DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Continued Examination Under 37 CFR 1.114
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection.  Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114.  Applicant's submission filed on 8/10/2021 has been entered.

Response to Amendment / Arguments
Regarding claims rejected under 35 USC 103:
Applicant’s arguments, in view of the amended claim language, have been fully considered and are persuasive.  Therefore, the rejection has been withdrawn.  However, upon further consideration, a new ground(s) of rejection is made in view of Meier (US 7,542,572 B2) and Roberts (US 2011/0026516 A1).

Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.


The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.




Claims 1-6 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA  35 U.S.C. 112, the applicant), regards as the invention. Claim 1 recites the limitation "perform mutual authentication with a first service" and the limitation “perform the mutual authentication with a first service,” where it is not clear whether “a service” repeated twice is intended to be the same service. As such, the claim is indefinite. Further, claims 2-6 do not rectify the issue and are therefore likewise rejected. 

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having 

Claims 1, 5-6, and 17-20  is/are rejected under 35 U.S.C. 103 as being unpatentable over Himawan (US 2011/0161659 A1) in view of Meier (US 7,542,572 B2), Roberts (US 2011/0026516 A1), and Miyashita (US 2007/0236327 A1).

Regarding claim 1, Himawan discloses: A system, comprising: 
a network interface; 
a data storage comprising a non-volatile portion; 
a processor; and 
Refer to at least FIG. 1 and [0019], and [0060]-[0061] of Himawan with respect to processors, memory, and/or network interfaces. 
wherein, the processor, upon determining attachment to a network:
accesses a first address within the data storage; 
Refer to at least FIG. 2, [0023], and [0034] of Himawan with respect to a subscriber unit being provided with provisioning access data; the provisioning access data including network addresses and/or channels for a provisioning server. 
attempt to perform authentication with a first service provided at the first address; 
perform the authentication with a first service provided at the first address;
Refer to at least [0034]-[0035], [0037]-[0038], and [0041] of Himawan, wherein the SU and server authenticate each other’s transmitted data as a prerequisite for continued operation.
upon successfully performing authentication with the first service, receiving from the first service a certificate a second address and a signed certificate; and
Refer to at least [0047], [0049]-[0051], and [0053] of Himawan with respect to the server participating in generating a certificate and associated service provider configuration parameters as part of a codeplug for the SU. 
reconfigures the system to communicate with a second service at the second address.
Refer to at least [0054]-[0055] of Himawan with respect to the SU obtaining the codeplug and its utilization in connecting to available provided services.
Himawan does not specify: upon determining a first attachment to a network; mutual authentication; and wherein the processor initially has all communications via the network blocked except for the attempt to perform mutual authentication; and wherein the communications via the network are unblocked. read only; wherein the first address is hardcoded within the non-volatile portion of the data storage. However, Himawan in view of Meier discloses: upon determining a first attachment to a network; 
Refer to at least Col. 1, Ll. 47-50 and Col. 7, Ll. 8-24 of Meier with respect to a network component which is installed and initiates communication with a CMS thereafter as a result. 
mutual authentication; 
Refer to at least Col. 2, Ll. 60-64, Col. 4, Ll. 61-Col. 5, Ll. 19, and Col. 8, Ll. 13-15 of Meier with respect to the network component and the CMS performing mutual authentication. 
and wherein the processor initially has all communications via the network blocked except for the attempt to perform mutual authentication; and wherein the communications via the network are unblocked. 
Refer to at least Col. 7, Ll. 24-Col. 8, Ll. 23 of Meier, wherein the network component has to first successfully perform mutual authentication with the CMS to obtain a network configuration / credentials for properly connecting to a network. Without a successful 
The teachings of Himawan and Meier each concern a device connecting to a network by means of obtaining configuration information from a network device.
 Therefore it would have been obvious to one of ordinary skill in the art before the filing date of Applicant’s invention to modify the teachings of Himawan to include having an automatic configuration and authentication on powerup for at least the purpose of increased ease-of-use, as well as increased security (e.g., preventing network configuration information from being easily eavesdropped by a malicious actor).
Himawan-Meier in view of Roberts and Miyashita further discloses: read only; wherein the first address is hardcoded within the non-volatile portion of the data storage.
Refer to at least [0002]-[0003] of Roberts with respect to IP telephones being hard-coded with addresses of SBCs for accessing / connecting to a network (e.g., [0018] of Roberts).
Refer to at least [0088] of Miyashita, wherein the address of a server may be prestored in the ROM of a connecting apparatus.
The teachings of Himawan-Meier, and Roberts each concern a device connecting to a network by means of obtaining configuration information from a network device. Further, the teachings of Miyashita are considered to further be combinable because they relate to storing addresses in memory. 
Therefore it would have been obvious to one of ordinary skill in the art before the filing date of Applicant’s invention to modify the teachings of Himawan-Meier to include pre-stored provisioning information being hardcoded into ROM  for at least the reasons discussed in Col. 1, Ll. 35-50 of Meier (i.e., ease of use in securely installing network equipment without any manual configuration). 

