DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Response to Arguments
Applicant’s arguments, see pages 6-8, filed 09 December 2021, with respect to the rejection(s) of claim(s) 1, 2, 6, 9-11, 13, and 14 under 35 USC 103 have been fully considered and are persuasive.  Therefore, the rejection has been withdrawn.  However, upon further consideration, a new ground(s) of rejection is made in view of Venkataraman et al. (US 2015/0244711 A1) in view of Kommireddy et al. (US 2017/0041151 A1) and further in view of Kim (US 2017/0201383 A1).
Venkataraman discloses a procedure for authenticating a client electronic device (Fig. 5A).  An enterprise network device communicates default credentials, e.g., a default certificate and a default private key, to the client device.  The client device receives and installs the credentials.  The client device then communicates a request to enroll/register with the enterprise network, wherein the request includes the default credentials.  Authentication is then performed by the enterprise network using the default credentials and a corresponding default public key.  Table 4 on page 10 describes the format and attributes of a default certificate, wherein the certificate may include a key size, exponent value, device manufacturer, signature algorithm, signature hash algorithm, subject information including the manufacturer-“Samsung Mobile” and 
Kommireddy discloses wherein the management service of the computing environment encrypts and signs the user certificate and sends the encrypted, signed certificate to the management component of the client device, wherein the certificate is encrypted with the public key of the client device-unique data/second identification information- and signed with the signing key specified by the RA signing certificate-unique data/second identification information- (Para. 30, 39, 48, 62).
Kim discloses an authentication method that includes sending an encrypted certificate or a certificate with encrypted identifiers-first authentication data- from the end entity to the service node, wherein the identifiers may include a device identifier, application identifier, user identifier, and/or any other identifier-first identification information, second identification information, unique data- (Para. 23, 53), and decrypting, by the service node, the encrypted identifiers and using the certificate and identifiers to authenticate the end entity at the service node (Para. 54).
It should be noted that regarding the “first authentication data is obtained from the authentication device which encrypts unique data and second identification information corresponding to a plurality of electronic devices including the electronic device” limitation of the independent claims, it is not clear as to whether both the unique data and the second identification information is being encrypted or whether only the unique data is encrypted.  Furthermore, it is unclear as to whether the first authentication data is intended to include one or both of the unique data and the second identification information.  The examiner suggests clarifying the limitation.

Combining the references brings about a system wherein first authentication data is obtained from the authentication device which encrypts unique data and second identification information corresponding to a plurality of electronic devices including the electronic device.  Therefore, the aforementioned limitation is taught by the combination of the cited prior art.

Note:  the examiner reached out to applicant’s representative via phone call on 16 March 2022 in order to propose an examiner’s amendment for allowance.  However, applicant’s representative indicated the desire to receive an additional Office action.

Claim Interpretation
The following is the examiner’s interpretation and suggestions for portions of the claims:
It should be noted that regarding the “authentication device authenticates the electronic device…the first authentication data” of the independent claims, it is not clear as to how the first identification information, second identification information, and the unique data are utilized in the authentication process.  Furthermore, it is unclear as to whether only the unique data is obtained by decrypting the first authentication data or 

Claim Objections
Claim 11 is objected to because of the following informalities:  line 6—“the first identification” should be amended to state --the first identification information-- in order to conform to the rest of the claim limitations.  Appropriate correction is required.

