Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
DETAILED ACTION  
This office action is in response to the amendments filed on 02/09/2022.
As per instant Amendment, claims 10, 11 and 15 have been amended; claims 1-9, 14 and 18-20 have been cancelled and claims 21-33 have been added.
Claims 10-13, 15-17 and 21-33 are pending.
EXAMINER’S AMENDMENT
An Examiner’s Amendment to the record appears below.  Should the changes and/or additions be unacceptable to Applicant, an amendment may be filed as provided by 37 CFR 1.312. To ensure consideration of such an amendment, it MUST be submitted no later than the payment of the issue fee.
Authorization for this Examiner’s Amendment was given in a telephone interview with Applicant’s representative, Mr. Mark K. Young (Reg. No. 38,666) on March 2nd, 2022.  During the telephone conference, Mr. Mark has agreed and authorized the Examiner to amend claims 10, 15-16, 21, 25-26, 28 and 32. 
The application has been amended as follows:
CLAIMS
Replacing claims 10, 15-16, 21, 25-26, 28 and 32 as following:
10. (Currently Amended) A client computing device, comprising:
one or more processors; and
one or more hardware-based non-transitory memory devices storing computer-readable instructions which, when executed by the one or more processors, cause the client computing device to perform an attestation process with a provisioning service using a Simple Authentication and Security Layer (SASL) framework, in which the executed instructions further cause the client computing device to:
configure an SASL INIT (initialization) message with a control byte which defines message attributes including an indication that the SASL INIT message is one segment of a message having multiple segments;
transmit the SASL INIT message;
configure a response message which includes a public key in response to receiving a challenge to the SASL INIT message, wherein the response message is configured with a control byte that defines attributes about the response message; 
transmit the response message;
	after transmitting the public keys, receive a first segment challenge key;
examine one or more bits within a control byte included in the first segment challenge key;
based on the examination of the one or more bits, determine whether the first segment challenge key is an interim segment or a final segment; 
; and
use the first segment challenge key in the attestation process in which a Shared Access Security (SAS) token is generated and transmitted to the provisioning service to authenticate the client computing device.
15. (Currently Amended) The client computing device of claim 10, in which the executed instructions further cause the client computing device to:
receive a second segment challenge key during the attestation process; 
examine one or more bits within a control byte included in the second segment challenge key; 
when the second segment challenge key is a final segment, then decode the first and second segment challenge keys using a private key; 
generate the SAS token using the decoded segment challenge keys; and
transmit a control byte in the SAS token to indicate that the SAS token comprises a last message to be read by the provisioning service in the attestation process. 
16. (Currently Amended) The client computing device of claim 15, in which the executed instructions further cause the client computing device to receive a validation message responsive to the SAS token being validated by [[a]] the provisioning service.
21. (Currently Amended) One or more hardware-based non-transitory computer-readable memory devices storing instructions which, when executed by one or more processors disposed in a client computing device, cause the client computing device to perform an attestation process with 
configure an SASL INIT (initialization) message with a control byte which defines message attributes including an indication that the SASL INIT message is one segment of a message having multiple segments;
transmit the SASL INIT message;
configure a response message which includes a public key in response to receiving a challenge to the SASL INIT message, wherein the response message is configured with a control byte that defines attributes about the response message; 
transmit the response message;
after transmitting the public keys, receive a first segment challenge key;
examine one or more bits within a control byte included in the first segment challenge key;
based on the examination of the one or more bits, determine whether the first segment challenge key is an interim segment or a final segment; 
when the first segment challenge key is an interim segment, then transmit an acknowledgment of receipt of the first segment challenge key; and
use the first segment challenge key in the attestation process in which a Shared Access Security (SAS) token is generated and transmitted to the provisioning service to authenticate the client computing device.

receive a second segment challenge key during the attestation process; 
examine one or more bits within a control byte included in the second segment challenge key; 
when the second segment challenge key is a final segment, then decode the first and second segment challenge keys using a private key; 
generate the SAS token using the decoded segment challenge keys; and
transmit a control byte in the SAS token to indicate that the SAS token comprises a last message to be read by the provisioning service in the attestation process. 
26. (Currently Amended) The one or more hardware-based non-transitory computer-readable memory devices of claim 25, in which the executed instructions further cause the client computing device to receive a validation message responsive to the SAS token being validated by [[a]] the provisioning service.
28. (Currently Amended) A method by which a client computing device performs an attestation process with a provisioning service using a Simple Authentication and Security Layer (SASL), comprising:
configuring an SASL INIT (initialization) message with a control byte which defines message attributes including an indication that the SASL INIT message is one segment of a message having multiple segments;