The system of claim 1, wherein the signed certificate comprises the first address.
Refer to at least [0027]-[0028] of Himawan with respect to a self-signed certificate.

Regarding claim 6, Himawan-Meier-Roberts-Miyashita discloses: The system of claim 1, wherein the processor, following successfully mutual authentication, establishes a secure channel with the first service to receive the signed certificate.
Refer to at least [0056] of Himawan with respect to SSL/TLS for securing communications between the SU and server. 

Regarding claim 17, Himawan discloses: A system, comprising: 
a data storage; 
a processor; 
a network interface to a network; and 
Refer to at least FIG. 1 and [0019], and [0060]-[0061] of Himawan with respect to processors, memory, and/or network interfaces. 
wherein the processor: 
receives, via the network interface, a certificate from an endpoint; 
Refer to at least [0036]-[0038] of Himawan with respect to a provisioning server receiving a CSR with certificate from a subscriber unit.
upon receiving the certificate, validates the certificate utilizing a public key maintained in the data storage; and 
Refer to at least [0037], [0041], [0025], and [0027]-[0028] of Himawan with respect to certificate verification in association with its private/public key pair.  
upon successfully validating the certificate, adding the endpoint to a list of trusted endpoints to thereby enable the endpoint to utilize a network.
Refer to at least [0045]-[0047] of Himawan with respect to the server adding the SU to database(s) associated with service provision. 
Himawan does not fully disclose all elements of: upon a first attachment; read only; receives, via the network interface, a request for mutual authentication from an endpoint, the request originating from the endpoint at an address hardcoded in non-volatile read-only memory of the endpoint, and wherein the request further comprises a unique identifier of the endpoint and wherein the request further comprises a certificate from the non-volatile memory of an endpoint; wherein the processor initially has all communications via the network blocked except for the attempt to perform mutual authentication. However, Himawan in view of Meier discloses: upon a first attachment; 
Refer to at least Col. 1, Ll. 47-50 and Col. 7, Ll. 8-24 of Meier with respect to a network component which is installed and initiates communication with a CMS thereafter as a result. 
receives, via the network interface, a request for mutual authentication from an endpoint; 
Refer to at least Col. 2, Ll. 60-64, Col. 4, Ll. 61-Col. 5, Ll. 19, and Col. 8, Ll. 13-15 of Meier with respect to the network component and the CMS performing mutual authentication. 
and wherein the request further comprises a unique identifier of the endpoint and wherein the request further comprises a certificate from the non-volatile memory of an endpoint; 
Refer to at least Col. 5, Ll. 5-10 and Col. 7, Ll. 24-39 of Meier with respect to a certificate and identifier of the network component for verification by the CMS. 
wherein the processor initially has all communications via the network blocked except for the attempt to perform mutual authentication;
Refer to at least Col. 7, Ll. 24-Col. 8, Ll. 23 of Meier, wherein the network component has to first successfully perform mutual authentication with the CMS to obtain a network 
The teachings of Himawan and Meier each concern a device connecting to a network by means of obtaining configuration information from a network device.
 Therefore it would have been obvious to one of ordinary skill in the art before the filing date of Applicant’s invention to modify the teachings of Himawan to include having an automatic configuration and authentication on powerup for at least the purpose of increased ease-of-use, as well as increased security (e.g., preventing network configuration information from being easily eavesdropped by a malicious actor).
Himawan-Meier in view of Roberts and Miyashita further discloses: read only; the request originating from the endpoint at an address hardcoded in non-volatile read-only memory of the endpoint.
Refer to at least [0002]-[0003] of Roberts with respect to IP telephones being hard-coded with addresses of SBCs for accessing / connecting to a network (e.g., [0018] of Roberts).
Refer to at least [0088] of Miyashita, wherein the address of a server may be prestored in the ROM of a connecting apparatus.
The teachings of Himawan-Meier, and Roberts each concern a device connecting to a network by means of obtaining configuration information from a network device. Further, the teachings of Miyashita are considered to further be combinable because they relate to storing addresses in memory. 
Therefore it would have been obvious to one of ordinary skill in the art before the filing date of Applicant’s invention to modify the teachings of Himawan-Meier to include pre-stored provisioning information being hardcoded into ROM  for at least the reasons discussed in Col. 1, 

