DETAILED ACTION

1.	The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . 
2.	This action is in response to the following communication: Amendment to application No. 16/937,739 filed on 12/13/2021.
3.	Claims 1, 8 and 17 have been amended.
Claims 1-20 now remain pending.
Claims 1, 8 and 17 are independent claims.
Specification Objection

4.	Prior objection is overcome by corrections.
Claim Rejections - 35 USC § 112 
5.	Prior rejection is overcome by corrections.
Allowable Subject Matter

6.	Claims 10 and 19 are objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims.
7.	Claims 10 and 19, wherein the cited prior art taken alone or in combination fail to teach, in combination with the other claimed limitations, of “receiving a current security component for the particular credential from a PAM system; and performing an authentication with the particular IoT device using the current security component; in response to the authentication failing, performing an authentication with the particular IoT device using a default credential for the particular IoT device family”. 

Response to Arguments
8.	Applicant’s arguments with respect to newly amended independent claims 1, 8 and 17 and claims 2-7, 9-16 and 18-20 on the response in the remarks have been fully considered but they are not persuasive.  
Applicant contends with respect to claims 1-20 (p. 1, last para. – p. 2, last para.) that “that the cited references, either alone or in combination, fail to show or suggest at least the following portion of claim 1: identify a particular IoT device of the plurality of loT devices corresponding to, the particular credential according to the mapping [of a plurality of credentials to a plurality of internet of things (loT) devices] in the data store… Shuman fails to show or suggest that a particular IoT device is identified that corresponds to a particular credential for which a request to change a security component for is received” – (p. 2, 2nd para., and last para.). Examiner respectfully disagrees; as an initial matter, with respect to claim 1, Shuman is not relied upon for such limitations; rather Bender is cited as disclosing such limitations. Bender discloses such use at/on: (column 5, lines 12-18) “during act 318, the current credential is determined to be the password, then either IoT device 104 may generate a new password or IoT device 104 may call upon another device to generate a new password and provide the new password to IoT device 104 (act 320). Next, IoT device 104 may change the password to the new password on a server that provides a service used by IoT device 104 (act 322)” and (column 2, lines 39-44) , “the credentials may include, but not be limited to, a password, a symmetric cryptographic key and a public/private key and associated certificate. Each networked IoT device may have one or more credentials that are unique per network service to be used by the IoT device”. Moreover, 
Applicant contends with respect to claims 1-20 (p. 3, 1st - last para.) that “the cited references, either alone or in combination, fail to show or suggest at least the following portions of claim 1: determine a credential change profile corresponding to the particular IoT device family; and initiate changing of a credential for the particular IoT device over a network based on the credential change profile… Sankaran fails to show or suggest initiating changing of a credential for a particular IoT device using a credential change profile determined as corresponding to an identified IoT device family… Sankaran is silent as to using the configuration change message to initiate changing of credentials at all. Furthermore, none of the cited portions of Sankaran refer to credentials”  - (p. 3, 1st and last para.). Examiner respectfully disagrees; Sankaran teaches such use at/on: (column 2, lines 33-40) “this scope can be used for configuration purposes across the network devices of an entire network by conveying a new network device configuration to the network devices that fall within the scope as determined by the defined conditions.  The network devices within the scope apply the new configuration.  The network devices outside the scope typically do not receive the new configuration and, in any case, do not apply the new configuration” and (column 7, lines 56-59) “sending a configuration change message including a configuration change to the plurality of in-scope network devices (processing block 625); and receiving a commit message from the plurality of in-scope network devices indicating that the configuration change has been committed (processing block 630)” (emphasis added). It is noted that such “the network devices that fall within the scope” of Sankaran is very 

Claim Rejections - 35 USC § 103

9.	The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains.  Patentability shall not be negated by the manner in which the invention was made.

