DETAILED ACTION
Responsive to the Applicant reply filed on 02/18/2022, Applicant’s amendments to claims have been entered and respective arguments carefully considered and responded in following.

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Information Disclosure Statement
The information disclosure statement (IDS) submitted on 12/14/2021.  The submission is in compliance with the provisions of 37 CFR 1.97.  Accordingly, the information disclosure statement is being considered by the examiner.

Response to Arguments
Applicant's arguments filed 02/18/2022 have been fully considered but they are not persuasive. 
With respect to rejection under 35 USC § 103
Applicant's arguments, PP. 13-14, are reproduced below.
One skilled in the art would not look to the teachings of Macieira, Mathison, Krishnan, and Schultz in order to improve data provenance while protecting individual privacy of data and devices. In other words, the respective teachings of Macieira, Mathison, Krishnan, and Schultz are not complementary. For example, a person of ordinary skill in the art would have no motivation to combine the network slice resolution procedures described in Mathison with the zero-knowledge symmetric key cybersecurity teachings of Schultz, nor the sensor data aggregation of Macieira with the mobility management re-authentication techniques of Krishnan, or any other combination therein. Additionally, the teachings of Macieira, Mathison, Krishnan, and Schultz are not compatible, as Mathison fails to describe "…." The skilled person would therefore not arrive at the combination of features recited in independent claim I by reference to Macieira, Mathison, Krishnan, and Schultz.

In re Fine, 837 F.2d 1071, 5 USPQ2d 1596 (Fed. Cir. 1988), In re Jones, 958 F.2d 347, 21 USPQ2d 1941 (Fed. Cir. 1992), and KSR International Co. v. Teleflex, Inc., 550 U.S. 398, 82 USPQ2d 1385 (2007).  
In this case, examiner would like to bring attention of the applicant to the current application’s a system environment and invention motivation in para. 0056 and 0054. The current application respectively recites “a communication system 100 that supports secure multiparty computation for Internet of Things communications in accordance with aspects of the present disclosure” and “although trust or verification may be established between each of the devices, current methods may be computationally expensive and may not be scalable with the growing number of Internet of Things (IoT) devices. (Emphasis added)”. Upon consideration of the system environment and invention motivation, all prior arts in the previous OC are considered an IT environments related to security of Internet of Things (IoT) devices including user equipment such as a cellular phone, a personal digital assistant (PDA), a tablet computer, a laptop computer, or a personal computer. All respective paragraphs considering Internet of Things (IoT) system of the prior arts are reproduced below.
• Macieira et al. (US 20190044726 A1): [0022] In IoT networks, many different devices may contribute to a single aggregated packet of information that may then be passed on to a single receiver (e.g., actuator, controller, etc.) that performs a function based on the aggregate value.
• MATHISON et al. (US 20190082326 A1): [0007] Network functions virtualization (NFV) permits different network slices to be allocated resources to handle different service requirements  different types of user devices (e.g., user equipment (UEs), Internet-of-things (IoT) devices, and/or the like) and/or different applications executing on user devices.
• KRISHNAN et al. (US 20190239071 A1): [0015] a scenario sometimes referred to as the Internet of Things (IoT), the number of devices that may need to be authenticated at the same time can be very large, potentially swamping the BS-MME links with re-authentication signal messages.
• Schultz et al. (US 20190044922 A1): [0013] Embodiments incorporate an on-chip solution that can fit into any secure or vulnerable computing environment such as systems within the Internet-of-Things (IoT).
The respective motivation to combine the references was provided in the previous OC and in  further detail below. 

In response to applicant’s argument, regarding Mathison, PP.10, ln.  07-18, 
However, Mathison only discusses receiving "information associated with the group identifier," and nowhere does Mathison indicate that such "information" may "identif[y] the other devices to be included in collective data provenance generation with the device," as recited in independent claim 1. The MME of Mathison uses the group identifier to determine a network slice identifier associated with the user device, such that the MME may "permit user device 205 to access a network slice that is associated with the network slice identifier." See id Jr [0071]. But Mathison does not describe any "other devices," nor indicate that the group identifier is related to "collective data provenance generation," as claimed. Accordingly, Mathison cannot be relied upon to teach or suggest "receiving a group profile, from a node, which identifies the other devices to be included in collective data provenance generation with the device," as recited in independent claim 1.

Examiner respectfully disagrees with the argument and further iterates that Mathison teaches, in para. 0066, “MME 215 [“device”] can receive, from HSS 230 [“node”] and via the S6A interface, the information associated with the group identifier of user device 205 [considered as the “group profile which identifies other devices”], and can determine, using the group identifier, a network slice identifier associated with user device 205”. With respect to “other device”, the examiner considered user device group identifier in an HSS subscriber profile to a company name (e.g., “Entity A”) of a company (e.g., Entity A) that is associated with a plurality of user devices”. The examiner asserts that the roles of MME215, HSS 230 and user device of Mathison correspond to the roles of device, node and other devices of the application respectively. As stated in the motivation of previous OC, database server 240 [or the method of current application] may store mapping information that maps a group identifier and a network slice identifier [or identify the other devices]. Given the broadest reasonable interpretation, one of ordinary skill in the art would attempt to modify a concept of  Mathison, receiving information associated with the group identifier that is associated with the user device, in the claimed manner.

In response to applicant’s argument, regarding Krishnan, PP.10, ln.  10-12, 
But receiving a message indicating devices that were authenticated by another device does not teach or suggest "generating a verification parameter of the collective data provenance information based at least in part on the first portion of the data, the additional portions of the data, and on the plurality of evaluation parameters," as recited in independent claim 1. Put another way, the MME of Krishan only receives the group authentication response message and does not generate any parameter, let alone a verification parameter.

Examiner respectfully disagrees with the argument since current application respectively recites, in para. 0080-0082 and para. 0191, “The device 515-a, as well as the devices 515-b and 515-c, may each receive the local evaluation results and the verification parameters (e.g., MAC [message authentication code] share) from each of the other data generating devices. In some examples, device 515-a may construct a result Z (e.g., may generate a collective evaluation result which may be based on the local evaluation result at least in part) and verification parameter, which may be referred to herein as MAC of Z or represented by γ(Z)”, and “The verification component 1525 may verify an authenticity of the data collectively generated through evaluation of a message authentication code received for each of the 

Applicant further argued, regarding Krishnan, PP.11,
Further, the Office Action alleges that "block 310 and 312-320 ... are analogous to 'first portion of the data' and 'additional portions'." Office Action, p. 24. Krishnan describes these "blocks" as "authentication request messages 310, 312, and 314." Krishan Jr [0078]. "The BS 10 then issues individual authentication requests to each of the RRC Connected UEs identified as being in the group or groups ... Request message 310 goes to UE _ 1, request message 312 goes to UE _ 2, and request message 314 goes to UE _ N." Id Thus, request messages 310, 312, and 314 are not equivalent to the portions of data described in independent claim 1. For example, the first portion of the data in independent claim 1 is "generated at the device" (i.e., the MME), but the request message 310 in Krishnan is transmitted by the base station 310 to the UE_l, and is never associated with the MME. Accordingly, because Krishan fails to teach or suggest "the first portion of the data, the additional portions of the data, and on the plurality of evaluation parameters,"

Examiner respectively does not agree the arguments above. As previous OC stated, the primary reference, Mathison, teaches an aggregator node acting on the received sensor data but it does not based at least in part on”. Therefore, the arguments are not persuasive. 

In response to applicant’s argument, regarding Schultz, PP.12, 
Schultz therefore describes combining key portions in order to create an authentication code. However, the keys discussed in Schultz are not "device-specific verification keys associated with each of the other devices," as recited in independent claim 1. Instead, the OTP static key 502 and the dynamic key portion 504 are both specific to a single device: "In general, the keyed hashing function/or a device comprises two parts. The keyed hashing function includes the static portion that is the OTP key. Another part is a dynamic portion that is received from the DDS 104." Id Jr [0039]. Further, the secret key, or combined key 508, created by combination of the OTP static key 502 and the dynamic key portion 504, is also specific to the device. "The secret key is the identity of the device within the distributed device service." Id Jr [0014]

As applicant stated above, Schultz teaches, the combined key such as 508, created by combination of the OTP static key 502 and the dynamic key portion 504, that is generate a message authentication code 514. Examiner asserts and iterate that Schultz teaches “generating a collective verification key by combining device-specific verification keys associated with each of the other devices” st device of the other devices]. The OTP key is a static portion of a keyed hashing function of the first device 102 [corresponding OTP static key 502 (See para. 0039) and analogous to “device-specific verification key associated with each of the other device”]. Schultz also teaches, in para. 0076, “dynamic key portion 504, referred to as an activation key. This activation key is received from the DDS [considered as ‘2nd device of the other devices’]”. Schultz explicitly teaches “A key mixing function 506 is utilized to combine the OTP static key 502 with the dynamic key portion 504 [‘combining device-specific verification keys’] to create a combined key 508 [analogous to ‘collective verification key’]”. As stated in the motivation of previous OC, combining keys along with any additional data using a hashing function may be used for data verification that is analogous to a feature depicted in para. 0162 of current application. It states the verification component 1150 may verify the collective evaluation result using the collective verification key and the verification parameter. Given the broadest reasonable interpretation, one of ordinary skill in the art would attempt to modify a concept of  Schultz, combine the OTP static key 502 with the dynamic key portion 504 to create a combined key 508, in the claimed manner. Schultz teaches the first device 102 can include a step 108 of processing the OTP with the resident HMAC function to create a signature of the OTP. This creates a signature that can be used along with the OTP by the DDS 104 to verify/authenticate the first device 102 [analogous to “verify the collective evaluation result using the collective verification key” above]. For such reasons, The applicant arguments are not persuasive. 