Regarding claim 18, Himawan-Meier-Roberts-Miyashita discloses: The system of claim 17, wherein the network is a network of a client utilizing the endpoint.
Refer to at least FIG. 1 of Himawan concerning a client and network utilization. 

Regarding claim 19, Himawan-Meier-Roberts-Miyashita discloses: The system of claim 17, wherein the certificate is provided by a manufacture of the endpoint.
Refer to at least [0017] and [0027] of Himawan with respect to manufacturer’s certificate data. 

Regarding claim 20, Himawan-Meier-Roberts-Miyashita discloses: The system of claim 17, wherein the processor further receives, via the network, notification from a reseller (e.g., the FSO) that an endpoint is to be assigned to a customer (e.g., user) and, in response thereto, the system notifies a device enrollment service (DES) (e.g., provisioning server) to update a profile stored therein such that when the DES is queried the endpoint is known and known to be associated with the customer.
Refer to at least [0039] and [0048] of HImawan with respect to an FSO sponsoring the subscriber unit for obtaining network services. 

Claims 7, 9-10, and 13-15 is/are rejected under 35 U.S.C. 103 as being unpatentable over Pellikka (US 2014/0013108 A1) in view of Roberts (US 2011/0026516 A1)  and Miyashita (US 2007/0236327 A1).

Regarding claim 7, Pellikka discloses: A system, comprising: 
a data storage; 
a processor; 
a network interface to a network; and 
Refer to at least FIG. 4, FIG. 7, and [0084]-[0098] of Pellikka with respect to devices and respective elements. 
wherein the processor:
receives, via the network interface, a request for mutual authentication from an endpoint upon a first attachment to the network, wherein the endpoint is unable to utilize the network other than to perform the mutual authentication; 
Refer to at least [0047] and [0033] of Pellikka with respect to requiring mutual authentication before transmission of a request for a certificate. Without a successful mutual authentication, the requestor 110 is unable to connect and utilize the network.
in response to the received request, performs mutual authentication with the endpoint; 
Refer to at least [0030], [0034], and [0076] of Pellikka with respect to mutual verification between a requesting client and a verification and certificate issuance (VCI) apparatus.
upon successfully performing the mutual authentication, providing the endpoint with a certificate to enable the endpoint to utilize a network.
Refer to at least FIG. 6A, [0076], and [0081] of Pellikka with respect to issuance of a certificate by the VCI for the client to use for connecting to network services. 
Pellikka does not fully disclose all elements of: read only; the request originating from the endpoint at an address hardcoded in nonvolatile memory of the endpoint; wherein the endpoint is unable to utilize the network other than to perform the mutual authentication. However, Pellikka in view of Roberts and Miyashita discloses: read only; the request originating from the endpoint at an address hardcoded in nonvolatile memory of the endpoint.
Refer to at least [0002]-[0003] of Roberts with respect to IP telephones being hard-coded with addresses of SBCs for accessing / connecting to a network (e.g., [0018] of Roberts).
Refer to at least [0088] of Miyashita, wherein the address of a server may be prestored in the ROM of a connecting apparatus.
The teachings of Pellikka and Roberts each relate to authentication for establishing network communications and are considered to be within the same field of endeavor and combinable as such. Further, the teachings of Miyashita are considered to further be combinable because they relate to storing addresses in memory.
Therefore it would have been obvious to one of ordinary skill in the art before the filing date of Applicant’s invention to modify the teachings of Pellikka to include having a hardcoded stored address for at least the purpose of improving ease of use by automating configuration. It further would have been obvious to include requiring a mutual authentication to obtain network information for at least the purpose of increased security (e.g., preventing network configuration information from being easily eavesdropped by a malicious actor). 

