DETAILED ACTION

1. 	This Office Action is in response to an application filed on Mar. 17, 2020. The original filing includes claims 1-30. A preliminary amendment is filed on Mar. 17, 2020. No claims have been cancelled. No claims have been added. Therefore, Claims 1-30 are presented for examination. Now claims 1-30 are pending.

Notice of Pre-AIA  or AIA  Status
2.	The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.

Drawings
3. 	The drawing filed on 03/17/2020 are accepted.

Oath/Declaration
4. 	For the record, the Examiner acknowledges that the Oath/Declaration submitted on 04/13/2020 has been accepted.

Information Disclosure Statement
 5.	The information disclosure statements (IDSs) submitted on 03/17/2020, 08/13/2020, 01/11/2022 have been considered. The submissions are in compliance with the provisions of 37 CFR 1.97. Forms PTO-1449 are signed and attached hereto.

Priority
6.	Acknowledgment is made of domestic priority data as claimed by applicant application is a 371 of PCT/GB2018/053397 has been filed 11/23/2018. Acknowledgment is made of applicant’s claim for priority under 35 U.S.C. 119 (a)-(d). The certified copy of British Application GB1719462.2 filed on Nov. 23, 2017 has been received on 03/17/2020.
Examiner note: Applicant’s claim limitations of claims 1 and 12 invoking 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph and applicant’s specification discloses that processing means of claim limitations are a processor that processing such limitations, therefore, applicant’s limitations properly invoke 112 (f) sixth paragraph.

Claim Rejections - 35 USC § 112
7.	The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.


Claims 20-22 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor, or for pre-AIA  the applicant regards as the invention.
8.	Claims 20-22 recite “the same Internet of Things device” (claim 20 line 3), “the same Internet of Things device.” (claim 21 lines 2-3), “the same Internet of Things device.” (claim 22 lines 2-3); and each lacks antecedent basis.
Any claim not specifically addressed above is being rejected as incorporating the deficiencies of a claim upon which it depends.

Claim Rejections - 35 USC § 102
9.	The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –

(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale or otherwise available to the public before the effective filing date of the claimed invention.

(a)(2) the claimed invention was described in a patent issued under section 151, or in an application for patent published or deemed published under section 122(b), in which the patent or application, as the case may be, names another inventor and was effectively filed before the effective filing date of the claimed invention.

10.	Claims 1-4, 6-8, 12-16, and 23-30 are rejected under 35 U.S.C. 102 (a) (2) as being anticipated by Chen et al. U.S. 2017/0302669 hereinafter “Chen” Published Sep. 19, 2017 (according to applicant’s IDS filed on 3/17/2020).

Regarding claim 1, Chen teaches: server arrangement (Chen, see ¶ [0025]) comprising:
A network interface for connection to a gateway device (Chen, see ¶ [0024-0025]);
A data store (Chen, see FIG. 1C and FIG. 3 long with ¶¶ [0016 and 0030], also see ¶ [0034]); and
processing means (Chen, see ¶ [0025]), wherein the processing means are configured to: establish through the network interface a network connection to the gateway device (Chen, see FIG. 1C item “mobile device 2” where its equated with gateway device of applicant’ limitation along with ¶ [0012], “As shown by reference number 145, the management device may send, to mobile device 2 and ;
transfer security credentials over the network connection to the gateway device associated with the server arrangement, to enable the gateway device to obtain control of one or more Internet of Things devices (Chen, see FIG. 1C item 170 "Session ticket", along with ¶ [0015] "Based on determining that mobile device 2 is authorized to act as an IoT gateway for the IoT device, the management device may send a session ticket to mobile device 2, as shown by reference number 170. As shown by reference number 175, mobile device 2" where reads on applicant’s limitations);
establish an agency relationship with the gateway device or user of the gateway device to authorise the gateway device or user of the gateway device to perform control of Internet of Things devices on behalf of the server arrangement, creating a distributed management architecture (Examiner note: according to applicant’s disclosure “agency relationship” is disclosed as “the agency relationship relates to ascertaining a trustworthiness of the gateway device 106 in order to authorise the gateway device 106 to perform control of the Internet of Things devices 118 and 120 on behalf of the server arrangement 102”; Chen, see FIG. 1B, and FIG. 1C items 160, 165, and 170 along with ¶ [0015] " the management device has authenticated mobile device 2 and determined that mobile device 2 is authorized to act as an IoT gateway for the IoT device”);
assign tasks to the gateway device to be performed on behalf of the server arrangement (Chen, see ¶ [0039], “the offer may include information indicating how mobile device 230 may act as an IoT gateway. For example, the offer may include location information and time information”); 
receive from the gateway device, over a network connection, event data relating to Internet of Things devices controlled by the gateway device (Chen, first see FIG. 1C items 180, 190, and 195 “IoT data” along with ¶ [0053], “loT device 220 may use the session tickets to establish communication sessions with mobile devices 230”); and
store the event data in the data store (Chen, see ¶ [0089], “mobile device 230 may relay the data without locally storing the data (e.g., without non-transitorily storing the data on mobile device 230)”, also see ¶ [0017]).