10.	Claims 1, 3, 4, 8, 13, 14 and 17 are rejected under 35 U.S.C. 103 as being unpatentable over Shuman et al.,  US 20140241354 (hereinafter Shuman) in view of Bender et al., U.S. Patent No. 10,594,482 (hereinafter Bender) in view of Sankaran US. Patent No. 8,554,883.   
   In regards to claim 1, Shuman teaches:
A system comprising, a data store comprising data mapping a plurality of credentials to a plurality of internet of things (IoT) devices; and at least one computing device in communication with the data store, the at least one computing device being configured to at least (p. 1, [0002], see organizing various heterogeneous IoT devices into pre-defined and/or ad-hoc IoT device groups), (Fig. 5, 510 Define IoT group Criteria, and/or Provisioning Mechanism, criteria and the attributes associated with the one or more IoT devices) and (p. 4, [0034], see the supervisor device 130 may obtain information from the Internet 175 and/or the IoT server 170 that can be used to further monitor or manage attributes, activities, or other states associated with the various IoT devices 110-120) (emphasis added).
identify a particular IoT device of the plurality of IoT devices corresponding to the particular credential according to the mapping in the data store (p. 8, [0064], see the method 500 shown in FIG. 5 may be carried out using the IoT server 170), (p. 1, [0008], see form multiple IoT devices into multiple IoT groups according to one or more group criteria and attributes associated with the one or more IoT devices and define one or more hierarchies within each IoT group according to the one or more group criteria and the attributes associated with the one or more IoT devices) and (p. 9, [0069], see the method 500 may return to blocks 520 and 530 to manage the IoT device groups. For example, certain IoT 
identify a particular IoT device family for the particular IoT device (p. 1, [0002], see organizing various heterogeneous IoT devices into pre-defined and/or ad-hoc IoT device groups), (p. 1, [0008], see form multiple IoT devices into multiple IoT groups according to one or more group criteria and attributes associated with the one or more IoT devices and define one or more hierarchies within each IoT group according to the one or more group criteria and the attributes associated with the one or more IoT devices), (Fig. 5, 510 Define IoT group Criteria, and/or Provisioning Mechanism, 520 Form Pre-Defined IoT Groups based on Static Criteria, 530 Form Pre-Defined IoT Groups based on Dynamic Criteria) and (p. 8, [0064], see more particularly, according to one aspect of the disclosure, FIG. 5 illustrates an exemplary method 500 for forming IoT device groups and enabling communication among IoT device groups.  In general, the method 500 shown in FIG. 5 may be carried out using the IoT server 170).
Shuman doesn’t explicitly teach:
receive a request to change a security component of a particular credential of the plurality of credentials.
However, Bender teaches such use: (column 5, lines 12-18, see during act 318, the current credential is determined to be the password, then either IoT device 104 may generate a new password or IoT device 104 may call upon another device to generate a new password and provide the new password to IoT device 104 (act 320). Next, IoT device 104 may change the password to the new password on a server that provides a service used by IoT device 104 (act 322)) and (column 2, lines 39-44 , see the credentials may include, but not be limited to, a password, a symmetric cryptographic key and a public/private key and associated certificate. Each networked IoT device may have one or more credentials that are unique per network service to be used by the IoT device). 
Shuman and Bender are analogous art because they are from the same field of endeavor, software credentials. 
Therefore it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention, having the teaching of Shuman and Bender before him or her, to modify the system of Shuman to include the teachings of Bender, as a credential management system, and accordingly it would enhance the system of Shuman, which is focused on groups of IoT, because that would provide Shuman with the ability to change credentials, as suggested by Bender (column 5, lines 12-18, column 10, lines 21-29).      
Shuman and Bender, in particular Shuman doesn’t explicitly teach:
determine a credential change profile corresponding to the particular IoT device family.
However, Sankaran teaches such use: (column 2, lines 33-40, see this scope can be used for configuration purposes across the network devices of an entire network by conveying a new network device configuration to the network devices that fall within the scope as determined by the defined conditions.  The network devices within the scope apply the new configuration.  The network devices outside the scope typically do not receive the new configuration and, in any case, do not apply the new configuration).
initiate changing of a credential for the particular IoT device over a network based on the credential change profile.
However, Sankaran teaches such use: (column 7, lines 56-59, see  sending a configuration change message including a configuration change to the plurality of in-scope network devices (processing block 625); and receiving a commit message from the plurality of in-scope network devices indicating that the configuration change has been committed (processing block 630)).  
Shuman, Bender and Sankaran are analogous art because they are from the same field of endeavor, software credentials. 
Therefore it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention, having the teaching of Shuman, Bender and Sankaran before him or her, to modify the system of Shuman and Bender, in particular Shuman, to include the teachings of Sankaran, as a system for sharing configurations across network devices, and accordingly it would enhance the system of Shuman, which is focused on groups of IoT, because that would provide Shuman with 

   In regards to claim 3, Shuman and Bender, in particular Shuman doesn’t explicitly teach:
the credential change profile specifies at least one protocol supported by the particular IoT device family and initiating changing of the credential is performed via the at least one protocol.
However, Sankaran teaches such use: (column 2, lines 45-49, see a multi-device configuration context can be provided, much like an interface context or routing protocol context.  The multi-device configuration context can be provided through management interfaces like a command line interface, Simple Network Management Protocol (SNMP), or other means), (column 5, line 67- column 6, line 4, see in a second protocol transaction (e.g., phase 2) implemented by a second phase module of an Active Negotiator or Negotiatee, the negotiation devices of the in-scope set participate in an active negotiation for a configuration change and commit to the change), (column 6, lines 31-36, see active Negotiator 410 can begin to negotiate the configuration change with the eligible Negotiatees 530.  In a particular embodiment, this second phase transaction can be connection-oriented and can be implemented over the well-known transmission control protocol (TCP)).
Shuman, Bender and Sankaran are analogous art because they are from the same field of endeavor, software credentials. 


   In regards to claim 4, Shuman doesn’t explicitly teach:
the request is received from a privileged access management (PAM) system and the at least one computing device is further configured to register the plurality of credentials with the PAM system.
However, Bender teaches such use: (column 2, lines 39-44, see the credentials may include, but not be limited to, a password, a symmetric cryptographic key and a public/private key and associated certificate. Each networked IoT device may have one or more credentials that are unique per network service to be used by the IoT device), (column 1, lines 31-35, see a method is provided for managing credentials of a networked device for access to network services.  A networked device may determine an occurrence of a condition), (column 2, lines  55-58, see in some embodiments, a networked IoT device may dynamically request and negotiate, with an identity provider, one or more new credentials under any one of a number of conditions) and (column 3, lines 21-25, see a networked IoT device refreshes its one or more credentials, the 
Shuman and Bender are analogous art because they are from the same field of endeavor, software credentials. 
Therefore it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention, having the teaching of Shuman and Bender before him or her, to modify the system of Shuman to include the teachings of Bender, as a credential management system, and accordingly it would enhance the system of Shuman, which is focused on groups of IoT, because that would provide Shuman with the ability to change credentials, as suggested by Bender (column 5, lines 12-18, column 10, lines 21-29).      