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1, 2, 6, 9, 10, 13, and 14 are rejected under 35 U.S.C. 103 as being unpatentable Venkataraman et al. (US 2015/0244711 A1) in view of Kommireddy et al. (US 2017/0041151 A1) and further in view of Kim (US 2017/0201383 A1).
an electronic device, i.e. an electronic device (Fig. 1, el. 101), comprising: 
a communicator, i.e. a communication interface (Fig. 1, el. 160), configured to communicate with an authentication device, e.g. a server (Fig. 1, el. 106); a Mobile Device Management (MDM) server at an enterprise network (Fig. 3B, el. 330b; Fig. 4B, el. 403b; Para. 116); an authentication server (Para. 156), e.g. the communication interface may provide communication between the electronic device and the server (Para. 77); 
a storage, e.g. memory (Fig. 1, el. 130); security module (Fig. 2, el. 170), configured to store data, the data including first identification information on the electronic device and first authentication data, e.g. storing credentials-first authentication data- including a default certificate and a default private key-first identification information- in the secure zone of the client device (Para. 50, 154, 155); wherein the certificate also includes data identifying the electronic device-first identification information- (Para. 53, 84, 106);
the first authentication data being obtained from the authentication device, e.g. wherein the enterprise communicates the default credentials to the client device (Para. 154); 
which includes unique data and second identification information corresponding to a plurality of electronic devices including the electronic device, and the unique data being prepared for the plurality of electronic devices, e.g. wherein the default certificate includes device manufacturer information and carrier-second identification information- and a device SoC ID, a signature algorithm, signature hash algorithm, and certificate thumbprint algorithm-unique data- (Table 4; Para. 135); plurality of electronic devices (Fig. 1, el. 101, 104); and 
a processor, i.e. a processor (Fig. 1, el. 120), configured to: 
based on authentication of the electronic device being required, control the communicator to transmit the first identification information and the first authentication data to the authentication device, e.g. communicating a request to register/enroll with the enterprise network to the authentication server, wherein the request includes the default credentials (Para. 156),
so that the authentication device authenticates the electronic device based on the first identification information, the second identification information and the unique data by using the first authentication data, e.g. authentication is performed between the client device and the enterprise network using the default credentials, wherein the enterprise network validates the client device using a corresponding default public key (Para. 157); wherein the default certificate includes device manufacturer information-second identification information- and a signature algorithm, signature hash algorithm, and certificate thumbprint algorithm-unique data- (Table 4; Para. 135), and 
receive result information on the authentication of the electronic device from the authentication device, e.g. communicating client credentials from the enterprise network to the client device after validating the client device using the default credentials (Para. 158).
encrypts unique data and second identification information corresponding to a plurality of electronic devices including the electronic device; and so that the authentication device authenticates the electronic device based on the first identification information, the second identification information and the unique data by decrypting the first authentication data.
Kommireddy teaches the first authentication data being obtained from the authentication device, i.e. computing environment (Fig. 1, el. 103), wherein the computing environment may be a server (Para. 10), which encrypts unique data and second identification information corresponding to the electronic device, i.e. a client device (Fig. 1, el. 106), e.g. wherein the management service of the computing environment encrypts and signs the user certificate and sends the encrypted, signed certificate to the management component of the client device, wherein the certificate is encrypted with the public key of the client device-unique data/second identification information- and signed with the signing key specified by the RA signing certificate-unique data/second identification information- (Para. 30, 39, 48, 62).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Venkataraman to include which the first authentication data being obtained from the authentication device which encrypts unique data and second identification information corresponding to a plurality of electronic devices including the electronic device, using the known method of encrypting a user certificate with 
Venkataraman in view of Kommireddy does not clearly teach so that the authentication device authenticates the electronic device based on the first identification information, the second identification information and the unique data by decrypting the first authentication data.
Kim teaches based on authentication of the electronic device, i.e. an end entity (Fig. 1A, el. 110), being required, control the communicator to transmit the first identification information and the first authentication data to the authentication device, i.e. a service node (Fig. 1A, el. 130), e.g. sending an encrypted certificate or a certificate with encrypted identifiers-first authentication data- from the end entity to the service node, wherein the identifiers may include a device identifier, application identifier, user identifier, and/or any other identifier-first identification information, second identification information, unique data- (Para. 23, 53),
so that the authentication device authenticates the electronic device based on the first identification information, the second identification information and the unique data by decrypting the first authentication data, e.g. decrypting, by the service node, the encrypted identifiers and using the certificate and identifiers to authenticate the end entity at the service node (Para. 54).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Venkataraman in view of Kommireddy to include so that the authentication device authenticates the electronic device based on the first identification information, the second identification information and the unique data by decrypting the first authentication data, using the known method of decrypting the certificate and identifier(s) using the service node private key, wherein the certificate and identifier(s) were encrypted using the service node public key, wherein the certificate also includes the secure key associated with the service identifier for the mail server (service node), and matching the decrypted identifier from the certificate; using the keyed hash algorithm, secure key, and/or a private key related to the secure key to validate the identifier, as taught by Kim, in combination with the authentication system of Venkataraman in view of Kommireddy, for the purpose of aiding in the prevention of unauthorized access to protected resources (Kim-Para. 3, 19).