Regarding claim 9, Pellikka-Roberts-Miyashita discloses: The system of claim 7, wherein processor receives a unique identifier of the endpoint from a manufacture of the endpoint.
Refer to at least [0028] and [0036] of Pellikka with respect to a MAC address identifier and associated verification.  

Regarding claim 10, it is rejected for substantially the same reasons as claim 9 above (e.g., at least [0028] and [0036] of Pellikka with respect to a MAC address identifier and associated verification).

The system of claim 7, wherein the data storage maintains a record identifying a service provider with a customer.
Refer to at least [0058], [0068], [0070]-[0072], and [0075] of Pellikka with respect to client and service associations. 

Regarding claim 14, Pellikka-Roberts-Miyashita discloses: The system of claim 13, wherein the record is updated upon receiving, from the service provider, a request to associate a third party with the service provider.
Refer to at least [0072] and [0075] of Pellikka with respect to services having client/device associations, including ACLs and blacklists; providing the associations to the VCI. 

Regarding claim 15, it is rejected for substantially the same reasons as claim 14 above (i.e., at least [0072] and [0075] of Pellikka with respect to clients).


Claim 2 is/are rejected under 35 U.S.C. 103 as being unpatentable over Himawan-Meier-Roberts-Miyashita as applied to claims 1, 5-6, and 17-20 above, and further in view of Pellikka (US 2014/0013108 A1).

Regarding claim 2, it is not clear whether Himawan-Meier-Roberts-Miyashita  fully discloses: wherein the processor further provides the second service with the signed certificate to be authenticated by the second service. However, Himawan-Meier-Roberts-Miyashita  in view of Pellikka discloses: wherein the processor further provides the second service with the signed certificate to be authenticated by the second service.
Refer to at least [0076] and [0081] of Pellikka with respect to a client using its obtained certificate to connect to network services. 
The teachings of Himawan-Meier-Roberts-Miyashita and Pellikka concern certificates for obtaining network services, and are considered to be within the same field of endeavor and combinable as such.
Therefore it would have been obvious to one of ordinary skill in the art before the filing date of Applicant’s invention to modify the teachings of Himawan-Meier-Roberts-Miyashita  to include support for providing the certificate to desired services for at least the purpose of allowing services to specify clients as per at least [0058] and [0068] of Pellikka; to allow for greater privacy as per at least [0067] and [0003] of Pellikka.

Claims 3-4 is/are rejected under 35 U.S.C. 103 as being unpatentable over Himawan-Meier-Roberts-Miyashita  as applied to claims 1, 5-6, and 17-20 above, and further in view of Azema (US 2004/0025010 A1).

Regarding claim 3, Himawan-Meier-Roberts-Miyashita  does not fully disclose all elements of: upon receiving a request to generate a self-signed certificate, generates a self-signed certificate and a hash of the self-signed certificate and provides the hash to the first service. However, Himawan-Meier-Roberts-Miyashita  in view of Azema discloses: upon receiving a request to generate a self-signed certificate, generates a self-signed certificate and a hash of the self-signed certificate and provides the hash to the first service.
Refer to at least [0054], [0060], and [0066] of Azema with respect to hashing a manufacturer’s certificate and associated verification. 
The teachings of Himawan concern manufacturer certificate data (e.g., [0017] and [0027] of Himawan) and, as such, are considered to be combinable with those of Azema. 