Regarding claim 2, Chen teaches all the limitations of claim 1. Chen further teaches: wherein the server arrangement is configured to authorise multiple gateway devices each to control multiple Internet of Things devices (Chen, see ¶ [0025], “Network device 250 includes one or more devices (e.g., one or more traffic transfer devices) capable of processing and/or transferring traffic between provisioning device 210, IoT device 220, mobile device 230, management device 240, and/or the remainder of network 260. For example, network device 250 may include a firewall, a router, a gateway, a switch, a hub, a bridge, a reverse proxy, a server ( e.g., a proxy server), a security device, an intrusion detection device, a load balancer, a base station, an access point, or a similar device”). 

Regarding claim 3, Chen teaches all the limitations of claim 2. Chen further teaches: wherein the server arrangement is configured to assign tasks in respect of a given Internet of Things device to more than one gateway device (Chen, see ¶¶ [0042-0043], “management device 240 may send an offer to particular mobile devices 230 that may be potential IoT gateways”; “management device 240 may identify mobile device 230 as a potential IoT gateway based on mobile device 230 having registered, with management device 240, to act as an IoT gateway”). 

Regarding claim 4, Chen teaches all the limitations of claim 2. Chen further teaches: wherein the data store is a global data store storing event data for all the gateway and Internet of Things devices of the distributed management architecture (Chen, see ¶¶ [0016-0017], “such that mobile device 2 may send the session ticket to the IoT device (as shown by reference number 180). As shown by reference number 185, the IoT device may compare the session ticket received from mobile device 2 to the stored session tickets (e.g., the session tickets that the IoT device received from the  

Regarding claim 6, Chen teaches all the limitations of claim 1. Chen further teaches: wherein the event data are stored in the data store in an event sourcing format (Chen, see ¶¶ [0016, 0070, and 0089], “management device 240 may authenticate mobile device 230 by comparing the mobile device key, received from mobile device 230 … management device 240 may generate the mobile device key, retain and store a copy of the mobile device key, and send a copy of the mobile device key to mobile device 230”). 

Regarding claim 7, Chen teaches all the limitations of claim 1. Chen further teaches: wherein the security credentials include digital certificates or a signed concise binary object representation object (Chen, see ¶ [0072], “management device 240 may have received the management device key from a third party (e.g., a certificate authority) trusted by mobile device 230 and management device 240”). 

Regarding claim 8, Chen teaches all the limitations of claim 1. Chen further teaches: comprising an identity access management server configured to establish the authentication of a user of the gateway device and a secure device access server configured to establish an authorisation of the user of the gateway device to communicate with Internet of Things devices via the gateway device (Chen, see ¶¶ [0009 and 0014], “As shown in FIG. lA and by reference number 105, the management device may send the device-specific key to the IoT device. As shown by reference number 110, the management device and the IoT device may mutually authenticate each other ( e.g., based on the device-specific key). After the management device and the IoT device mutually authenticate each other, the management device may generate a set of session tickets ( e.g., a character string that IoT device may use to verify that a mobile device is authorized to act as an IoT gateway) for the IoT device 

Regarding claim 12, this claim defines a gateway claim that corresponds to a server claim 1 and does not define beyond limitations of claim 1. Therefore, claim 12 is rejected with the same rational as in the rejection of claim 1.
 