In response to applicant’s argument, regarding Ureche, PP.14, Ureche (US 8462955 B2) is combined to discloses features of dependent claims 13-17 not independent claims in the previous OC. For this reason, the argument is not persuasive. In the argument, filed on 02/18/2022, Ureche is recited 

In response to applicant’s argument, regarding Mathison in independent claim 20 and 30, PP.14, ln. 19-PP.15, ln. 06, for at least the foregoing reason in claim 1 above, the argument is not persuasive.
Applicant further argued, regarding Mathison, PP.15,
Additionally, the Office Action appears to equate the "device group" feature of independent claim 1 to the "MME 215" of Mathison. See Office Action, p. 35 (citing Mathison Jr [0034]). Mathison states that "MME 215 includes one or more devices ... capable of managing authentication, activation, deactivation, and/or mobility functions associated with user device 205. In some implementations, MME 215 can perform operations relating to authentication of user device 205." Mathison Jr [0034]. The device group of independent claim 20, however, is "for collectively providing data provenance information for data generated at the device group to a third party." The MME 215 of Mathison is therefore not the same as the claimed device group, and as such, Mathison fails to teach or suggest "provisioning a group profile, from the node, to the device group."

Examiner does not respectively agree the arguments above. As previous OC stated, the primary reference, Macieira, teaches “identifying a device group for collectively providing data provenance information for data generated at the device group to a third party” as claimed but it does not teach the limitation, “provisioning a group profile, from the node, to the device group”. The secondary reference, Mathison, cure the deficiency of Macieira. Mathison teaches that MME 215 [considered as “one device of device group”] can receive, from HSS 230 [considered as “node”] and via the S6A interface, the information associated with the group identifier [“group profile”] of user device 205, and can determine, using the group identifier, a network slice identifier associated with user device 205. For this reason, the arguments are not persuasive.



Conclusion: the combination of Macieira, Mathison, Krishnan and Schultz discloses the aforementioned limitations of independent claims 1, 20, 28 and 30 and render the claim limitations obvious before the effective filing date of the claimed invention.


With respect to Double Patenting
In response to applicant’s argument, PP. 17-18, regarding the prior arts, Macieira, Mathison, Krishnan and Schultz, upon the further consideration regarding the prior arts as stated above, the arguments are not persuasive.
Applicant states, PP. 17-18, regarding co-pending App. Lee,
For example, claim 1 of Lee recites, in part, "receiving, from a node ... a plurality of evaluation parameters for generating collective data provenance information, the plurality of evaluation parameters being independent of the first portion of data and the additional portions of the data."
Applicant submits that this subject matter is distinct from the features of the present application. Specifically, independent claim 1 of the present application relates to a method of wireless communication and recites, in part, "receiving, from the node, a plurality of evaluation parameters for generating collective data provenance information, the plurality of evaluation parameters being based at least in part on the first portion of the data and on the additional portions of the data." As explained in the present Application, the plurality of evaluation parameters are based on data received from multiple devices (i.e., the "first portion of the data" and the "additional portions of the data")

In response to applicant's argument that the references fail to show certain features of applicant’s invention, it is noted that the features upon which applicant relies (i.e., MAC key, MAC key share, recited in PP. 17, ln. 1-4) are not recited in the rejected claim(s).  Although the claims are interpreted in light of the specification, limitations from the specification are not read into the claims.  In re Van Geuns, 988 F.2d 1181, 26 USPQ2d 1057 (Fed. Cir. 1993). The co-pending App. Lee more specifically discloses the limitation by stating “independent of the first portion”, but it discloses features of the limitation. In other words, Lee teaches elements in the claim manner. Furthermore, the limitation states “based at least in part on”. Therefore, the arguments are not persuasive.

Applicant states, PP. 17-18, regarding co-pending App. Lee,
Additionally, claim I of Lee recites, in part, "generating a device specific output of the collective data provenance information based at least in part on the first portion of the data and on the plurality of evaluation parameters." Applicant submits that this subject matter is distinct from the features of the present application. Specifically, independent claim I of the present application recites, in part, "generating a verification parameter of the collective data provenance information based at least in part on the first portion of the data, the additional portions of the data, and on the plurality of evaluation parameters." As explained in the present Application, "[w]hile the device group continues to evaluate the function locally at each of the devices, the devices may share evaluation parameters (e.g., MAC share) between each of the devices at each step of computing the function, thus obtaining an intermediate local evaluation result and intermediate verification parameter for sharing between each of the devices." Id Jr [0080]. Since Lee recites subject matter that is different from verification parameters that are based on data generated at the device and on data generated at other devices, the claims of the present Application and the claims of Lee are distinct from one another.
Further, Applicant respectfully submits that the Office Action does not provide an explanation to show how independent claims I and 28 are considered to be the same as the recited claims of Lee. For example, the Office Action appears to equate the feature of "a verification parameter" of independent claim I of the instant application with "a device specific output" of claim I of Lee. However, the Office Action does not explain why a verification parameter is the same as a device specific output.

Examiner respectfully disagrees and directs the applicant to the limitation. Again, it explicitly states “based at least in part on”. Lee teaches features such as first portion of the data and on the plurality of 14evaluation parameters in the claimed manner. For such reason, the arguments are not persuasive. The previous OC, in PP. 4, explicitly recites “Although the claims at issue are not identical, they are not patentably distinct from each other because claim 1 of the co-pending Application contains every elements of claim 1”. For example, Lee discloses, in para. 0138, “The generating component 1020 may generate a device specific output of the collective data provenance information based on the first 

Conclusion: the present claims are not patentably distinct and therefore the rejection is maintained.

Double Patenting
The nonstatutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper timewise extension of the “right to exclude” granted by a patent and to prevent possible harassment by multiple assignees. A nonstatutory double patenting rejection is appropriate where the conflicting claims are not identical, but at least one examined application claim is not patentably distinct from the reference claim(s) because the examined application claim is either anticipated by, or would have been obvious over, the reference claim(s). See, e.g., In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969).
A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) or 1.321(d) may be used to overcome an actual or provisional rejection based on nonstatutory double patenting provided the reference application or patent either is shown to be commonly owned with the examined application, or claims an invention made as a result of activities undertaken within the scope of a joint research agreement. See MPEP § 717.02 for applications subject to examination under the first inventor to file provisions of the AIA  as explained in MPEP § 2159. See MPEP § 2146 et seq. for applications not subject 
The USPTO Internet website contains terminal disclaimer forms which may be used. Please visit www.uspto.gov/patent/patents-forms. The filing date of the application in which the form is filed determines what form (e.g., PTO/SB/25, PTO/SB/26, PTO/AIA /25, or PTO/AIA /26) should be used. A web-based eTerminal Disclaimer may be filled out completely online using web-screens. An eTerminal Disclaimer that meets all requirements is auto-processed and approved immediately upon submission. For more information about eTerminal Disclaimers, refer to www.uspto.gov/patents/process/file/efs/guidance/eTD-info-I.jsp.
Claims 1, 3, 4, 6-7, 12, 18, 19, 28 and 29 are provisionally rejected on the ground of nonstatutory double patenting as being unpatentable over claims of copending Application No. 16/866,470 (reference application hereinafter “App-470”) in view of MATHISON et al. (US 20190082326 A1 hereinafter “Mathison”) in view of Schultz et al. (US 20190044922 A1 hereinafter “Schultz”). This is a provisional nonstatutory double patenting rejection because the patentably indistinct claims have not in fact been patented.
Regarding independent claim 1 and 28, claim 1 of App-470 recites the claimed limitations of independent claim 1 and 28 except the bolded limitations as seen in the below table. 
Instant Application 16/866,462 
Co-pending App-470
1 and 28
A method for communication at a device, comprising: 

2identifying that the device is to provide collective data provenance information 3for data generated at the device and at other devices, with a first portion of the data being 4generated at the device and with additional portions of the data being generated at the other 5devices;  





8transmitting the first portion of the data to the node associated with the devices 9identified by the group profile;  


10receiving, from the node, a plurality of evaluation parameters for generating 11collective data provenance information, the plurality of evaluation parameters being based at 12least in part on the first portion of the data and on the additional portions of the data;  




13generating a verification parameter of the collective data provenance 14information based at least in part on the first portion of the data, the additional portions of the 15data, and on the plurality of evaluation parameters; and  



16generating a collective verification key by combining device-specific 17verification keys associated with each of the other devices


A method for communication at a device, comprising:  

2identifying that the device is to provide collective data provenance information 3for data generated at the device and at other devices, with a first portion of the data being 4generated at the device and with additional portions of the data being generated at the other 5devices;  










8receiving, from a node associated with an owner of the device and of the other 9devices, a plurality of evaluation parameters for generating collective data provenance 10information, the plurality of evaluation parameters being independent of the first portion of 11the data and the additional portions of the data;  



12generating a device specific output of the collective data provenance 13information based at least in part on the first portion of the data and on the plurality of 14evaluation parameters; and  




15generating a collective data verification parameter.