   In regards to claim 8, Shuman teaches:
A method comprising (p. 1, [0002], see organizing various heterogeneous IoT devices into pre-defined and/or ad-hoc IoT device groups), (Fig. 5, 510 Define IoT group Criteria, and/or Provisioning Mechanism, 520 Form Pre-Defined IoT Groups based on Static Criteria, 530 Form Pre-Defined IoT Groups based on Dynamic Criteria), (p. 8, [0064], see more particularly, according to one aspect of the disclosure, FIG. 5 illustrates an exemplary method 500 for forming IoT device groups and enabling communication among IoT device groups.  In general, the method 500 shown in FIG. 5 may be carried out using the IoT server 170), (p. 1, [0008], see form multiple IoT devices into multiple IoT groups according to one or more group criteria and attributes associated with the one or more IoT devices criteria and the attributes associated with the one or more IoT devices) and (p. 4, [0034], see the supervisor device 130 may obtain information from the Internet 175 and/or the IoT server 170 that can be used to further monitor or manage attributes, activities, or other states associated with the various IoT devices 110-120) (emphasis added).
identifying, via the at least one computing device, a particular IoT device of a plurality of internet of things (IoT) devices corresponding to the particular credential according to a mapping of the plurality of credentials to the plurality of IoT devices (p. 8, [0064], see the method 500 shown in FIG. 5 may be carried out using the IoT server 170), (p. 1, [0008], see form multiple IoT devices into multiple IoT groups according to one or more group criteria and attributes associated with the one or more IoT devices and define one or more hierarchies within each IoT group according to the one or more group criteria and the attributes associated with the one or more IoT devices) and (p. 9, [0069], see the method 500 may return to blocks 520 and 530 to manage the IoT device groups. For example, certain IoT member devices may be dynamically allocated or removed from one or more ad-hoc IoT device groups at block 530 in response to changes in status associated therewith…. Furthermore, in one embodiment, a new IoT device may be added to one or more pre-defined IoT device groups upon initialization at block 520 and/or ad-hoc IoT device groups at block 530 based on a current status and/or subsequent changes in status. For example, a new refrigerator IoT device may join a pre-defined IoT group that 
identifying, via the at least one computing device, a particular IoT device family for the particular IoT device (p. 1, [0002], see organizing various heterogeneous IoT devices into pre-defined and/or ad-hoc IoT device groups), (p. 1, [0008], see form multiple IoT devices into multiple IoT groups according to one or more group criteria and attributes associated with the one or more IoT devices and define one or more hierarchies within each IoT group according to the one or more group criteria and the attributes associated with the one or more IoT devices), (Fig. 5, 510 Define IoT group Criteria, and/or Provisioning Mechanism, 520 Form Pre-Defined IoT Groups based on Static Criteria, 530 Form Pre-Defined IoT Groups based on Dynamic Criteria) and (p. 8, [0064], see more particularly, according to one aspect of the disclosure, FIG. 5 illustrates an exemplary method 500 for forming IoT device groups and enabling communication among IoT device groups.  In general, the method 500 shown in FIG. 5 may be carried out using the IoT server 170).
Shuman doesn’t explicitly teach:
receiving, via at least one computing device, a request to change a security component of a particular credential of a plurality of credentials.
However, Bender teaches such use: (column 5, lines 12-18, see during act 318, the current credential is determined to be the password, then either IoT device 104 may generate a new password or IoT device 104 may call upon another device to generate a new password and provide the new password to IoT device 104 (act 320). Next, IoT 
Shuman and Bender are analogous art because they are from the same field of endeavor, software credentials. 
Therefore it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention, having the teaching of Shuman and Bender before him or her, to modify the system of Shuman to include the teachings of Bender, as a credential management system, and accordingly it would enhance the system of Shuman, which is focused on groups of IoT, because that would provide Shuman with the ability to change credentials, as suggested by Bender (column 5, lines 12-18, column 10, lines 21-29).      
Shuman and Bender, in particular Shuman doesn’t explicitly teach:
determining, via the at least one computing device, a credential change profile corresponding to the particular IoT device family.
However, Sankaran teaches such use: (column 2, lines 33-40, see this scope can be used for configuration purposes across the network devices of an entire network by conveying a new network device configuration to the network devices that fall within the scope as determined by the defined conditions.  The network devices within the scope 
initiating, via the at least one computing device, changing of a credential for the particular IoT device over a network based on the credential change profile.
However, Sankaran teaches such use: (column 7, lines 56-59, see  sending a configuration change message including a configuration change to the plurality of in-scope network devices (processing block 625); and receiving a commit message from the plurality of in-scope network devices indicating that the configuration change has been committed (processing block 630)).  
Shuman, Bender and Sankaran are analogous art because they are from the same field of endeavor, software credentials. 
Therefore it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention, having the teaching of Shuman, Bender and Sankaran before him or her, to modify the system of Shuman and Bender, in particular Shuman, to include the teachings of Sankaran, as a system for sharing configurations across network devices, and accordingly it would enhance the system of Shuman, which is focused on groups of IoT, because that would provide Shuman with the ability to determine credential changes, as suggested by Sankaran (column 2, lines 33-40, column 9, lines 55-69).      

