and to the computing device over the first LAN is restricted based at least in 

Regarding claim 19, Afero in view of Huang discloses the computing device of claim 12, wherein the first data connection is established (Afero [0109]) and wherein the second data connection is established with the wireless router based on a detection of a second SSID of the second LAN and the credential (Afero [0114]).  
 Afero in view of Huang does not but Ding discloses the first data connection is established  with a wireless router of the first LAN based at least in part on a first service set identifier (SSID) of the first LAN stored on the computing device ([0023]).  It would have been obvious to a skilled artisan before the application was filed to  configure the IoT device with a particular SSID to connect to a first LAN Ding (hidden to other devices not configured with the SSID)  as taught by because it would allow securing connecting the IoT device to a first, preset LAN.

Claim 16 is rejected under 35 U.S.C. 103 as being unpatentable over Afero and Huang, and further in view of US 20160029419 to Li et al., hereinafter Li.
Regarding claim 16, Afero in view of Huang discloses the computing device of claim 12, wherein the execution of the instructions further cause the computing device to:  detect identifiers of secure LANs comprising the second LAN and a third LAN (Afero .

Claim 17 is rejected under 35 U.S.C. 103 as being unpatentable over Afero and Huang, and further in view of US 20060047949 to Brown et al., hereinafter Brown.
Regarding claim 17, Afero in view of Huang discloses the computing device of claim 12 but does not teach the rest of the limitations. In an analogous art, Brown teaches downloading multiples certificates from server ([0006]), Brown teaches wherein the execution of the instructions further cause the computing device to store a plurality of public keys of the server ([0006]) and an indication to use the public key of the plurality of public keys to authenticate the server, wherein verifying the data is based at least in part on the indication ([0065]: when receiving a message signed by a sender, obtain public keys of the certificates in the chain and verify the sender is trusted) . It would have been obvious to a skilled artisan before the application was filed to receive indication to use public keys to authenticate a sender as taught by Brown because .

Claim 18 is rejected under 35 U.S.C. 103 as being unpatentable over Afero and Huang and further  in view of US  20200154272 to Uy et al., hereinafter Uy.
Regarding claim 18, Afero in view of Huang discloses the computing device of claim 12, wherein the execution of the  instructions further cause the computing device to:  send, to a second server over the second LAN, a first indication that the public key was used in association with establishing the second data connection (Afero [00114]: establish connection through router or second server). Afero or Huang does not teach but Uy discloses receive, from the second server, a second indication that the public key is untrusted; and  terminate the second data connection to the second LAN based at least in part on the second indication (Fig. 4 [0070][0071]: when determining that certificate from router (server) has been revoked, maintain connection if router is able to renew certificate, meaning connection will drop in the contrary. It would have been obvious to a skilled artisan before the instant application was filed to terminate a connection to the LAN when certificate or public key are no longer valid, for enforcement of  security measures).

Claim 21 is rejected under 35 U.S.C. 103 as being unpatentable over Afero and Huang and further in view of US  20170288867 to Collier et al., hereinafter Collier.
Regarding claim 21, Afero in view of Huang discloses the one or more non-transitory computer-readable storage media of claim 4 but does not teach the rest of claim 21.
In an analogous art, Collier discloses storing a mapping between a plurality of private keys of the system and computing device information, the computing device information comprising at least one of: types of computing devices or ranges of product numbers of the types of computing devices; and signing the data with a private key of the system based at least in part on information about the computing device and on the mapping ([0096]: store plurality of attribute private keys for a plurality of attributes of a storage device, corresponding to multiple model numbers of storage devices ([0097]), encrypt a nonce with a selected attribute private key to produce a signed nonce, provided to the storage device). It would have been obvious to a skilled artisan before the application was filed to map a plurality of keys to a plurality of client devices as taught by Collier in order to customize the private keys used for signing messages destined to particular clients, for facilitating renewal of the keys at expiration time for specific clients only, enhancing key maintenance.


Allowable subject matter
Regarding claim 10, Afero discloses the one or more computer-readable storage media of claim 4; Afero or any other prior art of the record fails to teach: wherein the  operations further comprise:  storing a plurality of private keys that comprise the private key;  storing a mapping between the plurality of private keys and types of computing 
Regarding claim 1, Afero or any other prior art of the record teaches all of the limitations in claim 1:
A method implemented by one or more servers to provide a passphrase of a secure local area network (LAN) to a computing device, access to the secure LAN provided by a wireless router, the method:  storing a list that associated one or more public key with one or more user accounts;  storing a user account that comprises a user identifier, a service set identifier (SSID) of the secure LAN, and a passphrase of the secure LAN;  storing a private key of the one or more servers and a mapping between the private key and a product category of the computing device;  receiving, in response to a scan by a scanner of a barcode associated with the computing device, a public key of the computing device, the product category of the computing device, and the user identifier;  updating the list to comprise the public key and the user account;  receiving a certificate of the computing device via the wireless router, the certificate comprising the public key of the computing device, wherein the wireless router and the computing device are connected over an open LAN, and wherein the certificate is sent from the computing device over the open LAN;  authenticating the computing device by performing a transport layer security (TLS) authentication that uses the certificate;  determining, from the list, that the public key comprised in the certificate is associated with the user account;  accessing the private key of the one or 

Claims 1-3 and 10 are being objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims.


Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to CATHERINE B THIAW whose telephone number is (571)270-1138. The examiner can normally be reached Monday-Friday 7am-4pm.

If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, CARL G COLIN can be reached on 571-272-3862. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/Catherine Thiaw/Primary Examiner, Art Unit 2493                                                                                                                                                                                                        3/12/2022