Although the claims at issue are not identical, they are not patentably distinct from each other because claim 1 of the co-pending Application contains every elements of claim 1.
App-470 may not explicitly teach, but Macieira, which is a same field of endeavor, discloses transmitting the first portion of the data to the node associated with the devices identified by the group profile ([0065] At 702, each IoT node boots in a secure manner. The node configuration and boot sequence may be contained in a Trusted Computing Group (TCG) Platform Configuration Register (PCR) [analogous to “group profile”]; [0069] At 708, data entries [which is data values in respective entries in a Data Integrity Register (DIR) at 706, “first portion”] from multiple nodes is transmitted to an aggregator node).
Moreover, Mathison, a same field of endeavor, discloses receiving a group profile, from a node, which identifies the other devices to be included in collective data provenance generation with the device ([0066] process 400 can include receiving, from the home subscriber server [“node”], information associated with the group identifier that is associated with the user device based on providing the request (block 430). For example, MME 215 [“device”] can receive, from HSS 230 [“node”] and via the S6A interface, the information associated with the group identifier [“group profile”] of user device 205, and can determine, using the group identifier, a network slice identifier associated with user device 205).
It would have been obvious for one of ordinary skill in the art to have modified the elements disclosed by App-470 with the teachings of Mathison to receiv(ing) a group profile, from a node, which identifies the other devices to be included in collective data provenance generation with the device. One of ordinary skill in the art would have been motivated to make this modification because it may allow determining, using the group identifier [or group profile], a network slice identifier associated with user device 205 since database server 240 can store mapping information that maps a group identifier [or identify the other devices] and a network slice identifier (¶0066-0068).
The combination does not explicitly teach “generating a collective verification key by combining device-specific verification keys associated with each of the other devices.”
In a same field of endeavor, Schultz discloses generating a collective verification key by combining device-specific verification keys associated with each of the other devices ([0076] an OTP static key 502, which is embedded in a device, is combined with a dynamic key portion 504 [“combining device-specific verification keys”], referred to as an activation key. This activation key is received from the DDS as described above [See more details Fig. 1, 116 and ¶0076 regarding “mirroring secret key”]. A key mixing function 506 is utilized to combine the OTP static key 502 with the dynamic key portion 504 to create a combined key 508 [“generating a collective verification key”] to generate a message authentication code 514).
It would have been obvious for one of ordinary skill in the art to have modified the elements disclosed by App-470, Mathison with the teachings of Schultz to generat(ing) a collective verification key by combining device-specific verification keys associated with each of the other devices. One of ordinary skill in the art would have been motivated to make this modification because the combined key [or collective verification key] may be processed, along with any additional data using a hashing function, to generate a message authentication code (MAC) (¶0076).

Regarding dependent claim 3, 4, 6, 7, 12, 18 and 19, they are not patentably distinct from each other because respective claims of the co-pending Application contains every elements of respective claims, as seen in the below table, even though the claims at issue are not identical. 
Instant Application 16/866,462 
Co-pending App-470
3 and 29
The method of claim 1, wherein identifying that the device is to provide collective data provenance information comprises:  
receiving, from the node, an indication to provide the collective data provenance information.
3

The method of claim 1, wherein identifying that the device is to 2provide collective data provenance information further comprises:  
3receiving, from the node, an indication to generate an output at each of the 4devices; and  5generating the output that is a sum of individual values at each of the devices, 6based at least in part on receiving the indication to produce the output at each of the devices
4
The method of claim 1, wherein identifying that the device is to 2 provide collective data provenance information comprises:   
identifying that a predetermined event has occurred, wherein the predetermined event triggers the collective data provenance generation.
4
The method of claim 1, wherein identifying that the device is to 2 provide collective data provenance information further comprises: 
3identifying that a predetermined event has occurred, wherein the 4predetermined event triggers producing an output at each of the devices.

The method of claim 5, further comprising:  
locally evaluating the function at the device to generate a local evaluation result, based at least in part on the first portion of the data.
6
The method of claim 5, further comprising:  
2sharing the function evaluated at the device and between each of the devices, 3based at least in part on evaluating the function at the device;  
4sharing, at the device and between each of the devices, at least one of the 5received evaluation parameters for the device, based at least in part on sharing the function 6evaluated at the device; and  
7locally evaluating the function at each of the devices to produce respective 8outputs, based at least in part on the shared evaluated function at the device and the locally 9received evaluation parameters at each of the devices
7
The method of claim 6, further comprising:  


sharing the local evaluation result and a corresponding intermediate verification parameter between the devices; and  receiving the respective local evaluation results from the other devices.  
7
The method of claim 6, wherein the receiving the plurality of 2evaluation parameters being independent of the first portion of the data and the additional 3portions of the data, further comprises:  
4locally generating a message authentication code (MAC) share at each of the 5devices by using the locally received evaluation parameters for each of the devices; and  
6sharing, at the device and between each of the devices, each of the locally 7generated MAC shares; and  
8sharing at least one of the received evaluation parameters for the other 9devices
18
The method of claim 1, wherein receiving the group profile further comprises:  identifying group profile parameters used for generating collective data at the devices; and  determining, based at least in part on the identified group profile parameters, how the device and the other devices are to generate collective data provenance information.
11
The method of claim 1, wherein receiving the group profile further 2comprises:  3identifying group profile parameters used for generating collective data at the 4devices; and  5determining, based at least in part on the identified group profile parameters, 6how the device and the other devices are to generate collective data provenance information.
19
The method of claim 1, wherein receiving the plurality of evaluation parameters further comprises:  receiving, at each of the devices, at least one of a message authentication code (MAC) share, a MAC 

The method of claim 1, wherein the collective data verification 2parameter comprises a message authentication code (MAC) share of the device and a 3plurality of assessment parameters.


Regarding claim 12, the combination of App-477, Mathison and Schultz discloses the method of claim 1, wherein generating the collective verification key further comprises:
employing a multiparty computation scheme using device-specific portions associated with each of the devices and the plurality of evaluation parameters ([Schultz: 0076] A key mixing function 506 [“multiparty computation scheme”] is utilized to combine the OTP static key 502 with the dynamic key portion 504 to create a combined key 508. The combined key 508 is then processed, along with any additional data 510 using a hashing function 512 [analogous to “device-specific portions and evaluation parameters”], which in some embodiments is an HMAC function to generate a message authentication code 514 [“multiparty computation scheme” because of 502-512 in Fig. 5]).


Claims 2 and 5 are provisionally rejected on the ground of nonstatutory double patenting as being unpatentable over claims of copending Application No. 16/866,470 (reference application hereinafter “App-470”) in view of MATHISON et al. (US 20190082326 A1 hereinafter “Mathison”) in view of Schultz et al. (US 20190044922 A1 hereinafter “Schultz”) as applied claim 1, further in view of Macieira et al. (US 20190044726 A1 hereinafter “Macieira”). This is a provisional nonstatutory double patenting rejection because the patentably indistinct claims have not in fact been patented.
Regarding claim 2, the combination of App-477, Mathison and Schultz may not explicitly teach, but Macieira, which is a same field of endeavor, discloses the method of claim 1, further comprising: verifying a collective evaluation result based at least in part on the collective verification key ([Macieira: 0058] A receiver may verify the integrity of the entire aggregated messages, as well as the individual parts, to authenticate each data source and the aggregator itself; [Schultz: 0076] FIG. 5 is a schematic diagram of an example process for using both a static OTP key and dynamic key [“collective verification key” as applied in claim 1], which are used as an HMAC secret; [0037] the first device 102 can include a step 108 of processing the OTP with the resident HMAC function to create a signature of the OTP. This creates a signature that can be used along with the OTP by the DDS 104 to verify/authenticate the first device 102 [“verifying a collective evaluation result”]. This process creates what is referred to as an HMAC secret).
It would have been obvious for one of ordinary skill in the art to have modified the elements disclosed by App-470, Mathison and Schultz with the teachings of Macieira to verify(ing) a collective evaluation result based at least in part on the collective verification key. One of ordinary skill in the art would have been motivated to make this modification because it may allow data processing and security authentication for internet of things (IoT) devices and device networks (Abs.).

Regarding claim 5, the combination of App-477, Mathison and Schultz may not explicitly teach, but Macieira, which is a same field of endeavor, discloses the method of claim 1, wherein receiving the group profile further comprises:  
receiving, with the group profile, a function for generating device-specific portions of the collective data provenance information ([Macieira: 0068] At 702, each IoT node boots in a secure manner. The node configuration and boot sequence may be contained in a Trusted Computing Group (TCG) Platform Configuration Register (PCR) [analogous to “group profile”]. At 706, as each node senses data values [“device-specific portions”]; [Mathison: 0024-0025] As shown by reference number 155, the HSS can provide, to the MME and based on the request, the information [“functions”, for receiving network slice identifier from a database server] associated with the group identifier [“group profile”]of the user device (e.g., Entity A)).
 it may allow data processing and security authentication for internet of things (IoT) devices and device networks (Abs.).