Regarding claim 13, this claim defines a gateway claim that corresponds to a server claim 5 and does not define beyond limitations of claim 5. Therefore, claim 13 is rejected with the same rational as in the rejection of claim 5.

Regarding claim 14, this claim defines a gateway claim that corresponds to a server claim 6 and does not define beyond limitations of claim 6. Therefore, claim 14 is rejected with the same rational as in the rejection of claim 6.

Regarding claim 15, this claim defines a gateway claim that corresponds to a server claim 7 and does not define beyond limitations of claim 7. Therefore, claim 15 is rejected with the same rational as in the rejection of claim 7.

Regarding claim 16, Chen teaches all the limitations of claim 1. Chen further teaches: wherein the server arrangement is a central server (Chen, see ¶ [0011], “As shown in FIG. lB, 

Regarding claim 17, this claim defines a method claim that corresponds to a server claim 1 and does not define beyond limitations of claim 1. Therefore, claim 17 is rejected with the same rational as in the rejection of claim 1.

Regarding claim 18, this claim defines a method claim that corresponds to a server claim 1 and does not define beyond limitations of claim 1. Therefore, claim 18 is rejected with the same rational as in the rejection of claim 1.

Regarding claim 23, this claim defines a method claim that corresponds to a server claim 1 and does not define beyond limitations of claim 1. Therefore, claim 23 is rejected with the same rational as in the rejection of claim 1.

Regarding claim 24, Chen teaches all the limitations of claim 17. Chen further teaches: wherein the local network connection between the gateway and the Internet of Things device is provided using PAN, LPWAN or other wireless area network technology. (Chen, see ¶ [0066], “mobile device 230 may start the application to configure mobile device 230 to receive data from loT device 220 (e.g., via the communication interface for low-power wireless communication) and/or to relay the data (e.g., for transmission via a network, as discussed below with regard to block 490)”). 
Regarding claim 25, this claim defines a method claim that corresponds to a server claim 6 and does not define beyond limitations of claim 6. Therefore, claim 25 is rejected with the same rational as in the rejection of claim 6.

Regarding claim 26, Chen teaches all the limitations of claim 17. Chen further teaches: wherein the Internet of Things device stores the event data in an Internet of Things device data store, the event data relating, at least, to tasks performed at the Internet of Things device (Chen, see FIG. 1C item 185 along with ¶ [0016], “the IoT device may compare the session ticket received from mobile device 2 to the stored session tickets (e.g., the session tickets that the IoT device received from the management device) to determine whether the session ticket received from mobile device 2 matches any of the stored session tickets.”). 

Regarding claim 27, Chen teaches all the limitations of claim 26. Chen further teaches: wherein the event data is signed by the Internet of Things device (Chen, see ¶ [0072], “mobile device 230 may use the management device key to authenticate management device 240 ( e.g., based on information and/or instructions in the dispatch message) ... management device 240 may have received the management device key from a third party (e.g., a certificate authority) trusted by mobile device 230 and management device 240”). 

Regarding claim 28, this claim defines a method claim that corresponds to a server claim 7 and does not define beyond limitations of claim 7. Therefore, claim 28 is rejected with the same rational as in the rejection of claim 7.

Regarding claim 29, this claim defines a method claim that corresponds to a server claim 16 and does not define beyond limitations of claim 16. Therefore, claim 29 is rejected with the same rational as in the rejection of claim 16.

Regarding claim 30, Chen teaches all the limitations of claim 17. Chen further teaches: wherein the data connection between the server arrangement and the gateway device is provided using Wi-Fi, Ethernet, LPWAN, Satellite UMTS, or other digital cellular technology (Chen, see ¶ [0033], “communication interface 370 may include an Ethernet interface, an optical interface, a coaxial interface, an infrared interface, a radio frequency (RF) interface, a universal serial bus (USB) interface, a Wi-Fi interface, a cellular network interface, or the like”). 

Claim Rejections - 35 USC § 103
11.	In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
10.	The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains.  Patentability shall not be negated by the manner in which the invention was made.


12.	The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459 (1966), that are applied for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.