   In regards to claim 13
the credential change profile specifies at least one protocol supported by the particular IoT device family and initiating changing of the credential is performed via the at least one protocol.
However, Sankaran teaches such use: (column 2, lines 45-49, see a multi-device configuration context can be provided, much like an interface context or routing protocol context.  The multi-device configuration context can be provided through management interfaces like a command line interface, Simple Network Management Protocol (SNMP), or other means), (column 5, line 67- column 6, line 4, see in a second protocol transaction (e.g., phase 2) implemented by a second phase module of an Active Negotiator or Negotiatee, the negotiation devices of the in-scope set participate in an active negotiation for a configuration change and commit to the change), (column 6, lines 31-36, see active Negotiator 410 can begin to negotiate the configuration change with the eligible Negotiatees 530.  In a particular embodiment, this second phase transaction can be connection-oriented and can be implemented over the well-known transmission control protocol (TCP)).
Shuman, Bender and Sankaran are analogous art because they are from the same field of endeavor, software credentials. 
Therefore it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention, having the teaching of Shuman, Bender and Sankaran before him or her, to modify the system of Shuman and Bender, in particular Shuman, to include the teachings of Sankaran, as a system for sharing configurations across network devices, and accordingly it would enhance the system of Shuman, which is focused on groups of IoT, because that would provide Shuman with 

   In regards to claim 14, Shuman doesn’t explicitly teach:    
registering, via the at least one computing device, with a PAM system for the plurality of credentials.
However, Bender teaches such use: (column 2, lines 39-44, see the credentials may include, but not be limited to, a password, a symmetric cryptographic key and a public/private key and associated certificate. Each networked IoT device may have one or more credentials that are unique per network service to be used by the IoT device), (column 1, lines 31-35, see a method is provided for managing credentials of a networked device for access to network services.  A networked device may determine an occurrence of a condition), (column 2, lines  55-58, see in some embodiments, a networked IoT device may dynamically request and negotiate, with an identity provider, one or more new credentials under any one of a number of conditions) and (column 3, lines 21-25, see a networked IoT device refreshes its one or more credentials, the networked IoT device may send notifications to one or more device owners and systems that depend on any of the one or more credentials).
Shuman and Bender are analogous art because they are from the same field of endeavor, software credentials. 
Therefore it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention, having the teaching of Shuman and Bender before him or her, to modify the system of Shuman to include the teachings of Bender, 

   In regards to claim 17, Shuman teaches:
A non-transitory computer-readable medium embodying a program that, when executed by at least one computing device, causes the at least one computing device to at least (p. 1, [0002], see organizing various heterogeneous IoT devices into pre-defined and/or ad-hoc IoT device groups), (Fig. 5, 510 Define IoT group Criteria, and/or Provisioning Mechanism, 520 Form Pre-Defined IoT Groups based on Static Criteria, 530 Form Pre-Defined IoT Groups based on Dynamic Criteria), (p. 8, [0064], see more particularly, according to one aspect of the disclosure, FIG. 5 illustrates an exemplary method 500 for forming IoT device groups and enabling communication among IoT device groups.  In general, the method 500 shown in FIG. 5 may be carried out using the IoT server 170), (p. 1, [0008], see form multiple IoT devices into multiple IoT groups according to one or more group criteria and attributes associated with the one or more IoT devices and define one or more hierarchies within each IoT group according to the one or more group criteria and the attributes associated with the one or more IoT devices) and (p. 4, [0034], see the supervisor device 130 may obtain information from the Internet 175 and/or the IoT server 170 that can be used to further 
identify a particular IoT device of a plurality of internet of things (IoT) devices corresponding to the particular credential according to a mapping of the plurality of credentials to the plurality of IoT devices (p. 8, [0064], see the method 500 shown in FIG. 5 may be carried out using the IoT server 170), (p. 1, [0008], see form multiple IoT devices into multiple IoT groups according to one or more group criteria and attributes associated with the one or more IoT devices and define one or more hierarchies within each IoT group according to the one or more group criteria and the attributes associated with the one or more IoT devices) and (p. 9, [0069], see the method 500 may return to blocks 520 and 530 to manage the IoT device groups. For example, certain IoT member devices may be dynamically allocated or removed from one or more ad-hoc IoT device groups at block 530 in response to changes in status associated therewith…. Furthermore, in one embodiment, a new IoT device may be added to one or more pre-defined IoT device groups upon initialization at block 520 and/or ad-hoc IoT device groups at block 530 based on a current status and/or subsequent changes in status. For example, a new refrigerator IoT device may join a pre-defined IoT group that includes every IoT device in a network upon initialization and join a closed refrigerator IoT group). 
identify a particular IoT device family for the particular IoT device (p. 1, [0002], see organizing various heterogeneous IoT devices into pre-defined and/or ad-hoc IoT device groups), (p. 1, [0008], see form multiple IoT devices into multiple 
Shuman doesn’t explicitly teach:
receive a request to change a security component of a particular credential of a plurality of credentials.
However, Bender teaches such use: (column 5, lines 12-18, see during act 318, the current credential is determined to be the password, then either IoT device 104 may generate a new password or IoT device 104 may call upon another device to generate a new password and provide the new password to IoT device 104 (act 320). Next, IoT device 104 may change the password to the new password on a server that provides a service used by IoT device 104 (act 322)) and (column 2, lines 39-44 , see the credentials may include, but not be limited to, a password, a symmetric cryptographic key and a public/private key and associated certificate. Each networked IoT device may have one or more credentials that are unique per network service to be used by the IoT device). 

