Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
DETAILED ACTION
This Office Action is in response to the communication and claim amendment filed on 11/15/2021; claims 8, 10-11, 12, and 14-15 were cancelled; claims 1, 3-7, 9 13, 16-17, and 18-20 have been amended; claim 21-26 have been added; and claims 1, 18, and 19 are independent claims.  Claims 1-7, 9, 13, and 16-26 have been examined and are pending.  This Action is made FINAL.
Response to Arguments
Applicant's arguments, see page 13, filed 11/15/2021, with respect to the 35 U.S.C. § 101 rejection of claims 1-17 have been fully considered and are persuasive.  The 35 U.S.C. § 101 rejection of claims 3, 6, 7, 9, 13, 16, and 17 has been withdrawn.  The rejection of claims 1-2, 4-5, and 25 under 35 U.S.C. § 101 are maintained for the following reasons:
Regarding claim 1, claim 1 is rejected under 35 USC 101 because the claims are/is directed to an abstract idea without being integrated into a practical application nor being significantly more.
The claim reciting the limitations “determining a non-readable attestation …;” “determining a readable attestation …;” and “determining an authentication ...” are directed to an abstract idea as the claims recite mental process.   Accordingly, the claim (i.e., electronically, processor/memory, computing devices).  However, said additional elements are recited at a high-level of generality (i.e., as a generic processor performing a generic computer function of determining/sending/receiving etc.,) such that it amounts no more than mere instructions to apply the exception using a generic computer component. Accordingly, this additional element does not integrate the abstract idea into a practical application because it does not impose any meaningful limits on practicing the abstract idea. Therefore, the claim is not integrated into a practical application.
The claim does not include additional elements that are sufficient to amount to significantly more than the judicial exception because the additional elements when considered both individually and as an ordered combination do not amount to significantly more than the abstract idea.  Generic computer components recited as performing generic computer functions that are well understood, routine and conventional activities amount to no more than implementing the abstract idea with a computerized system.  Therefore, the claim is directed to non-statutory subject matter.
The claim does not include additional elements that are sufficient to amount to significantly more than the judicial exception. As discussed above with respect to integration of the abstract idea into a practical application, the additional element of using a processor to perform comparison step amounts to no more than mere instructions to apply the exception using a generic computer component. Mere instructions to apply an exception using a generic computer component cannot provide an inventive concept. The claim is not patent eligible.

Similarly,
Regarding claims 2, 4-5, and 25; claims 2, 4-5, and 25 are rejected under 35 USC 101 because the claims are/is directed to an abstract idea without being integrated into a practical application nor being significantly more.
The claims reciting the limitations “determining the authentication ..;” “determining an unknown location of the device …;” “determining the readable element ...” are directed to an abstract idea as the claims recite mental process.   Accordingly, the claim recites an abstract idea.  This judicial exception is not integrated into a practical application.  It’s noted that the claims recite additional elements (i.e., electronically, processor/memory, adding, computing devices).  However, said additional elements are recited at a high-level of generality (i.e., as a generic processor performing a generic computer function of determining/sending/receiving etc.,) such that it amounts no more than mere instructions to apply the exception using a generic computer component. Accordingly, this additional element does not integrate the abstract idea into a practical application because it does not impose any meaningful limits on practicing the abstract idea. Therefore, the claim is not integrated into a practical application.
The claims do not include additional elements that are sufficient to amount to significantly more than the judicial exception because the additional elements when considered both individually and as an ordered combination do not amount to significantly more than the abstract idea.   
As mentioned above, although the claims recite additional elements/steps such as “adding the readable attestation …,”  “using the interface … …,”, said elements taken individually or as a combination, do not result in the claim amounting to significantly more 

Applicant's arguments, see pages 13-18, filed 11/15/2021, with respect to the 35 U.S.C. § 103 rejection of claims 1-17 have been fully considered.  
Applicants argue: The claims are believed to stand improperly rejected under 35 U.S.C. § 103 due to the cited references at least failing to sufficiently suggest or disclose the use of readable and non-readable elements when generating attestations for purposes of authenticating trust and identity of a device. (Applicant Remarks/Arguments, pages 13-18)
The Examiner disagrees with the Applicants. The Examiner respectfully submits that the combination of Kekitcheff and Krahn does disclose readable and non-readable elements when generating attestations for purposes of authenticating trust and identity of a device as the following:
Kekitcheff discloses electronically determining a non-readable attestation for the device from a non-readable element of the device (Kekitcheff: par. 0004, centrally pre-assign known numbers to devices and bind them to owners at the time of manufacture; par. 0014, The identifier [i.e. non-readable element] is secure in that it is unaltered after generation, but is not secret in that once generated, the identifier may be shared with other entities beyond the device); 
electronically determining a readable attestation for the device from a readable element of the device (Kekitcheff: par. par. 0033, the user device 102 is connected network to the connected device 130 via a physical connection , a Bluetooth TM or near-field communication (NFC)[ i.e. readable-element]); 
Krahn discloses determining an authentication for the device based on a comparison of the non-readable attestation and the readable attestation, the authentication being sufficient to indicate trust in an identity of the device (Krahn: Col. 6, lines 35-39,  In some implementations, a generalized endorsement credential, which may be a digital certificate for the generalized endorsement key, can be sent as part of the specialized endorsement [i.e. digital certificate] to certificate authority server 110;  Col. 6, limes 55-65, In some implementations, specialized endorsement credential 148 may be provided to certificate authority server 110 in a request for an attestation identity credential needed by security module 180 (or computing device on which the security module resides).  Certificate authority server 110 may determine whether one or more extended integrity measurements in specialized endorsement 148 are valid.  The validity [i.e., sufficient to indicate trust] may be determined by certificate authority server 110 based on a comparison of the extended integrity measurements to one or more valid extended integrity measurements stored at device information database 194 [i.e. generating an authentication for the device based on a comparison of the attestation]). 
without specifically pointing out how the language of the claims patentably distinguishes them from the references.
Claim Rejections - 35 USC § 101
35 U.S.C. 101 reads as follows: 
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.