Claims 8-11 are provisionally rejected on the ground of nonstatutory double patenting as being unpatentable over claims of copending Application No. 16/866,470 (reference application hereinafter “App-470”) in view of MATHISON et al. (US 20190082326 A1 hereinafter “Mathison”) in view of Schultz et al. (US 20190044922 A1 hereinafter “Schultz”) as applied claims 7, further in view of KRISHNAN et al. (US 20190239071 A1 hereinafter “Krishnan”). This is a provisional nonstatutory double patenting rejection because the patentably indistinct claims have not in fact been patented.
Regarding claim 8, the combination of App-477, Mathison and Schultz may not explicitly teach, but Krishnan, which is a same field of endeavor, discloses the method of claim 7, further comprising:  
generating a collective evaluation result, based at least in part on the local evaluation result ([Krishnan: 0080] UE_N receives the authentication request (message 314), calculates the response (block 318), and sends an authentication response (message 320  [“respective local evaluation results”]) first, before any of the other UEs 14. The BS 10 receives the authentication response (message 320) from UE_N, and adds the UE_N's response to the aggregate (block 322) [“collective evaluation result”]).
It would have been obvious for one of ordinary skill in the art to have modified the elements disclosed by App-470, Mathison and Schultz with the teachings of Krishnan to generat(ing) a verification  it may allow performing aggregation [or collective data provenance generation] for a specified duration of time [or evaluation parameters], after which the sending the group authentication response message is performed (¶0035).

Regarding claim 9, the combination of App-477, Mathison, Schultz and Krishnan discloses the method of claim 8, further comprising: 
sharing individual verification keys corresponding to each of the individual devices, between each of the devices, based at least in part on receiving, the plurality of evaluation parameters ([Schultz: 0076] an OTP static key 502, which is embedded in a device, is combined with a dynamic key portion 504, referred to as an activation key. This activation key is received from the DDS as described above [analogous to “sharing individual verification key based on evaluation parameters” from a distributed device service, See more details ¶0064 regarding mirrored information]. A key mixing function 506 is utilized to combine the OTP static key 502 with the dynamic key portion 504 to create a combined key 508).

Regarding claim 10, the combination of App-477, Mathison, Schultz and Krishnan discloses the method of claim 9, further comprising: 
generating the collective verification key using the shared individual verification keys ([Schultz: 0076]  A key mixing function 506 is utilized to combine the OTP static key 502 with the dynamic key portion 504 to create a combined key 508).

Regarding claim 11, the combination of App-477, Mathison, Schultz and Krishnan discloses the method of claim 10, further comprising:  
verifying the collective evaluation result using the collective verification key and the verification parameter ([Krishnan: 0082] The MME 12 then verifies the aggregated response (block 336). Upon successful verification [“verification parameter”], the MME 12 then considers as authenticated all of the UEs that were included in the list of UEs; [Schultz: 0076] FIG. 5 is a schematic diagram of an example process for using both a static OTP key and dynamic key [“collective verification key” as applied in claim 1], which are used as an HMAC secret; [0037] the first device 102 can include a step 108 of processing the OTP with the resident HMAC function to create a signature of the OTP. This creates a signature that can be used along with the OTP by the DDS 104 to verify/authenticate the first device 102 [“verifying collective evaluation result”]. This process creates what is referred to as an HMAC secret).


Claims 13 is provisionally rejected on the ground of nonstatutory double patenting as being unpatentable over claims of copending Application No. 16/866,470 (reference application hereinafter “App-470”) in view of MATHISON et al. (US 20190082326 A1 hereinafter “Mathison”) in view of Schultz et al. (US 20190044922 A1 hereinafter “Schultz”) as applied claim 12, further in view of Ureche et al. (US 8462955 B2 hereinafter “Ureche”). This is a provisional nonstatutory double patenting rejection because the patentably indistinct claims have not in fact been patented.
Regarding claim 13, the combination of App-477, Mathison and Schultz discloses all elements of the current invention as stated in claim 12 above.

In a same field of endeavor, Ureche discloses the method of claim 12, wherein employing the multiparty computation scheme further comprises:  
evaluating a function in an online phase of the multiparty computation scheme and using the plurality of evaluation parameters received in a provisioning phase of the multiparty computation scheme (col. 11 ln. 54-col. 12 ln. 18, Process 300 can be carried out by a volume protection module of a computing device, such as module 114 of FIG. 1 [“evaluating a function in an online phase”, See more details Fig. 1]. An online key is generated (act 304). The online key can be generated in a variety of different manners, analogous to the generation of the one or more local keys in act 302 [“plurality of evaluation parameters”, See more details regarding AES 256-bit key/elliptic curve Diffie-Hellman (ECDH)]. The one or more local keys and the online key are combined (act 306) to generate a combined key [“collective verification key”]).
It would have been obvious for one of ordinary skill in the art to have modified the elements disclosed by App-470, Mathison and Schultz the teachings of Ureche to evaluat(ing) a function in an online phase of the multiparty computation scheme and using the plurality of evaluation parameters received in a provisioning phase of the multiparty computation scheme. One of ordinary skill in the art would have been motivated to make this modification because the online key and the one or more local keys can be combined in different manners [or collective verification key], using any of a variety of mathematical operations or applying any of a variety of algorithms or processes to the online key and the one or more local keys (col. 6 ln. 33-37).



Regarding claim 14, the combination of App-477, Mathison, Schultz and Ureche may not explicitly teach, but Krishnan, which is a same field of endeavor, discloses the method of claim 13, further comprising:  
verifying an authenticity of the data collectively generated through evaluation of a message authentication code received for each of the other devices ([Krishnan: 0078] The BS 10 then issues individual authentication requests to each of the RRC_Connected UEs identified as being in the group or groups. (No requests are sent to idle UEs.) In the embodiment illustrated in FIG. 3, this is shown as authentication request messages 310, 312, and 314).
It would have been obvious for one of ordinary skill in the art to have modified the elements disclosed by App-470, Mathison, Schultz and Ureche with the teachings of Krishnan to verify(ing) an authenticity of the data collectively generated through evaluation of a message authentication code received for each of the other devices. One of ordinary skill in the art would have been motivated to make this modification because it may allow performing aggregation [or collective data provenance generation] for a specified duration of time [or evaluation parameters], after which the sending the group authentication response message is performed (¶0035).



Regarding claim 15, the combination of App-477, Mathison, Schultz, Ureche and Krishnan may not explicitly teach, but Macieira, which is a same field of endeavor, discloses the method of claim 14, further comprising:  
sharing the collective data provenance information between each of the devices, based at least in part on verifying the provenance of the collective data provenance information ([Macieira: 0073] the aggregator node exposes the aggregate value and the PMS to its subscriber community (operation 720 [“sharing the verified collective data provenance information” because of operation 712]). The data may be exposed by providing accessibility to the data, such as by way of access control list (ACL), access control entry (ACE), or policy controls).
It would have been obvious for one of ordinary skill in the art to have modified the elements disclosed by App-477, Mathison, Schultz, Ureche and Krishnan with the teachings of Macieira to shar(ing) the collective data provenance information between each of the devices, based at least in part on verifying the provenance of the collective data provenance information. One of ordinary skill in the art would have been motivated to make this modification because it may allow data processing and security authentication for internet of things (IoT) devices and device networks (Abs.).

Regarding dependent claim 16 and 17, they are not patentably distinct from each other because respective claims of the co-pending Application contains every elements of respective claims, as seen in the below table. 
Instant Application 16/866,462
Co-pending App-470
16
The method of claim 15, further comprising:  signing the data using the collective data provenance information.
9
The method of claim 8, further comprising:  signing the data using the collective data provenance information.
17
The method of claim 16, further comprising:  transmitting the data signed with the collective data provenance information to a server.
10
The method of claim 9, further comprising:  2reporting the data signed with the collective data provenance information, to a 3server.