Regarding claim 2, Venkataraman in view of Kommireddy in view of Kim teaches all elements of claim 1.
Venkataraman further teaches wherein the processor is further configured to:
generate second authentication data by encrypting the first identification information and the first authentication data, and 2Serial No.: 16/965,485control the communicator to transmit the second authentication data to the authentication device, e.g. the default client certificate and key may be encrypted by a client device unique hardware key (Para. 134); communicating a request to register/enroll with the enterprise network to the authentication server, wherein the request includes the default credentials (Para. 156), 
so that the authentication device authenticates the electronic device based on the first identification information, the second identification information and the unique data by using the second authentication data, e.g. authentication is performed between the client device and the enterprise network using the default credentials, wherein the enterprise network validates the client device using a corresponding default public key (Para. 157); wherein the default certificate includes device manufacturer information-second identification information- and a signature algorithm, signature hash algorithm, and certificate thumbprint algorithm-unique data- (Table 4; Para. 135).
Venkataraman in view of Kommireddy does not clearly teach so that the authentication device authenticates the electronic device based on the first identification information, the second identification information and the unique data by decrypting the second authentication data.
Kim teaches to control the communicator to transmit the second authentication data to the authentication device, e.g. sending an encrypted certificate or a certificate with encrypted identifiers-first authentication data- from the end entity to the service node, wherein the identifiers may include a device identifier, application identifier, user identifier, and/or any other identifier-first identification information, second identification information, unique data- (Para. 23, 53),
so that the authentication device authenticates the electronic device based on the first identification information, the second identification information and the unique data by decrypting the second authentication data, e.g. decrypting, by the service node, the encrypted identifiers and using the certificate and identifiers to authenticate the end entity at the service node (Para. 54).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Venkataraman in view of Kommireddy to include so that the authentication device authenticates the electronic device based on the first identification information, the second identification information and the unique data by decrypting the second authentication data, using the known method of decrypting the certificate and identifier(s) using the service node private key, wherein the certificate and identifier(s) were encrypted using the service node public key, wherein the certificate also includes the secure key associated with the service identifier for the mail server (service node), and matching the decrypted identifier from the certificate; using the keyed hash algorithm, secure key, and/or a private key related to the secure key to validate the identifier, as taught by Kim, in combination with the authentication system of Venkataraman in view of 

Regarding claim 6, Venkataraman teaches an authentication device, e.g. a server (Fig. 1, el. 106); a Mobile Device Management (MDM) server at an enterprise network (Fig. 3B, el. 330b; Para. 116); an authentication server (Para. 156), comprising: 
a communicator configured to communicate with an electronic device, i.e. an electronic device (Fig. 1, el. 101), e.g. the communication interface may provide communication between the electronic device and the server (Para. 77);
which stores data, the data including first identification information on the electronic device and first authentication data, e.g. storing credentials-first authentication data- including a default certificate and a default private key-first identification information- in the secure zone of the client device (Para. 50, 154, 155); wherein the certificate also includes data identifying the electronic device-first identification information- (Para. 53, 84, 106);
the first authentication data being obtained from the authentication device, e.g. wherein the enterprise communicates the default credentials to the client device (Para. 154); 
which includes unique data and second identification information corresponding to a plurality of electronic devices including the electronic device, and the unique data being prepared for the plurality of electronic devices, e.g. wherein the default certificate includes device manufacturer information-second identification information- and a signature algorithm, signature hash algorithm, and certificate thumbprint algorithm-unique data- (Table 4; Para. 135); plurality of electronic devices (Fig. 1, el. 101, 104); and 
a processor configured to:
 receive the first identification information and the first authentication data from the electronic device through the communicator, e.g. communicating a request to register/enroll with the enterprise network to the authentication server, wherein the request includes the default credentials (Para. 156),
obtain the second identification information and the unique data using the first authentication data, authenticate the electronic device based on the first identification information, the second identification information and the unique data, e.g. authentication is performed between the client device and the enterprise network using the default credentials, wherein the enterprise network validates the client device using a corresponding default public key (Para. 157); wherein the default certificate includes device manufacturer information-second identification information- and a signature algorithm, signature hash algorithm, and certificate thumbprint algorithm-unique data- (Table 4; Para. 135), and 
transmit result information on the authentication of the electronic device to the electronic device, e.g. communicating client credentials from the enterprise network to the client device after validating the client device using the default credentials (Para. 158).
Venkataraman does not clearly teach the first authentication data being obtained from the authentication device which encrypts unique data and second identification information corresponding to a plurality of electronic devices including the electronic device; the processor configured to:  obtain the second identification information and the unique data by decrypting the first authentication data.
Kommireddy teaches an authentication device, i.e. computing environment (Fig. 1, el. 103), wherein the computing environment may be a server (Para. 10), comprising:
the first authentication data being obtained from the authentication device, i.e. computing environment (Fig. 1, el. 103), wherein the computing environment may be a server (Para. 10), which encrypts unique data and second identification information corresponding to the electronic device, i.e. a client device (Fig. 1, el. 106), e.g. wherein the management service of the computing environment encrypts and signs the user certificate and sends the encrypted, signed certificate to the management component of the client device, wherein the certificate is encrypted with the public key of the client device-unique data/second identification information- and signed with the signing key specified by the RA signing certificate-unique data/second identification information- (Para. 30, 39, 48, 62); and
a processor, e.g. a processor (Para. 67).