3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.
13.	This application currently names joint inventors. In considering patentability of the claims the examiner presumes that the subject matter of the various claims was commonly owned as of the effective filing date of the claimed invention(s) absent any evidence to the contrary.  Applicant is advised of the obligation under 37 CFR 1.56 to point out the inventor and effective filing dates of each claim that was not commonly owned as of the effective filing date of the later invention in order for the examiner to consider the applicability of 35 U.S.C. 102(b)(2)(C) for any potential 35 U.S.C. 102(a)(2) prior art against the later invention.

14.	Claims 5 and 20-22 are rejected under 35 U.S.C. 103 as being unpatentable over Chen et al. U.S. 2017/0302669 hereinafter “Chen” in view of Mihelic et al. US 2018/0198598 hereinafter “Mihelic” continuation application of 15/138,172 Filed Apr. 25, 2016. 

Regarding claim 5, Chen teaches all the limitations of claim 2. Chen further teaches servers, gateways, and IoTs and manage communications between the devices. Chen does not explicitly disclose server arrangement including a master clock that synchronize the devices.
However Mihelic teaches: server arrangement including a master clock that synchronize the devices (Mihelic, see FIG. 8 along with ¶¶ [0108-0109], “the synchronization module 406 may apply the offset to the slave clock (e.g., at or associated with the slave clock module 408)”; “FIG. 8 is a diagram 800 of communication between a master clock 802 and a slave clock 804”).
Therefore, it would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to modify the invention of Chen with the teaching of Mihelic because the use of Mihelic’s idea (Mihelic, abstract) could provide Chen (Chen, abstract) the ability to perform synchronization through a master clock between devices where 

Regarding claim 20, this claim defines a method claim that corresponds to server claims 2 and 5 and does not define beyond limitations of claims 2 and 5. Therefore, claim 20 is rejected with the same rational as in the rejection of claims 2 and 5.

Regarding claim 21, the combination of Chen and Mihelic teach all the limitations of claim 20. Chen further teaches servers, gateways, and IoTs and manage communications between the devices. Chen does not explicitly disclose wherein the synchronisation data is clock offset data representing an offset between a clock of the server arrangement and a clock device 
However Mihelic teaches: wherein the synchronisation data is clock offset data representing an offset between a clock of the server arrangement and a clock device (Mihelic, see FIG. 8 along with ¶¶ [0108-0109], “the synchronization module 406 may apply the offset to the slave clock (e.g., at or associated with the slave clock module 408)”; “FIG. 8 is a diagram 800 of communication between a master clock 802 and a slave clock 804”).
Therefore, it would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to modify the invention of Chen with the teaching of Mihelic because the use of Mihelic’s idea (Mihelic, abstract) could provide Chen (Chen, abstract) the ability to perform synchronization through a master clock between devices where the synchronization module 406  providing by the slave digital device with slave clock servo 104 to the master digital device with master clock servo 102, “a Precision Time Protocol (PTP) … 

Regarding claim 22, this claim defines a method claim that corresponds to server claim 5 and does not define beyond limitations of claim 5. Therefore, claim 22 is rejected with the same rational as in the rejection of claim 5.
15.	Claims 9-10 are rejected under 35 U.S.C. 103 as being unpatentable over Chen et al. U.S. 2017/0302669 hereinafter “Chen” in view of Arora et al. US 2017/0099353 hereinafter “Arora” Published Apr. 6, 2017. 

Regarding claim 9, Chen teaches all the limitations of claim 8. Chen further teaches servers, gateways, and IoTs and manage and authorize communications between the devices. Chen does not explicitly disclose the secure device access server provides a first level of authorisation allowing reboot of the Internet of Things devices
However Arora teaches: the secure device access server provides a first level of authorisation allowing reboot of the Internet of Things devices (Arora, see ¶ [0043], “The management system can provide interfaces to communicate with the loT gateways to provide health monitoring and real time updates to the gateways configuration. The management system can expose an API to allow other systems to interact and manage the configuration. This can also include other remote management capabilities such as pushing device updates to loT gateways, performing reboots, remote configuration changes, and more”).
Therefore, it would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to modify the invention of Chen with the teaching of Arora because the use of Arora’s idea (Arora, abstract) could provide Chen (Chen, abstract) the ability to provide and perform reboot and configuration changes to IoT in order to manage communications with IoT, “The management system can expose an API to allow other systems 