Claims 20-22 and 30 are provisionally rejected on the ground of nonstatutory double patenting as being unpatentable over claim 1 of copending Application No. 16/866,470 (reference application hereinafter “App-470”) in view of Macieira et al. (US 20190044726 A1 hereinafter “Macieira”). This is a provisional nonstatutory double patenting rejection because the patentably indistinct claims have not in fact been patented.
Regarding independent claim 20 and 30, claim 13 of App-470 recites the claimed limitations of independent claim 1 and 28 except the bolded limitations as seen in the below table. 
Instant Application 16/866,462 
Co-pending App-470
20 and 30
A method of communication at a node, comprising:  

2identifying a device group for collectively providing data provenance 3information for data generated at the device group to a third party;  

4provisioning a group profile, from the node, to the device group;  

5receiving, at the node, data from the device group, with individual portions of 

7provisioning, to the device group, a plurality of evaluation parameters for 8generating collective data provenance information, the plurality of evaluation parameters 9being based at least in part on the data from the device group


A method for communication at a node, comprising:  

2identifying a device group, for collectively providing data provenance 3information for data generated at the device group, to a third party;  

4provisioning a group profile, from the node, to the device group;  

5receiving, at the node, data from the device group, with individual portions of 

7provisioning, to the device group, a plurality of evaluation parameters for 8generating collective data provenance information, the plurality of evaluation parameters 9being independent of the individual portions of the data


In a same field of endeavor, Macieira discloses provisioning, to the device group, a plurality of evaluation parameters for generating collective data provenance information, the plurality of evaluation parameters being based at least in part on the data from the device group ([0072-0073] At 714, the aggregator node acts on the received sensor data [“evaluation parameters”]. At 716, the aggregator node updates its own DIR with the aggregate value. The aggregator node adds the aggregated value to the PMS as another data entry (operation 718) [“plurality of evaluation parameters”]. Then, the aggregator node exposes the aggregate value and the PMS to its subscriber community (operation 720) [“receiving, from the node, a plurality of evaluation parameters”]).
It would have been obvious for one of ordinary skill in the art to have modified the elements disclosed by App-470 with the teachings of Mathison to provision(ing), to the device group, a plurality of evaluation parameters for generating collective data provenance information, the plurality of evaluation parameters being based at least in part on the data from the device group. One of ordinary skill in the art would have been motivated to make this modification because it may allow data processing and security authentication for internet of things (IoT) devices and device networks (Abs.).

Regarding dependent claim 21 and 22, they are not patentably distinct from each other because respective claims of the co-pending Application contains every elements of respective claims, as seen in the below table, even though the claims at issue are not identical.
Instant Application 16/866,462 
Co-pending App-470

The method of claim 20, wherein provisioning the group profile further comprises:  
provisioning, to the device group, at least one of a group identity, a device index, a member list, group credentials, or a function for generating the collective data provenance information of the data generated at the device group.
14

The method of claim 13, wherein provisioning the group profile further 2comprises:  
3provisioning, to the device group, at least one of a group identity, a member 4list, group credentials, or a function for evaluating the collective data provenance information 5of the data generated at the device group.
22
The method of claim 20, wherein provisioning the plurality of evaluation parameters further comprises:  provisioning, to the device group, at least one of a message authentication code (MAC) share, a MAC key share, a shared random parameter, or a multiplicative triple.
15
The method of claim 13, wherein provisioning the plurality of 2 evaluation parameters further comprises: provisioning, to the device group, at least one of a message authentication code (MAC) share, a MAC key share, or a shared random parameter


Claims 23-26 are provisionally rejected on the ground of nonstatutory double patenting as being unpatentable over claim 1 of copending Application No. 16/866,470 (reference application hereinafter “App-470”) in view of Macieira et al. (US 20190044726 A1 hereinafter “Macieira”) as applied claim 20 in view of KRISHNAN et al. (US 20190239071 A1 hereinafter “Krishnan”). This is a provisional nonstatutory double patenting rejection because the patentably indistinct claims have not in fact been patented.

Regarding claim 23, the combination of App-470 and Macieira may not explicitly teach, but Krishnan, which is a same field of endeavor, discloses the method of claim 20, further comprising:  
verifying an authenticity of the data collectively generated through evaluation of a message authentication code received for each of the other devices, using a group public key ([Krishnan: 0075-0078] The UEs with the necessary cryptographic capabilities, e.g., those that support the public-key schemes detailed below (“using a group public key”, See more details ¶0108), may participate in the methods described herein. The BS 10 then issues individual authentication requests to each of the RRC_Connected UEs identified as being in the group or groups. (No requests are sent to idle UEs. [“verifying an authenticity”]). In the embodiment illustrated in FIG. 3, this is shown as authentication request messages 310, 312, and 314; [0083] the BS 10 aggregates the received responses (e.g., messages 320 and 326 [“verifying an authenticity”]) one by one as they are received).  
It would have been obvious for one of ordinary skill in the art to have modified the elements disclosed by App-470 and Macieira with the teachings of Krishnan to provision(ing), to the device group, at least one of a message authentication code (MAC) share, a MAC key share, a shared random parameter, or a multiplicative triple. One of ordinary skill in the art would have been motivated to make this modification because it may allow upon successful verification, the MME 12 then considers as authenticated all of the UEs that were included in the list of UEs.

Regarding claims 24, the combination of App-470 and Macieira may not explicitly teach, but Krishnan, which is a same field of endeavor, discloses the method of claim 20, further comprising:  generating at least one of a message authentication code (MAC) key and a MAC key share for provisioning to the device group ([Krishnan: 0076] A key mixing function 506 is utilized to combine the OTP static key 502 with the dynamic key portion 504 to create a combined key 508 [“a message authentication code (MAC) key” to generate a message authentication code 514]).
It would have been obvious for one of ordinary skill in the art to have modified the elements disclosed by App-470 and Macieira with the teachings of Krishnan to generat(ing) at least one of a message authentication code (MAC) key and a MAC key share for provisioning to the device group. One of ordinary skill in the art would have been motivated to make this modification because the combined key may be processed, along with any additional data using a hashing function, to generate a message authentication code (MAC) [or a message authentication code (MAC) key] (¶0076).
  
Regarding claims 25, the combination of App-470, Macieira and Krishnan discloses the method of claim 24, further comprising:  generating a MAC on data based at least in part on the data received [Krishnan: 0076] The combined key 508 is then processed, along with any additional data 510 [“data received”] using a hashing function 512, which in some embodiments is an HMAC function to generate a message authentication code 514 [“generating a MAC”, See ¶0052-0053 regarding add or remove the device from a group, to add or remove functionality or access to a service at step 208]; [Macieira: 0069] At 708, data entries from multiple nodes [“data received from the device group”] is transmitted to an aggregator node).
  
Regarding claim 26, the combination of App-470, Macieira and Krishnan discloses the method of claim 25, further comprising: generating a MAC share based at least in part on creating the MAC on data for provisioning to the device group ([Krishnan: 0076] The combined key 508 is then processed, along with any additional data 510 using a hashing function 512, which in some embodiments is an HMAC function to generate a message authentication code 514. these processes occur both on the device that is embedded with the OTP static key 502, and on the DDS so that both the device and DDS have symmetric message authentication codes  [“MAC share”]).


Claim 27 is provisionally rejected on the ground of nonstatutory double patenting as being unpatentable over claim 1 of copending Application No. 16/866,470 (reference application hereinafter “App-470”) in view of Macieira et al. (US 20190044726 A1 hereinafter “Macieira”) as applied claim 20, further in view of KRISHNAN et al. (US 20190239071 A1 hereinafter “Krishnan”). This is a provisional nonstatutory double patenting rejection because the patentably indistinct claims have not in fact been patented.
Regarding claim 27, the combination of App-470 and Macieira may not explicitly teach, but Krishnan, which is a same field of endeavor, discloses the method of claim 20, further [0011] the UE 14 receives an authentication request message (e.g., message 102 in FIG. 1), which contains a random number in the RAND IE and authentication parameters in the AUTH IE).
It would have been obvious for one of ordinary skill in the art to have modified the elements disclosed by App-470, Macieira with the teachings of Krishnan to generat(ing) at least one of a shared random parameter or a multiplicative triple for provisioning to the device group. One of ordinary skill in the art would have been motivated to make this modification because it may allow upon successful verification, the MME 12 then considers as authenticated all of the UEs that were included in the list of UEs.


Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1-12, 18, 19 and 28-29 are rejected under 35 U.S.C. 103 as being unpatentable over Macieira et al. (US 20190044726 A1 hereinafter “Macieira”) in view of MATHISON et al. (US 20190082326 A1 hereinafter “Mathison”) in view of KRISHNAN et al. (US 20190239071 A1 hereinafter “Krishnan”) in view of Schultz et al. (US 20190044922 A1 hereinafter “Schultz”).
Regarding claim 1, Macieira discloses a method for communication at a device, comprising (FIG. 7):  
[0066-0068] At 704, each node discovers nearest neighbor nodes. A registry of nearest neighbors is kept at each node. The registry may be stored in a Nearest Neighbor Integrity Registers (NNIR) data structure. For instance, the SOURCES structure, the data structure [“additional portions” at other devices such as data structures at 300A and B] of FIG. 5, in the aggregated message [“collective data provenance information”, See more details ¶0023-0024 regarding “preserve provenance” comparing to traditional data aggregation methods] may regard name in the form of a URI, DNS, or IP address or other network naming convention. At 706, as each node senses data values, it stores the data values in respective entries in a Data Integrity Register (DIR) [“first portion” at the device such as data structures at 300C]);  
transmitting the first portion of the data to the node associated with the devices identified by the group profile ([0065] At 702, each IoT node boots in a secure manner. The node configuration and boot sequence may be contained in a Trusted Computing Group (TCG) Platform Configuration Register (PCR) [analogous to “group profile”]; [0069] At 708, data entries [which is data values in respective entries in a Data Integrity Register (DIR) at 706, “first portion”] from multiple nodes is transmitted to an aggregator node);
receiving, from the node, a plurality of evaluation parameters for generating collective data provenance information, the plurality of evaluation parameters being based at least in part on the first portion of the data and on the additional portions of the data ([0072-0073] At 714, the aggregator node acts on the received sensor data [“first portion and the additional portions of the data” based on 702-712]. At 716, the aggregator node updates its own DIR with the aggregate value. The aggregator node adds the aggregated value to the PMS as another data entry (operation 718) [“plurality of evaluation ”]. Then, the aggregator node exposes the aggregate value and the PMS to its subscriber community (operation 720) [“receiving, from the node, a plurality of evaluation parameters”]);  
Although Macieira teaches, in paragraph 0025, “The traffic control group, or other subgroups, may be in communication with the cloud through wired or wireless links”, it does not explicitly teach “receiving a group profile, from a node, which identifies the other devices to be included in collective data provenance generation with the device.”  
In a same field of endeavor, Mathison discloses receiving a group profile, from a node, which identifies the other devices to be included in collective data provenance generation with the device ([0066] process 400 can include receiving, from the home subscriber server [“node”], information associated with the group identifier that is associated with the user device based on providing the request (block 430). For example, MME 215 [“device”] can receive, from HSS 230 [“node”] and via the S6A interface, the information associated with the group identifier [“group profile”] of user device 205, and can determine, using the group identifier, a network slice identifier associated with user device 205).
At the time of filing, it would have been obvious for one of ordinary skill in the art to have modified the elements disclosed by Macieira and Krishnan with the teachings of Mathison to receiv(ing) a group profile, from a node, which identifies the other devices to be included in collective data provenance generation with the device. One of ordinary skill in the art would have been motivated to make this modification because it may allow determining, using the group identifier [or group profile], a network slice identifier associated with user device 205 since database server 240 can store mapping information that maps a group identifier [or identify the other devices] and a network slice identifier (¶0066-0068).
Although Mathison teaches, in paragraph 0072, “At 714, the aggregator node acts on the received sensor data. The aggregator node may compute an average, a mean, a median, or perform 
In a same field of endeavor, Krishnan discloses generating a verification parameter of the collective data provenance information based at least in part on the first portion of the data, the additional portions of the data, and on the plurality of evaluation parameters ([0082] The MME 12 then verifies the aggregated response (block 336) [“generating a verification parameter”]. Upon successful verification, the MME 12 then considers as authenticated all of the UEs that were included in the list of UEs. [See block 310 and 312-320 which are analogous to “first portion of the data” and “additional portions”, block 316 and 330 which is analogous to “evaluation parameters”]).
At the time of filing, it would have been obvious for one of ordinary skill in the art to have modified the elements disclosed by Macieira with the teachings of Krishnan to generat(ing) a verification parameter of the collective data provenance information based at least in part on the first portion of the data, the additional portions of the data, and on the plurality of evaluation parameters. One of ordinary skill in the art would have been motivated to make this modification because it may allow performing aggregation [or collective data provenance generation] for a specified duration of time [or evaluation parameters], after which the sending the group authentication response message is performed (¶0035).
Although Krishnan teaches, in paragraph 0093, “messages could be aggregated using different algebraic constructs, such as XORing different messages together to create an aggregated message. One such approach is referred to as Aggregated Message Authentication Codes”, it does not explicitly teach “generating a collective verification key by combining device-specific verification keys associated with each of the other devices.”
[0076] an OTP static key 502, which is embedded in a device, is combined with a dynamic key portion 504 [“combining device-specific verification keys”], referred to as an activation key. This activation key is received from the DDS as described above [See more details Fig. 1, 116 and ¶0076 regarding “mirroring secret key”]. A key mixing function 506 is utilized to combine the OTP static key 502 with the dynamic key portion 504 to create a combined key 508 [“generating a collective verification key”] to generate a message authentication code 514).
At the time of filing, it would have been obvious for one of ordinary skill in the art to have modified the elements disclosed by Macieira, Mathison and Krishnan with the teachings of Schultz to generat(ing) a collective verification key by combining device-specific verification keys associated with each of the other devices. One of ordinary skill in the art would have been motivated to make this modification because the combined key [or collective verification key] may be processed, along with any additional data using a hashing function, to generate a message authentication code (MAC) (¶0076).

Regarding claim 2, the combination of Macieira, Mathison, Krishnan and Schultz discloses the method of claim 1, further comprising: verifying a collective evaluation result based at least in part on the collective verification key ([Macieira: 0058] A receiver may verify the integrity of the entire aggregated messages, as well as the individual parts, to authenticate each data source and the aggregator itself; [Schultz: 0076] FIG. 5 is a schematic diagram of an example process for using both a static OTP key and dynamic key [“collective verification key” as applied in claim 1], which are used as an HMAC secret; [0037] the first device 102 can include a step 108 of processing the OTP with the resident HMAC function to create a signature of the OTP. This creates a signature that can be used along with the OTP by the DDS 104 to verify/authenticate the first device 102 [“verifying a collective evaluation result”]. This process creates what is referred to as an HMAC secret).

Regarding claim 3, the combination of Macieira, Mathison, Krishnan and Schultz discloses the method of claim 1, wherein identifying that the device is to provide collective data provenance information comprises:  
receiving, from the node, an indication to provide the collective data provenance information ([Macieira 0068-0073] At 712, the aggregator node verifies the provenance of the data from the sensor nodes; At 716, the aggregator node updates its own DIR with the aggregate value. The aggregator node adds the aggregated value to the PMS [stands for Provenance Manifest Structure “indication”] as another data entry (operation 718); the aggregator node exposes the aggregate value and the PMS to its subscriber community (operation 720)).

Regarding claim 4, the combination of Macieira, Mathison, Krishnan and Schultz discloses the method of claim 1, wherein identifying that the device is to provide collective data provenance information comprises:   
identifying that a predetermined event has occurred, wherein the predetermined event triggers the collective data provenance generation ([Macieira: 0068] At 706, as each node senses data values, it stores the data values in respective entries in a Data Integrity Register (DIR) [“predetermined event”]. The DIR forms a leaf in a Provenance Manifest Structure (PMS)).

Regarding claim 5, the combination of Macieira, Mathison, Krishnan and Schultz discloses the method of claim 1, wherein receiving the group profile further comprises:  
[Macieira: 0068] At 702, each IoT node boots in a secure manner. The node configuration and boot sequence may be contained in a Trusted Computing Group (TCG) Platform Configuration Register (PCR) [analogous to “group profile”]. At 706, as each node senses data values [“device-specific portions”]; [Mathison: 0024-0025] As shown by reference number 155, the HSS can provide, to the MME and based on the request, the information [“functions”, for receiving network slice identifier from a database server] associated with the group identifier [“group profile”]of the user device (e.g., Entity A)).

Regarding claim 6, the combination of Macieira, Mathison, Krishnan and Schultz discloses the method of claim 5, further comprising:  
locally evaluating the function at the device to generate a local evaluation result, based at least in part on the first portion of the data ([Macieira: 0065] At 706, as each node senses data values [“device-specific portions”]. it stores the data values in respective entries in a Data Integrity Register (DIR). The DIR for a given node includes values sensed at that node, along with an integrity hash computed for each respective value. The integrity hash [“generating a local evaluation result”] is a hash of the data; [Mathison: 0026] the MME can, after determining the network slice identifier [“locally evaluating the function”], permit the user device to access the network slice identified by the network slice identifier [“local evaluation result based on the first portion” by the reference number 150 in Fig. 1C]).

Regarding claim 7, the combination of Macieira, Mathison, Krishnan and Schultz discloses the method of claim 6, further comprising:  
[Krishnan: 0078] the BS 10 will use the group ID(s) to look up or otherwise get the list of UEs to be authenticated (block 308). The BS 10 then issues individual authentication requests [“intermediate verification parameter”] to each of the RRC_Connected UEs identified as being in the group or groups [“local evaluation result” since no requests are sent to idle UEs]); and 
receiving the respective local evaluation results from the other devices ([Krishnan: 0080] UE_N receives the authentication request (message 314), calculates the response (block 318), and sends an authentication response (message 320 [“respective local evaluation results” as well as 326]) first, before any of the other UEs 14. The BS 10 receives the authentication response (message 320) from UE_N, and adds the UE_N's response to the aggregate (block 322)).
At the time of filing, it would have been obvious for one of ordinary skill in the art to have modified the elements disclosed by Macieira, Mathison and Schultz with the teachings of Krishnan to shar(ing) the local evaluation result and a corresponding intermediate verification parameter between the devices. One of ordinary skill in the art would have been motivated to make this modification because a calculating module may be operable to calculate a UE-specific response using the authentication information [or local evaluation results] (¶0076).

Regarding claim 8, the combination of Macieira, Mathison, Krishnan and Schultz discloses the method of claim 7, further comprising:  
generating a collective evaluation result, based at least in part on the local evaluation result ([Krishnan: 0080] UE_N receives the authentication request (message 314), calculates the response (block 318), and sends an authentication response (message 320  [“respective local evaluation results”]) first, before any of the other UEs 14. The BS 10 receives the authentication response (message 320) from UE_N, and adds the UE_N's response to the aggregate (block 322) [“collective evaluation result”]).