Therefore it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention, having the teaching of Shuman and Bender before him or her, to modify the system of Shuman to include the teachings of Bender, as a credential management system, and accordingly it would enhance the system of Shuman, which is focused on groups of IoT, because that would provide Shuman with the ability to change credentials, as suggested by Bender (column 5, lines 12-18, column 10, lines 21-29).      
Shuman and Bender, in particular Shuman doesn’t explicitly teach:
determine a credential change profile corresponding to the particular IoT device family.
However, Sankaran teaches such use: (column 2, lines 33-40, see this scope can be used for configuration purposes across the network devices of an entire network by conveying a new network device configuration to the network devices that fall within the scope as determined by the defined conditions.  The network devices within the scope apply the new configuration.  The network devices outside the scope typically do not receive the new configuration and, in any case, do not apply the new configuration).
initiate changing of a credential for the particular IoT device over a network based on the credential change profile.
However, Sankaran teaches such use: (column 7, lines 56-59, see  sending a configuration change message including a configuration change to the plurality of in-scope network devices (processing block 625); and receiving a commit message from 
Shuman, Bender and Sankaran are analogous art because they are from the same field of endeavor, software credentials. 
Therefore it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention, having the teaching of Shuman, Bender and Sankaran before him or her, to modify the system of Shuman and Bender, in particular Shuman, to include the teachings of Sankaran, as a system for sharing configurations across network devices, and accordingly it would enhance the system of Shuman, which is focused on groups of IoT, because that would provide Shuman with the ability to determine credential changes, as suggested by Sankaran (column 2, lines 33-40, column 9, lines 55-69).      

11.	Claims 2, 11 and 12 are rejected under 35 U.S.C. 103 as being unpatentable over Shuman in view of Bender in view of Sankaran in view of Medvinsky et al., EP 1449347B1 (hereinafter Medvinsky).     
In regards to claims 1 and 8, the rejections above are incorporated respectively.
   In regards to claim 2, Shuman, Bender and Sankaran, in particular Shuman doesn’t explicitly teach:
the plurality of credentials in the data store excludes at least one security component necessary to authenticate with the plurality IoT devices.
However, Medvinsky teaches such use: (p. 1, 1st para, see a rights management system for securely delivering content to authorized consumers, the system comprising: 
Shuman, Bender, Sankaran and Medvinsky are analogous art because they are from the same field of endeavor, software credentials. 
Therefore it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention, having the teaching of Shuman, Bender, Sankaran and Medvinsky before him or her, to modify the system of Shuman, Bender and Sankaran, in particular Shuman, to include the teachings of Medvinsky, as a key management protocol, and accordingly it would enhance the system of Shuman, which is focused on groups of IoT, because that would provide Shuman with the ability to separate credentials, as suggested by Medvinsky (p. 1, 1st para,  p. 12, [0132]).      

   In regards to claim 11, Shuman Bender and Sankaran, in particular Shuman doesn’t explicitly teach:
the plurality of credentials excludes at least one security component necessary to authenticate with the plurality IoT devices.
st para, see a rights management system for securely delivering content to authorized consumers, the system comprising: a content provider (202); a consumer system (216) arranged to request content from the content provider (202); the content provider (202) arranged to generate a session rights object for accessing the content; a key distribution center KDC (204) arranged to provide authorization data to the consumer system (216), the authorization data for accessing the content; characterized by a caching server (212,213,215) arranged to compare information in the session rights object with the authorization data; and the caching server (212,213,215) arranged to forward the requested content to the consumer system (216) if the information matches the authorization data).
Shuman, Bender, Sankaran and Medvinsky are analogous art because they are from the same field of endeavor, software credentials. 
Therefore it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention, having the teaching of Shuman, Bender, Sankaran and Medvinsky before him or her, to modify the system of Shuman, Bender and Sankaran, in particular Shuman, to include the teachings of Medvinsky, as a key management protocol, and accordingly it would enhance the system of Shuman, which is focused on groups of IoT, because that would provide Shuman with the ability to separate credentials, as suggested by Medvinsky (p. 1, 1st para,  p. 12, [0132]).      

   In regards to claim 12, Shuman doesn’t explicitly teach:
the at least one security component comprises a password.

Shuman and Bender are analogous art because they are from the same field of endeavor, software credentials. 
Therefore it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention, having the teaching of Shuman and Bender before him or her, to modify the system of Shuman to include the teachings of Bender, as a credential management system, and accordingly it would enhance the system of Shuman, which is focused on groups of IoT, because that would provide Shuman with the ability to change credentials, as suggested by Bender (column 5, lines 12-18, column 10, lines 21-29).      