Venkataraman in view of Kommireddy does not clearly teach the processor configured to:  obtain the second identification information and the unique data by decrypting the first authentication data.
Kim teaches an authentication device, i.e. a service node (Fig. 1A, el. 130), comprising:
a processor, i.e. a processor (Para. 17), configured to:
 receive the first identification information and the first authentication data from the electronic device, i.e. an end entity (Fig. 1A, el. 110), through the communicator, e.g. sending an encrypted certificate or a certificate with encrypted identifiers-first authentication data- from the end entity to the service node, wherein the identifiers may include a device identifier, application identifier, user identifier, and/or any other identifier-first identification information, second identification information, unique data- (Para. 23, 53),
obtain the second identification information and the unique data decrypting the first authentication data, authenticate the electronic device based on the first identification information, the second identification information and the unique data, e.g. decrypting, by the service node, the encrypted identifiers and using the certificate and identifiers to authenticate the end entity at the service node (Para. 54).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Venkataraman in view of Kommireddy to include the processor configured to:  obtain the second identification information and the unique data by decrypting the first authentication data, using the known method of decrypting the certificate and identifier(s) using the service node private key, wherein the certificate and identifier(s) were encrypted using the service node public key, wherein the certificate also includes the secure key associated with the service identifier for the mail server (service node), and matching the decrypted identifier from the certificate; using the keyed hash algorithm, secure key, and/or a private key related to the secure key to validate the identifier, as taught by Kim, in combination with the authentication system of Venkataraman in view of Kommireddy, for the purpose of aiding in the prevention of unauthorized access to protected resources (Kim-Para. 3, 19).


Venkataraman in view of Kommireddy does not clearly teach further comprising: a storage configured to store the second identification information, wherein the processor is configured to authenticate the electronic device by comparing the received first identification information with the stored second identification information.
Kim teaches a storage configured to store the second identification information, wherein the processor is configured to authenticate the electronic device by comparing the received first identification information with the stored second identification information, e.g. sending the reference identifier from the end entity to the service node (Para. 40, 76, 80, 97); retrieving, by the service node, the reference identifier from the management server (Para. 41, 54); extracting the identifier(s) from the certificate and comparing the identifier(s) to the reference identifier(s) (Para. 54, 78, 80, 81, 97).
Examiner note:  Kim discloses the service node retrieves the reference identifiers from any of a plurality of sources and compares the extracted identifiers from the certificate to the reference identifiers.  Therefore, the reference identifiers are inherently stored for at least the amount of time needed to perform the comparison.
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Venkataraman in view of Kommireddy to include a storage configured to store the second 