Regarding claim 4, it is rejected for substantially the same reasons as claims 1 and 3 above (e.g., at least [0054], [0060], and [0066] of Azema with respect the certificate hash and associated verification).

Claims 8 is/are rejected under 35 U.S.C. 103 as being unpatentable over Pellikka-Roberts-Miyashita as applied to claims 7, 9-10, and 13-15 above, and further in view of Caldwell (US 2017/0142191 A1).

Regarding claim 8, Pellikka-Roberts-Miyashita does not explicitly specify: further comprising generating the certificate signed by the system utilizing a public key of the system. However, the examiner hereby takes official notice that it was well known in the art before the filing date of Applicant’s invention to sign certificates utilizing a public key; that one of ordinary skill in the art would have been motived to modify the teachings of Pellikka-Roberts-Miyashita in such a manner because all of the claimed elements were known in the prior art and one skilled in the art could have combined the elements as claimed by known methods with no change in their respective functions, and the combination would have yielded predictable results to one of ordinary skill in the art at the time of the invention.

s 11-12 is/are rejected under 35 U.S.C. 103 as being unpatentable over Pellikka-Roberts-Miyashita as applied to claims 7, 9-10, and 13-15 above, and further in view of Azema (US 2004/0025010 A1).

Regarding claim 11, Pellikka-Roberts-Miyashita does not fully disclose all elements of: wherein the processor receives a hash of the certificate from a manufacture of the endpoint. However, Pellikka-Roberts-Miyashita in view of Azema discloses: wherein the processor receives a hash of the certificate from a manufacture of the endpoint.
Refer to at least [0054], [0060], and [0066] of Azema with respect to hashing a manufacturer’s certificate and associated verification. 
The teachings of Pellikka-Roberts-Miyashita and Azema concern certificates and associated verification, and are considered to be combinable as such. 
Therefore it would have been obvious to one of ordinary skill in the art before the filing date of Applicant’s invention to modify the teachings of Pellikka-Roberts-Miyashita to include hashing and verification associated with a manufacturer’s certificate because all of the claimed elements were known in the prior art and one skilled in the art could have combined the elements as claimed by known methods with no change in their respective functions, and the combination would have yielded predictable results to one of ordinary skill in the art at the time of the invention.

Regarding claim 12, it is rejected for substantially the same reasons as claims 7 and 11 above (e.g., at least [0054], [0060], and [0066] of Azema with respect to the verification).

Claims 16 is/are rejected under 35 U.S.C. 103 as being unpatentable over Pellikka-Roberts-Miyashita as applied to claims 7, 9-10, and 13-15 above, and further in view of Caldwell (US 2017/0142191 A1).

Regarding claim 16, Pellikka-Roberts-Miyashita does not disclose all aspects of: further comprising: receiving a request to from a reseller to update a record that associate an endpoint with a service provider for a customer; and upon determining that the data storage maintains a record granting permission for the update, performing the update. However, Pellikka-Roberts-Miyashita in view of Caldwell discloses: further comprising: receiving a request to from a reseller to update a record that associate an endpoint with a service provider for a customer; and upon determining that the data storage maintains a record granting permission for the update, performing the update.
Refer to at least [0087] of Caldwell with respect to updating credentials and service associations.
The teachings of Pellikka-Roberts-Miyashita and Caldwell concern network authentication, and are considered to be combinable as such. 
Therefore it would have been obvious to one of ordinary skill in the art before the filing date of Applicant’s invention to modify the teachings of Pellikka to include third party updates because all of the claimed elements were known in the prior art and one skilled in the art could have combined the elements as claimed by known methods with no change in their respective functions, and the combination would have yielded predictable results to one of ordinary skill in the art at the time of the invention.

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.
 

Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jeffrey L Nickerson can be reached on (469) 295-9235. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/Jeffrey Nickerson/Supervisory Patent Examiner, Art Unit 2432                                                                                                                                                                                                        




/V.S/Examiner, Art Unit 2432