Regarding claim 9, the combination of Macieira, Mathison, Krishnan and Schultz discloses the method of claim 8, further comprising: 
sharing individual verification keys corresponding to each of the individual devices, between each of the devices, based at least in part on receiving, the plurality of evaluation parameters ([Schultz: 0076] an OTP static key 502, which is embedded in a device, is combined with a dynamic key portion 504, referred to as an activation key. This activation key is received from the DDS as described above [analogous to “sharing individual verification key based on evaluation parameters” from a distributed device service, See more details ¶0064 regarding mirrored information]. A key mixing function 506 is utilized to combine the OTP static key 502 with the dynamic key portion 504 to create a combined key 508).

Regarding claim 10, the combination of Macieira, Mathison, Krishnan and Schultz discloses the method of claim 9, further comprising: 
generating the collective verification key using the shared individual verification keys ([Schultz: 0076]  A key mixing function 506 is utilized to combine the OTP static key 502 with the dynamic key portion 504 to create a combined key 508).

Regarding claim 11, the combination of Macieira, Mathison, Krishnan and Schultz discloses the method of claim 10, further comprising:  
verifying the collective evaluation result using the collective verification key and the verification parameter ([Krishnan: 0082] The MME 12 then verifies the aggregated response (block 336). Upon successful verification [“verification parameter”], the MME 12 then considers as authenticated all of the UEs that were included in the list of UEs; [Schultz: 0076] FIG. 5 is a schematic diagram of an example process for using both a static OTP key and dynamic key [“collective verification key” as applied in claim 1], which are used as an HMAC secret; [0037] the first device 102 can include a step 108 of processing the OTP with the resident HMAC function to create a signature of the OTP. This creates a signature that can be used along with the OTP by the DDS 104 to verify/authenticate the first device 102 [“verifying collective evaluation result”]. This process creates what is referred to as an HMAC secret).

Regarding claim 12, the combination of Macieira, Mathison, Krishnan and Schultz discloses the method of claim 1, wherein generating the collective verification key further comprises:
employing a multiparty computation scheme using device-specific portions associated with each of the devices and the plurality of evaluation parameters ([Schultz: 0076] A key mixing function 506 [“multiparty computation scheme”] is utilized to combine the OTP static key 502 with the dynamic key portion 504 to create a combined key 508. The combined key 508 is then processed, along with any additional data 510 using a hashing function 512 [analogous to “device-specific portions and evaluation parameters”], which in some embodiments is an HMAC function to generate a message authentication code 514 [“multiparty computation scheme” because of 502-512 in Fig. 5]).

Regarding claim 18, the combination of Macieira, Mathison, Krishnan, Schultz and Ureche discloses the method of claim 1, wherein receiving the group profile further comprises:  
identifying group profile parameters used for generating collective data at the devices; and determining, based at least in part on the identified group profile parameters, how the device and the other devices are to generate collective data provenance information ([Macieira: 0068] At 702, each IoT node boots in a secure manner. The node configuration and boot sequence may be contained in a Trusted Computing Group (TCG) Platform Configuration Register (PCR) [analogous to “group profile”]; [Mathison: 0066] process 400 can include receiving, from the home subscriber server [“node”], information associated with the group identifier that is associated with the user device based on providing the request (block 430). For example, MME 215 [“device”] can receive, from HSS 230 [“node”] and via the S6A interface, the information associated with the group identifier [“group profile”] of user device 205, and can determine, using the group identifier [analogous to “how the device and the other devices generate the provenance information”], a network slice identifier associated with user device 205).

Regarding claim 19, discloses The method of claim 1, wherein receiving the plurality of evaluation parameters further comprises:  receiving, at each of the devices, at least one of a message authentication code (MAC) share, a MAC key share, a shared random parameter, or a multiplicative triple ([Krishnan: 0090] The UE 14 is operable to: receive from a BS an authentication request message … ; a Message Authentication Code (MAC) [which is shared 306-326] ; [Krishnan: 0076] The combined key 508 is then processed, along with any additional data 510 using a hashing function 512, which in some embodiments is an HMAC function to generate a message authentication code 514 [“MAC”]. these processes occur both on the device that is embedded with the OTP static key 502, and on the DDS so that both the device and DDS have symmetric message authentication codes  [“MAC share”]).


Regarding claim 28, it is an apparatus claim that corresponds to the claim 1. Macieira further discloses the apparatus for communication at a device, comprising:  
[0083] one processor to perform the operations and machine-readable storage device):  Therefore, claim 28 is rejected for at least same reasons as claim 1.

Regarding claim 29, it is an apparatus claim that corresponds to the claim 3. Therefore, claim 29 is rejected for at least same reasons as claim 3.


Claims 13-17 are rejected under 35 U.S.C. 103 as being unpatentable over Macieira et al. (US 20190044726 A1 hereinafter “Macieira”) in view of MATHISON et al. (US 20190082326 A1 hereinafter “Mathison”) in view of KRISHNAN et al. (US 20190239071 A1 hereinafter “Krishnan”) in view of Schultz et al. (US 20190044922 A1 hereinafter “Schultz”) as applied to claim 12 above, and further in view of Ureche et al. (US 8462955 B2 hereinafter “Ureche”).
Regarding claim 13, the combination of Macieira, Mathison, Krishnan and Schultz discloses all elements of the current invention as stated in claim 12 above.
However, it does not explicitly disclose “evaluating a function in an online phase of the multiparty computation scheme and using the plurality of evaluation parameters received in a provisioning phase of the multiparty computation scheme.”
In a same field of endeavor, Ureche discloses the method of claim 12, wherein employing the multiparty computation scheme further comprises:  
evaluating a function in an online phase of the multiparty computation scheme and using the plurality of evaluation parameters received in a provisioning phase of the multiparty computation scheme (col. 11 ln. 54-col. 12 ln. 18, Process 300 can be carried out by a volume protection module of a computing device, such as module 114 of FIG. 1 [“evaluating a function in an online phase”, See more details Fig. 1]. An online key is generated (act 304). The online key can be generated in a variety of different manners, analogous to the generation of the one or more local keys in act 302 [“plurality of evaluation parameters”, See more details regarding AES 256-bit key/elliptic curve Diffie-Hellman (ECDH)]. The one or more local keys and the online key are combined (act 306) to generate a combined key [“collective verification key”]).
At the time of filing, it would have been obvious for one of ordinary skill in the art to have modified the elements disclosed by Macieira, Mathison, Krishnan and Schultz with the teachings of Ureche to evaluat(ing) a function in an online phase of the multiparty computation scheme and using the plurality of evaluation parameters received in a provisioning phase of the multiparty computation scheme. One of ordinary skill in the art would have been motivated to make this modification because the online key and the one or more local keys can be combined in different manners [or collective verification key], using any of a variety of mathematical operations or applying any of a variety of algorithms or processes to the online key and the one or more local keys (col. 6 ln. 33-37).

Regarding claim 14, the combination of Macieira, Mathison, Krishnan, Schultz and Ureche discloses the method of claim 13, further comprising:  
verifying an authenticity of the data collectively generated through evaluation of a message authentication code received for each of the other devices ([Krishnan: 0078] The BS 10 then issues individual authentication requests to each of the RRC_Connected UEs identified as being in the group or groups. (No requests are sent to idle UEs.) In the embodiment illustrated in FIG. 3, this is shown as authentication request messages 310, 312, and 314).

Regarding claim 15, the combination of Macieira, Mathison, Krishnan, Schultz and Ureche discloses the method of claim 14, further comprising:  
sharing the collective data provenance information between each of the devices, based at least in part on verifying the provenance of the collective data provenance information ([Macieira: 0073] the aggregator node exposes the aggregate value and the PMS to its subscriber community (operation 720 [“sharing the verified collective data provenance information” because of operation 712]). The data may be exposed by providing accessibility to the data, such as by way of access control list (ACL), access control entry (ACE), or policy controls).

Regarding claim 16, the combination of Macieira, Mathison, Krishnan, Schultz and Ureche discloses the method of claim 15, further comprising:  
signing the data using the collective data provenance information ([Macieira: 0055] The aggregator 502 adds additional metadata to the aggregated message 506, which includes at least a signature of the aggregator 502; [0073] This S1AP message will contain only one aggregated signature with the same size as the original signatures comprised in the individual Authentication Response messages).