12.	Claims 5, 9, 15 and 18 are rejected under 35 U.S.C. 103 as being unpatentable over Shuman in view of Bender in view of Sankaran in view of Fox Ivey  et al., 2015/0281227 (hereinafter Ivey).     
1 and 8, the rejections above are incorporated respectively.
   In regards to claim 5, Shuman, Bender and Sankaran, in particular Shuman doesn’t explicitly teach:
a plugin configured to be installed on a PAM system, wherein the plugin is configured to send the request to change the security component to the at least one computing device when the PAM system initiates an update of the security component.
However, Ivey teaches such use: (p. 4, [0055], see there is shown a smartphone 101 having a smartphone application 102 for receiving website data, usernames, passwords and encrypting and storing them for subsequent retrieval.  Smartphone 101 is NFC capable and may be in selective communication with NFC token 103 as further described) and (p. 5, [0060], see a browser extension is a software application which installs in the user's Internet Browser and provides "extended" functionality to the end-user… Lastly the browser extension 106 provides for the automatic generation of unique and strong passwords for websites and web applications, and the automated updating of user accounts to use new credentials.  Automated updating of user accounts is initiated by the user tapping to sign-in. Upon successful sign-in, the browser extension 106 programmatically opens the application/site settings menu, then opens the password update form, generates a new password and inputs both the new password and old password (received from the smartphone application 102), into the password update form.  Lastly the extension programmatically presses the "save" button for the password update form).

Therefore it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention, having the teaching of Shuman, Bender, Sankaran and Ivey before him or her, to modify the system of Shuman, Bender and Sankaran, in particular Shuman, to include the teachings of Ivey, as a two factor authentication system, and accordingly it would enhance the system of Shuman, which is focused on groups of IoT, because that would provide Shuman with the ability to utilize a authentication plugin as suggested by Ivey  (p. 4, [0055], p. 7, [0103]).      

   In regards to claim 9, Shuman, Bender and Sankaran, in particular Shuman doesn’t explicitly teach:
prior to initiating changing of the credential: receiving, via the at least one computing device, a current security component for the particular credential from a PAM system; and performing, via the at least one computing device, an authentication with the particular IoT device using the current security component.
However, Ivey  teaches such use: (Fig. 2, 201, NFC Tag 103, Smartphone App 102, Secure Push Server 107, Browser Ext 106, Browser 105, Website/Web Application 109), (p. 4, [0055], see there is shown a smartphone 101 having a smartphone application 102 for receiving website data, usernames, passwords and encrypting and storing them for subsequent retrieval.  Smartphone 101 is NFC capable and may be in selective communication with NFC token 103 as further described) and (p. 5, [0060], 
Shuman, Bender, Sankaran and Ivey are analogous art because they are from the same field of endeavor, software credentials. 
Therefore it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention, having the teaching of Shuman, Bender, Sankaran and Ivey before him or her, to modify the system of Shuman, Bender and Sankaran, in particular Shuman, to include the teachings of Ivey, as a two factor authentication system, and accordingly it would enhance the system of Shuman, which is focused on groups of IoT, because that would provide Shuman with the ability to utilize a authentication plugin as suggested by Ivey  (p. 4, [0055], p. 7, [0103]).      

   In regards to claim 15
sending, via a plugin configured to be installed on a PAM system, the request to change the security component to the at least one computing device when the PAM system initiates an update of the security component.
However, Ivey teaches such use: (p. 4, [0055], see there is shown a smartphone 101 having a smartphone application 102 for receiving website data, usernames, passwords and encrypting and storing them for subsequent retrieval.  Smartphone 101 is NFC capable and may be in selective communication with NFC token 103 as further described) and (p. 5, [0060], see a browser extension is a software application which installs in the user's Internet Browser and provides "extended" functionality to the end-user… Lastly the browser extension 106 provides for the automatic generation of unique and strong passwords for websites and web applications, and the automated updating of user accounts to use new credentials.  Automated updating of user accounts is initiated by the user tapping to sign-in. Upon successful sign-in, the browser extension 106 programmatically opens the application/site settings menu, then opens the password update form, generates a new password and inputs both the new password and old password (received from the smartphone application 102), into the password update form.  Lastly the extension programmatically presses the "save" button for the password update form).
Shuman, Bender, Sankaran and Ivey are analogous art because they are from the same field of endeavor, software credentials. 
Therefore it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention, having the teaching of Shuman, Bender, Sankaran and Ivey before him or her, to modify the system of Shuman, Bender and 