configuring a response message which includes a public key in response to receiving a challenge to the SASL INIT message, wherein the response message is configured with a control byte that defines attributes about the response message; 
transmitting the response message;
after transmitting the public keys, receiving a first segment challenge key;
examining one or more bits within a control byte included in the first segment challenge key;
based on the examination of the one or more bits, determining whether the first segment challenge key is an interim segment or a final segment; 
when the first segment challenge key is an interim segment, then transmitting an acknowledgment of receipt of the first segment challenge key; and
using the first segment challenge key in the attestation process in which a Shared Access Security (SAS) token is generated and transmitted to the provisioning service to authenticate the client computing device.
32. (Currently Amended) The method of claim 28, further including:
receiving a second segment challenge key during the attestation process; 
examining one or more bits within a control byte included in the second segment challenge key; 
when the second segment challenge key is a final segment, then decoding the first and second segment challenge keys using a private key; 
generating the SAS token using the decoded segment challenge keys; and
a control byte in the SAS token to indicate that the SAS token comprises a last message to be read by the provisioning service in the attestation process.
Response to Arguments
The objection to the claims 10-11 is withdrawn as the claims have been amended.
The previous rejection of claims 10-13 under 35 U.S.C. § 103 is withdrawn in response to the applicant's amendments.
Allowable Subject Matter
 Claims 10-13, 15-17 and 21-33 are allowed in light of the Applicant’s arguments/amendments and in light of the prior art made of record.
 The following is an examiner’s statement of reasons for allowance: 
As to claims 10-13, 15-17 and 21-33, the closest prior arts, Kumar (US 2012/0216244), in view of Casaccia (US 2004/0027999), in view of Costa (US 2015/0229619), in view of Dyer (US 2015/0188944) and further in view of Miele (US 2018/0241572), alone or in combination fails to anticipate or render obvious the claim invention.  
Kumar (prior art of record) discloses an attestation service and multi-factor application attestation issued by the attestation service; an active client application and/or a server application (e.g., using the Simple Authentication and Security layer (SASL) protocol) may request and/or use the received application statements or reports programmatically for a mutual attestation handshake and the API library 516 may See the abstract, par. 0059, 0069, 0098, 0106 and 0169 of Kumar.
Casaccia (prior art of record) discloses techniques for transmitting and receiving segmented broadcast messages and a method is provided for processing broadcast messages for transmission in a wireless communication system. In accordance with the method, a broadcast message is initially received for transmission over a wireless channel. The broadcast message is partitioned into a number of segments, and a header is formed for each segment- See the abstract, par. 0011, 0037 and 0070 of Casaccia.
Costa (prior art of record) discloses a methods for enforcing confidentiality and integrity of code and data while running the code over the data in a distributed computing system; establishing the secure sub-systems, keys are exchanged between the client and secure sub-systems and the secure sub-systems provide an attestation confirming the identity of the code running in the secure sub-systems and confirming that the code is running on genuine secure sub-systems and the code received from both clients is loaded as a single secure sub-system on machine i  and machine i generates an attestation for the secure sub-system for both clients, each encapsulating a distinct, new, symmetric key- See the abstract, par. 0044 and 0057 of Costa.
Dyer (prior art) discloses an attestation procedure is performed by the trust control server combining the user-defined values with the hardware-specific values from its database and comparing it to the user-stored Trust ID value stored in the memory register associated with a user's computer system. Comparing the Trust ID value obtained in See the abstract and par. 0023-0024 of Dyer.
Miele (prior art) discloses techniques for remote SGX enclave authentication; An attestation service may be used to attest that an enclave was successfully established on a Software Guard Extensions (SGX) enabled platform. Further, an attestation service may, in embodiments, be used as a notary system to attest that a public-key certificate was generated by a particular SGX enclave and, therefore, may be trusted by other remote enclaves for authentication- See the abstract of Miele.
However, none of Kumar, Casaccia, Costa, Dyer and Miele teaches or suggests, alone or in combination, the particular combination of steps or elements as recited in the independent claims, 1, 21 and 28.  For example, none of the cited prior art teaches or suggest the steps of response message is configured with a control byte that defines attributes about the response message; receive a first segment challenge key; examine one or more bits within a control byte included in the first segment challenge key; based on the examination of the one or more bits, determine whether the first segment challenge key is an interim segment or a final segment; when the first segment challenge key is an interim segment, then transmit an acknowledgment of receipt of the first segment challenge key; and use the first segment challenge key in the attestation process in which a Shared Access Security (SAS) token is generated and transmitted to the provisioning service to authenticate the client computing device.

Claims 11-13, 15-17, 22-27 and 29-33 are directly or indirectly dependent upon claims 1, 21 and 28 therefore, they are also allowable over the prior arts of record.
Any comments considered necessary by applicant must be submitted no later than the payment of the issue fee and, to avoid processing delays, should preferably accompany the issue fee.  Such submissions should be clearly labeled “Comments on Statement of Reasons for Allowance.”
Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to SANCHIT K SARKER whose telephone number is (571)270-7907. The examiner can normally be reached M-F 8:30 AM-5:30 PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.

Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/SANCHIT K SARKER/Examiner, Art Unit 2495