Regarding claim 17, the combination of Macieira, Mathison, Krishnan, Schultz and Ureche discloses the method of claim 16, further comprising:  transmitting the data signed with the collective data provenance information to a server ([Krishnan: 0081] the BS 10 finishes the aggregation (block 332) and sends the aggregated response to the MME 12 (message 334)).


s 20, 21, 27 and 30 are rejected under 35 U.S.C. 103 as being unpatentable over Macieira et al. (US 20190044726 A1 hereinafter “Macieira”) in view of MATHISON et al. (US 20190082326 A1 hereinafter “Mathison”).
Regarding claim 20, Macieira discloses a method of communication at a node, comprising:  
identifying a device group for collectively providing data provenance information for data generated at the device group to a third party ([0065-0068] [0065] At 702, each IoT node boots in a secure manner. The node configuration and boot sequence may be contained in a Trusted Computing Group (TCG) Platform Configuration Register (PCR) [“group”]. At 704, each node discovers nearest neighbor nodes [“identifying a device group”]. A registry of nearest neighbors is kept at each node. The registry may be stored in a Nearest Neighbor Integrity Registers (NNIR) data structure. For instance, the SOURCES structure, the data structure of FIG. 5, in the aggregated message [“collective data provenance information”, See more details ¶0023-0024 regarding “preserve provenance” comparing to traditional data aggregation methods] may regard name in the form of a URI, DNS, or IP address or other network naming convention);  
receiving, at the node, data from the device group, with individual portions of the data being generated at individual devices ([0069] At 708, data entries from multiple nodes is transmitted to an aggregator node [“node”]. The data entries include at least the data and corresponding integrity hashes of the data. At 710, The aggregator node [“node”] collects DIRs, PCRs, and NNIRs of each sending sensor node).
provisioning, to the device group, a plurality of evaluation parameters for generating collective data provenance information, the plurality of evaluation parameters being based at least in part on the data from the device group ([0072-0073] At 714, the aggregator node acts on the received sensor data [“evaluation parameters”]. At 716, the aggregator node updates its own DIR with the aggregate value. The aggregator node adds the aggregated value to the PMS as another data entry (operation 718) [“plurality of evaluation parameters”]. Then, the aggregator node exposes the aggregate value and the PMS to its subscriber community (operation 720) [“receiving, from the node, a plurality of evaluation parameters”]).  
Although Macieira teaches, in paragraph 0025, “The traffic control group, or other subgroups, may be in communication with the cloud through wired or wireless links”, it does not explicitly teach “provisioning a group profile, from the node, to the device group”.
In a same field of endeavor, Mathison discloses provisioning a group profile, from the node, to the device group ([0066] process 400 can include receiving, from the home subscriber server [“node”], information associated with the group identifier that is associated with the user device based on providing the request (block 430). For example, MME 215 [“device group” See more details ¶0034] can receive, from HSS 230 [“node”] and via the S6A interface, the information associated with the group identifier [“group profile”] of user device 205, and can determine, using the group identifier, a network slice identifier associated with user device 205).
At the time of filing, it would have been obvious for one of ordinary skill in the art to have modified the elements disclosed by Macieira with the teachings of Mathison to provision(ing) a group profile, from the node, to the device group. One of ordinary skill in the art would have been motivated to make this modification because it may allow determining, using the group identifier [or group profile], a network slice identifier associated with user device 205 since database server 240 can store mapping information that maps a group identifier [or identify the other devices] and a network slice identifier [or collective data provenance information] (¶0066-0068).

Regarding claim 21, the combination of Macieira and Mathison discloses the method of claim 20, wherein provisioning the group profile further comprises:  
[Mathison: 0066] process 400 can include receiving, from the home subscriber server [“node”], information associated with the group identifier that is associated with the user device based on providing the request (block 430). For example, MME 215 [“device”] can receive, from HSS 230 [“node”] and via the S6A interface, the information associated with the group identifier [“group profile”] of user device 205, and can determine, using the group identifier, a network slice identifier [“collective data provenance information”] associated with user device 205).

Regarding claim 27, the combination of Macieira and Mathison may not explicitly teach, but Krishnan, which is a same field of endeavor, discloses the method of claim 20, further comprising:  generating at least one of a shared random parameter or a multiplicative triple for provisioning to the device group ([0011] the UE 14 receives an authentication request message (e.g., message 102 in FIG. 1), which contains a random number in the RAND IE and authentication parameters in the AUTH IE).
  At the time of filing, it would have been obvious for one of ordinary skill in the art to have modified the elements disclosed by Macieira and Mathison with the teachings of Krishnan to generat(ing) at least one of a shared random parameter or a multiplicative triple for provisioning to the device group. One of ordinary skill in the art would have been motivated to make this modification because it may allow upon successful verification, the MME 12 then considers as authenticated all of the UEs that were included in the list of UEs.

Regarding claim 30, it is an apparatus claim that corresponds to the claim 20. Macieira further discloses the apparatus for communication at a device, comprising:  
[0083] one processor to perform the operations and machine-readable storage device):  Therefore, claim 30 is rejected for at least same reasons as claim 20.


Claims 22-26 are rejected under 35 U.S.C. 103 as being unpatentable over Macieira et al. (US 20190044726 A1 hereinafter “Macieira”) in view of MATHISON et al. (US 20190082326 A1 hereinafter “Mathison”) in view of KRISHNAN et al. (US 20190239071 A1 hereinafter “Krishnan”).
Regarding claim 22, the combination of Macieira and Mathison may not explicitly teach, but Krishnan, which is a same field of endeavor, discloses the method of claim 20, wherein provisioning the plurality of evaluation parameters further comprises:  provisioning, to the device group, at least one of a message authentication code (MAC) share, a MAC key share, a shared random parameter, or a multiplicative triple ([Krishnan: 0090] The UE 14 is operable to: receive from a BS an authentication request message … ; a Message Authentication Code (MAC)).
At the time of filing, it would have been obvious for one of ordinary skill in the art to have modified the elements disclosed by Macieira and Mathison with the teachings of Krishnan to provision(ing), to the device group, at least one of a message authentication code (MAC) share, a MAC key share, a shared random parameter, or a multiplicative triple. One of ordinary skill in the art would have been motivated to make this modification because it may allow messages could be aggregated using different algebraic constructs, such as XORing different messages together to create an aggregated message [or collective data provenance generation]. One such approach is referred to as Aggregated Message Authentication Codes, or AMAC, which performs an XOR on MAC messages.

Regarding claim 23, the combination of Macieira and Mathison may not explicitly teach, but Krishnan, which is a same field of endeavor, discloses the method of claim 20, further comprising:  
verifying an authenticity of the data collectively generated through evaluation of a message authentication code received for each of the other devices, using a group public key ([Krishnan: 0075-0078] The UEs with the necessary cryptographic capabilities, e.g., those that support the public-key schemes detailed below (“using a group public key”, See more details ¶0108), may participate in the methods described herein. The BS 10 then issues individual authentication requests to each of the RRC_Connected UEs identified as being in the group or groups. (No requests are sent to idle UEs. [“verifying an authenticity”]). In the embodiment illustrated in FIG. 3, this is shown as authentication request messages 310, 312, and 314; [0083] the BS 10 aggregates the received responses (e.g., messages 320 and 326 [“verifying an authenticity”]) one by one as they are received).  
At the time of filing, it would have been obvious for one of ordinary skill in the art to have modified the elements disclosed by Macieira and Mathison with the teachings of Krishnan to provision(ing), to the device group, at least one of a message authentication code (MAC) share, a MAC key share, a shared random parameter, or a multiplicative triple. One of ordinary skill in the art would have been motivated to make this modification because it may allow upon successful verification, the MME 12 then considers as authenticated all of the UEs that were included in the list of UEs.

Regarding claims 24, the combination of Macieira and Mathison may not explicitly teach, but Krishnan, which is a same field of endeavor, discloses the method of claim 20, further comprising:  generating at least one of a message authentication code (MAC) key and a MAC key share for provisioning to the device group ([Krishnan: 0076] A key mixing function 506 is utilized to combine the OTP static key 502 with the dynamic key portion 504 to create a combined key 508 [“a message authentication code (MAC) key” to generate a message authentication code 514]).
 the combined key may be processed, along with any additional data using a hashing function, to generate a message authentication code (MAC) [or a message authentication code (MAC) key] (¶0076).
  
Regarding claims 25, the combination of Macieira, Mathison and Krishnan discloses the method of claim 24, further comprising:  generating a MAC on data based at least in part on the data received from the device group ([Krishnan: 0076] The combined key 508 is then processed, along with any additional data 510 [“data received”] using a hashing function 512, which in some embodiments is an HMAC function to generate a message authentication code 514 [“generating a MAC”, See ¶0052-0053 regarding add or remove the device from a group, to add or remove functionality or access to a service at step 208]; [Macieira: 0069] At 708, data entries from multiple nodes [“data received from the device group”] is transmitted to an aggregator node).
  
Regarding claim 26, the combination of Macieira, Mathison and Krishnan discloses the method of claim 25, further comprising: generating a MAC share based at least in part on creating the MAC on data for provisioning to the device group ([Krishnan: 0076] The combined key 508 is then processed, along with any additional data 510 using a hashing function 512, which in some embodiments is an HMAC function to generate a message authentication code 514. these processes occur both on the device that is embedded with the OTP static key 502, and on the DDS so that both the device and DDS have symmetric message authentication codes  [“MAC share”]).

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. 
• DU (US 20190014137 A1)- IoT DEVICE SECURITY: [0049] A profile of a group of IoT devices includes application data describing operation of IoT devices in the group for purposes of detecting undesired behavior of the IoT devices in operation. For example, a profile of a group of IoT devices can include normal operating behavior patterns of IoT devices in the group and undesired operating behavior patterns of the IoT devices in the group.

THIS ACTION IS MADE FINAL.  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to ANDREW SUH whose telephone number is (571)270-5524. The examiner can normally be reached 9:00 AM- 5:00 PM.

If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Carl Colin can be reached on (571) 272-3862. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/A.S./Examiner, Art Unit 2493                                                                                                                                                                                                        
/CARL G COLIN/Supervisory Patent Examiner, Art Unit 2493