   In regards to claim 18, Shuman teaches:
the program further causes the at least one computing device to (p. 1, [0002], see organizing various heterogeneous IoT devices into pre-defined and/or ad-hoc IoT device groups), (Fig. 5, 510 Define IoT group Criteria, and/or Provisioning Mechanism, 520 Form Pre-Defined IoT Groups based on Static Criteria, 530 Form Pre-Defined IoT Groups based on Dynamic Criteria), (p. 8, [0064], see more particularly, according to one aspect of the disclosure, FIG. 5 illustrates an exemplary method 500 for forming IoT device groups and enabling communication among IoT device groups.  In general, the method 500 shown in FIG. 5 may be carried out using the IoT server 170), (p. 1, [0008], see form multiple IoT devices into multiple IoT groups according to one or more group criteria and attributes associated with the one or more IoT devices and define one or more hierarchies within each IoT group according to the one or more group criteria and the attributes associated with the one or more IoT devices) and (p. 4, [0034], see the supervisor device 130 may obtain information from the Internet 175 and/or the IoT server 170 that can be used to further monitor or manage attributes, activities, or other states associated with the various IoT devices 110-120) (emphasis added). 

prior to initiating changing of the credential: receive a current security component for the particular credential from a PAM system; and perform an authentication with the particular IoT device using the current security component.
However, Ivey  teaches such use: (Fig. 2, 201, NFC Tag 103, Smartphone App 102, Secure Push Server 107, Browser Ext 106, Browser 105, Website/Web Application 109), (p. 4, [0055], see there is shown a smartphone 101 having a smartphone application 102 for receiving website data, usernames, passwords and encrypting and storing them for subsequent retrieval.  Smartphone 101 is NFC capable and may be in selective communication with NFC token 103 as further described) and (p. 5, [0060], see a browser extension is a software application which installs in the user's Internet Browser and provides "extended" functionality to the end-user… Lastly the browser extension 106 provides for the automatic generation of unique and strong passwords for websites and web applications, and the automated updating of user accounts to use new credentials.  Automated updating of user accounts is initiated by the user tapping to sign-in. Upon successful sign-in, the browser extension 106 programmatically opens the application/site settings menu, then opens the password update form, generates a new password and inputs both the new password and old password (received from the smartphone application 102), into the password update form.  Lastly the extension programmatically presses the "save" button for the password update form).
Shuman, Bender, Sankaran and Ivey are analogous art because they are from the same field of endeavor, software credentials. 
.      

13.	Claims 6 and 16 are rejected under 35 U.S.C. 103 as being unpatentable over Shuman in view of Bender in view of Sankaran in view of Manglvedkar et al., 2020/0177589 (hereinafter Manglvedkar).     
In regards to claims 1, 8 and 17, the rejections above are incorporated respectively.
   In regards to claim 6, Shuman doesn’t explicitly teach:
set a respective password policy of the plurality of password policies for each of the plurality of credentials in a PAM system according to the mapping.
However, Bender teaches such use: (column 2, lines 39-44, see the credentials may include, but not be limited to, a password, a symmetric cryptographic key and a public/private key and associated certificate. Each networked IoT device may have one or more credentials that are unique per network service to be used by the IoT device). 
Shuman and Bender are analogous art because they are from the same field of endeavor, software credentials. 

Shuman, Bender and Sankaran, in particular Shuman doesn’t explicitly teach:
the at least one computing device is further configured to: determine a plurality of sets of password limitations, where each set of password limitations corresponds to a respective one of the plurality of IoT devices; generate a plurality of password policies for the plurality of IoT devices. 
However, Manglvedkar teaches such use: (p. 9,, [0088], see additional aspects of IoT devices 101 that may be controlled or managed based on the rules of the rules registry 119 may include the creation and administration of passwords or password policies (i.e., assigning passwords based on a pre-determined set of rules)) and (p. 1, [0091], see a rule within a set of rules maintained by a rules registry 119, a second rule having a rule Id entitled rule02, describes a policy for generating a password for each IoT device 101 registering with an IoT platform 153.  The rule in this particular example prescribes the generation of a password in accordance with the password policy by using the type ID, a randomly generated number and a timestamp).
Shuman, Bender, Sankaran and Manglvedkar are analogous art because they are from the same field of endeavor, software credentials. 


   In regards to claim 16, Shuman doesn’t explicitly teach:
setting, via the at least one computing device, a respective password policy of the plurality of password policies for each of the plurality of credentials in a PAM system according to the mapping.
However, Bender teaches such use: (column 2, lines 39-44, see the credentials may include, but not be limited to, a password, a symmetric cryptographic key and a public/private key and associated certificate. Each networked IoT device may have one or more credentials that are unique per network service to be used by the IoT device). 
Shuman and Bender are analogous art because they are from the same field of endeavor, software credentials. 
Therefore it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention, having the teaching of Shuman and Bender before him or her, to modify the system of Shuman to include the teachings of Bender, as a credential management system, and accordingly it would enhance the system of 
Shuman, Bender and Sankaran, in particular Shuman doesn’t explicitly teach:
determining, via the at least one computing device, a plurality of sets of password limitations, where each set of password limitations corresponds to a respective one of the plurality of IoT devices; generating, via the at least one computing device, a plurality of password policies for the plurality of IoT devices.
However, Manglvedkar teaches such use: (p. 9,, [0088], see additional aspects of IoT devices 101 that may be controlled or managed based on the rules of the rules registry 119 may include the creation and administration of passwords or password policies (i.e., assigning passwords based on a pre-determined set of rules)) and (p. 1, [0091], see a rule within a set of rules maintained by a rules registry 119, a second rule having a rule ID entitled rule02, describes a policy for generating a password for each IoT device 101 registering with an IoT platform 153.  The rule in this particular example prescribes the generation of a password in accordance with the password policy by using the type ID, a randomly generated number and a timestamp).
Shuman, Bender, Sankaran and Manglvedkar are analogous art because they are from the same field of endeavor, software credentials. 
Therefore it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention, having the teaching of Shuman, Bender, Sankaran and Manglvedkar before him or her, to modify the system of Shuman, Bender and Sankaran, in particular Shuman, to include the teachings of Manglvedkar, as a .      