Regarding claim 10, the combination of Chen and Arora teach all the limitations of claim 9. Further Arora teaches: wherein the authorisation of the user of the gateway device established by the secure device access server provides a second level of authorisation allowing a firmware update of the Internet of Things devices (Arora, see ¶¶ [0039-0043], “the software/firmware platform can interface with management system 606 to load the configuration ... The management system can provide interfaces to communicate with the loT gateways to provide health monitoring and real time updates to the gateways configuration”).
Therefore, it would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to modify the invention of Chen with the teaching of Arora because the use of Arora’s idea (Arora, abstract) could provide Chen (Chen, abstract) the ability to provide updates and perform reboot and configuration changes to IoT in order to manage communications with IoT, “The management system can expose an API to allow other systems to interact and manage the configuration. This can also include other remote management capabilities such as pushing device updates to loT gateways, performing reboots, remote configuration changes, and more” (Arora, para. [0043]).

16.	Claims 11 and 19 are rejected under 35 U.S.C. 103 as being unpatentable over Chen et al. U.S. 2017/0302669 hereinafter “Chen” in view of Daniel Altin US 2018/0048710 hereinafter “Altin” Filed Aug. 11, 2016. 

Regarding claim 11, Chen teaches all the limitations of claim 1. Chen further teaches the server arrangement is configured to compare event data and match the received event data in previous claims. Chen does not explicitly disclose replay tasks and compare the replayed task and identify a malicious attack
However Arora teaches: replay tasks and compare the replayed task and identify a malicious attack  (Altin, see ¶¶ [0148 and 0206], “If a counter value is received out of sequence, or if the same counter value is received more than once, this may indicate that a replay attack is being attempted”; “These techniques also prevent a man-in-the-middle attack by exchanging signed public keys. In addition, because GCM and separate counters are used on each device, any kind of "replay attack" (where a man in the middle captures the data and sends it again) is prevented. Some embodiments also prevent replay attacks by using asymmetrical counters”).
Therefore, it would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to modify the invention of Chen with the teaching of Altin because the use of Altin’s idea (Altin, abstract) could provide Chen (Chen, abstract) the ability to provide and perform highly secure techniques to prevent malicious attack and prevent attacks by using asymmetric counters, “he above techniques are highly secure because the private keys are never shared over the air … any kind of "replay attack" (where a man in the middle captures the data and sends it again) is prevented. Some embodiments also prevent replay attacks by using asymmetrical counters” (Altin, para. [0206]).

Regarding claim 19, this claim defines a method claim that corresponds to a server claim 11 and does not define beyond limitations of claim 11. Therefore, claim 19 is rejected with the same rational as in the rejection of claim 11.

Examiner note:
17.	In the case of amending the Claimed invention, Applicant is respectfully requested to indicate the portion(s) of the specification which dictate(s) the structure relied on for proper interpretation and also to verify and ascertain the metes and bounds of the claimed invention. This will assist in expediting compact prosecution.  MPEP 714.02 recites: “Applicant should also specifically point out the support for any amendments made to the disclosure. See MPEP § 2163.06. An amendment which does not comply with the provisions of 37 CFR 1.121(b), (c), (d), and (h) may be held not fully responsive. See MPEP § 714.”  Amendments not pointing to specific support in the disclosure may be deemed as not complying with provisions of 37 C.F.R.  1.131(b), (c), (d), and (h) and therefore held not fully responsive.  Generic statements such as “Applicants believe no new matter has been introduced” may be deemed insufficient.

Conclusion
18.	The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.
Irwan et al. US 10,757,103 B2- discloses an authentication request from a first computing Device and performs one or more authentication services on behalf of a second computing device using identity information that is stored in a first data repository.
Sciancalepore et al. 2017 IEEE Symposium on Computers and Communications (ISCC), "OAuth-IoT: an access control framework for the Internet of Things based on open standards" discloses  a flexible authentication and authorization framework for the Internet of Things, namely OAuth-IoT and it leverages and properly harmonizes existing open-standards.

If attempts to reach the examiner by telephone are unsuccessful, the examiner's supervisor, KRISTINE L KINCAID can be reached on (571) 272-4063. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system. Status information for published applications may be obtained from either Private PAIR or Public PAIR. Status information for unpublished applications is available through Private PAIR only. For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272- 1000.

/KHALIL NAGHDALI/            Primary Examiner, Art Unit 2437