Regarding claim 10, Venkataraman in view of Kommireddy in view of Kim teaches all elements of claim 6.
Venkataraman in view of Kommireddy does not clearly teach further comprising: a storage configured to store the second identification information and the unique data, wherein the processor is configured to compare the received first identification information and the obtained unique data with the stored second identification information and the stored unique data.
Kim teaches a storage configured to store the second identification information and the unique data, wherein the processor is configured to compare the received first identification information and the obtained unique data with the stored second identification information and the stored unique data, e.g. sending the reference identifier from the end entity to the service node (Para. 40, 76, 80, 97); retrieving, by the service node, the reference identifier from the management server (Para. 41, 54); extracting the identifier(s) from the certificate and comparing the identifier(s) to the reference identifier(s) (Para. 54, 78, 80, 81, 97).
Examiner note:  Kim discloses the service node retrieves the reference identifiers from any of a plurality of sources and compares the extracted identifiers from the certificate to the reference identifiers.  Therefore, the reference identifiers are inherently stored for at least the amount of time needed to perform the comparison.
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Venkataraman in view of Kommireddy to include a storage configured to store the second identification information and the unique data, wherein the processor is configured to compare the received first identification information and the obtained unique data with the stored second identification information and the stored unique data, using the known method of extracting, by the service node, the identifier(s) from the certificate and comparing the identifier(s) to the reference identifier(s), as taught by Kim, in combination with the authentication system of Venkataraman in view of Kommireddy, for the purpose of aiding in the prevention of unauthorized access to protected resources (Kim-Para. 3, 19).

Regarding claim 13, the claim is analyzed with respect to claim 1.

Regarding claim 14, Venkataraman in view of Kommireddy in view of Kim teaches all elements of claim 13.
generating second authentication data by encrypting the first identification information and the first authentication data, and2Serial No.: 16/965,485 transmitting the second authentication data to the authentication device, e.g. the default client certificate and key may be encrypted by a client device unique hardware key (Para. 134); communicating a request to register/enroll with the enterprise network to the authentication server, wherein the request includes the default credentials (Para. 156).
Also note Kim discloses sending an encrypted certificate or a certificate with encrypted identifiers-first authentication data- from the end entity to the service node, wherein the identifiers may include a device identifier, application identifier, user identifier, and/or any other identifier-first identification information, second identification information, unique data- (Para. 23, 53), and decrypting, by the service node, the encrypted identifiers and using the certificate and identifiers to authenticate the end entity at the service node (Para. 54).

Claim 11 is rejected under 35 U.S.C. 103 as being unpatentable over Venkataraman in view of Kommireddy in view of Kim and further in view of Somasandharam (US 2018/0288006 A1).
Regarding claim 11, Venkataraman in view of Kommireddy in view of Kim teaches all elements of claim 6.
Venkataraman in view of Kommireddy in view of Kim does not clearly teach a storage, wherein the processor is configured to store the first identification in the storage based on the electronic device being successfully authenticated.
Somasandharam teaches a storage, wherein the processor is configured to store the first identification in the storage based on the electronic device being successfully authenticated, e.g. upon successful authentication of the supplicant, the authentication controller stores an identifier of the supplicant in the supplicant ID data store (Para. 26, 27, 48).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Venkataraman in view of Kommireddy in view of Kim to include a storage, wherein the processor is configured to store the first identification in the storage based on the electronic device being successfully authenticated, using the known method of upon successful authentication of the supplicant, the authentication controller stores an identifier of the supplicant in the supplicant ID data store, as taught by Somasandharam, in combination with the authentication system of Venkataraman in view of Kommireddy in view of Kim, for the purpose of reducing an amount of time required to re-establish the connection between the supplicant and the secured network (Somasandharam-Para. 14).

Relevant Prior Art
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.
Sela et al. (US 2010/0241852 A1)—Sela discloses a requesting entity can transmit a manufacturer encryption key to a certifying entity and the certifying entity can encrypt a certificate using the key (Para. 20).

Nakano et al. (US 2009/0024849 A1)—Nakano discloses receiving a public key certificate and reading a manufacturer ID list from a recording medium, comparing the manufacture ID with each manufacturer ID included in the list to check whether it is registered (Para. 202).

Hoggan (US 2013/0311771 A1)—Hoggan discloses receiving and installing a certificate in response to submitting a certificate request, wherein the certificate includes a public and private key, a MAC address of the device, information regarding the entity issuing the certificate (Para. 21, 22).

Cilfone et al. (US 2013/0086377 A1)—Cilfone discloses generating and issuing a CSR, wherein the certificate includes an issuer name, an issuer UUID, a subject UUID, and a public key (Para. 142, 149).

Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  


Any inquiry concerning this communication or earlier communications from the examiner should be directed to JEREMY DUFFIELD whose telephone number is (571)270-1643. The examiner can normally be reached Monday - Friday, 7:00 AM - 3:00 PM (ET).
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Yin-Chen Shaw can be reached on (571) 272-8878. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, 




18 March 2022
/Jeremy S Duffield/Primary Examiner, Art Unit 2498