14.	Claims 7 and 20 are rejected under 35 U.S.C. 103 as being unpatentable over Shuman in view of Bender in view of Sankaran in view of Ferguson et al., US 2008/0126478 (hereinafter Ferguson).     
In regards to claims 1 and 17, the rejections above are incorporated respectively.
   In regards to claim 7, Shuman teaches:
determine that the particular device is unavailable based at least in part on the changing of the credential failing (p. 9, [0069], see the method 500 may return to blocks 520 and 530 to manage the IoT device groups. For example, certain IoT member devices may be dynamically allocated or removed from one or more ad-hoc IoT device groups at block 530 in response to changes in status associated therewith….). 
in response to determining the particular device is subsequently available, reinitiate changing of the credential for the particular IoT device over the network based on the credential change profile (p. 9, [0069], see the method 500 may return to blocks 520 and 530 to manage the IoT device groups. For example, certain IoT member devices may be dynamically allocated or removed from one or more ad-hoc IoT device groups at block 530 in response to changes in status associated therewith….). 

store the incomplete credential change in the data store.
However, Ferguson teaches such use: (p. 14, [0176], see at step S182, if the entered current password does not match that stored in the Password field of the appropriate record of the USERS table 42 an audit record of the failed password change attempt is made at step S183 to the ACCESS_FAILURES table 47).
Shuman, Bender, Sankaran and Ferguson are analogous art because they are from the same field of endeavor, software credentials. 
Therefore it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention, having the teaching of Shuman, Bender, Sankaran and Ferguson before him or her, to modify the system of Shuman, Bender and Sankaran, in particular Shuman, to include the teachings of Ferguson, as an information collection system, and accordingly it would enhance the system of Shuman, which is focused on groups of IoT, because that would provide Shuman with the ability to log incomplete credentials, as suggested by Ferguson (p. 14, [0176], p. 18, [0207]).      

   In regards to claim 20, Shuman teaches:
the program further causes the at least one computing device to (p. 1, [0002], see organizing various heterogeneous IoT devices into pre-defined and/or ad-hoc IoT device groups), (Fig. 5, 510 Define IoT group Criteria, and/or Provisioning Mechanism, 520 Form Pre-Defined IoT Groups based on Static Criteria, 530 Form Pre-Defined IoT Groups based on Dynamic Criteria), (p. 8, [0064], see more particularly, according to one aspect of the disclosure, FIG. 5 criteria and the attributes associated with the one or more IoT devices) and (p. 4, [0034], see the supervisor device 130 may obtain information from the Internet 175 and/or the IoT server 170 that can be used to further monitor or manage attributes, activities, or other states associated with the various IoT devices 110-120) (emphasis added). 
determine that the particular device is unavailable based at least in part on the changing of the credential failing (p. 9, [0069], see the method 500 may return to blocks 520 and 530 to manage the IoT device groups. For example, certain IoT member devices may be dynamically allocated or removed from one or more ad-hoc IoT device groups at block 530 in response to changes in status associated therewith….). 
in response to determining the particular device is subsequently available, reinitiate changing of the credential for the particular IoT device over the network based on the credential change profile (p. 9, [0069], see the method 500 may return to blocks 520 and 530 to manage the IoT device groups. For example, certain IoT member devices may be dynamically allocated or removed from one 
Shuman, Bender and Sankaran, in particular Shuman doesn’t explicitly teach:
store the incomplete credential change in the data store.
However, Ferguson teaches such use: (p. 14, [0176], see at step S182, if the entered current password does not match that stored in the Password field of the appropriate record of the USERS table 42 an audit record of the failed password change attempt is made at step S183 to the ACCESS_FAILURES table 47).
Shuman, Bender, Sankaran and Ferguson are analogous art because they are from the same field of endeavor, software credentials. 
Therefore it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention, having the teaching of Shuman, Bender, Sankaran and Ferguson before him or her, to modify the system of Shuman, Bender and Sankaran, in particular Shuman, to include the teachings of Ferguson, as an information collection system, and accordingly it would enhance the system of Shuman, which is focused on groups of IoT, because that would provide Shuman with the ability to log incomplete credentials, as suggested by Ferguson (p. 14, [0176], p. 18, [0207]).      

Conclusion
15.	The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.
US Patent Application Publications

Martin et al., 	9778999 		Adaptive private network 


16.	Examiner, in light of the above submission maintains the previous rejections. Accordingly, THIS ACTION IS MADE FINAL.  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
17.	A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action.
Correspondence Information
18.	Any inquiry concerning this communication or earlier communications from the examiner should be directed to Evral Bodden whose telephone number is 571-272-3455.  The examiner can normally be reached on Monday to Friday, 8:30 to 5:00.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Chat Do can be reached on 571-272-3721.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  

/EVRAL E BODDEN/Primary Examiner, Art Unit 2193