Claims 1-2, 4-5, and 25 are rejected under 35 U.S.C. 101 as being directed to non-statutory subject matter.
Regarding claim 1, claim 1 is rejected under 35 USC 101 because the claims are/is directed to an abstract idea without being integrated into a practical application nor being significantly more.
The claim reciting the limitations “determining a non-readable attestation …;” “determining a readable attestation …;” and “determining an authentication ...” are directed to an abstract idea as the claims recite mental process.   Accordingly, the claim recites an abstract idea.  This judicial exception is not integrated into a practical application.  It’s noted that the claims recite additional elements (i.e., electronically, processor/memory, computing devices).  However, said additional elements are recited at a high-level of generality (i.e., as a generic processor performing a generic computer function of determining/sending/receiving etc.,) such that it amounts no more than mere instructions to apply the exception using a generic computer component. Accordingly, this not integrated into a practical application.
The claim does not include additional elements that are sufficient to amount to significantly more than the judicial exception because the additional elements when considered both individually and as an ordered combination do not amount to significantly more than the abstract idea.  Generic computer components recited as performing generic computer functions that are well understood, routine and conventional activities amount to no more than implementing the abstract idea with a computerized system.  Therefore, the claim is directed to non-statutory subject matter.
The claim does not include additional elements that are sufficient to amount to significantly more than the judicial exception. As discussed above with respect to integration of the abstract idea into a practical application, the additional element of using a processor to perform comparison step amounts to no more than mere instructions to apply the exception using a generic computer component. Mere instructions to apply an exception using a generic computer component cannot provide an inventive concept. The claim is not patent eligible.
Similarly,
Regarding claims 2, 4-5, and 25; claims 2, 4-5, and 25 are rejected under 35 USC 101 because the claims are/is directed to an abstract idea without being integrated into a practical application nor being significantly more.
reciting the limitations “determining the authentication ..;” “determining an unknown location of the device …;” “determining the readable element ...” are directed to an abstract idea as the claims recite mental process.   Accordingly, the claim recites an abstract idea.  This judicial exception is not integrated into a practical application.  It’s noted that the claims recite additional elements (i.e., electronically, processor/memory, adding, computing devices).  However, said additional elements are recited at a high-level of generality (i.e., as a generic processor performing a generic computer function of determining/sending/receiving etc.,) such that it amounts no more than mere instructions to apply the exception using a generic computer component. Accordingly, this additional element does not integrate the abstract idea into a practical application because it does not impose any meaningful limits on practicing the abstract idea. Therefore, the claim is not integrated into a practical application.
The claims do not include additional elements that are sufficient to amount to significantly more than the judicial exception because the additional elements when considered both individually and as an ordered combination do not amount to significantly more than the abstract idea.   
As mentioned above, although the claims recite additional elements/steps such as “adding the readable attestation …,”  “using the interface … …,”, said elements taken individually or as a combination, do not result in the claim amounting to significantly more than the abstract idea because as the additional elements perform generic computer content distributing functions routinely used in information technology field.  Generic computer components recited as performing generic computer functions that are well understood, routine and conventional activities amount to no more than implementing the abstract idea 

Claim Rejections - 35 USC § 112
The following is a quotation of the first paragraph of 35 U.S.C. 112(a):
(a) IN GENERAL.—The specification shall contain a written description of the invention, and of the manner and process of making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it pertains, or with which it is most nearly connected, to make and use the same, and shall set forth the best mode contemplated by the inventor or joint inventor of carrying out the invention.

The following is a quotation of the first paragraph of pre-AIA  35 U.S.C. 112:
The specification shall contain a written description of the invention, and of the manner and process of making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it pertains, or with which it is most nearly connected, to make and use the same, and shall set forth the best mode contemplated by the inventor of carrying out his invention.
Claims 6 and 23 are rejected under 35 U.S.C. 112(a) or 35 U.S.C. 112 (pre-AIA ), first paragraph, as failing to comply with the written description requirement. The claim(s) contains subject matter which was not described in the specification in such a way as to reasonably convey to one skilled in the relevant art that the inventor or a joint inventor, or for applications subject to pre-AIA  35 U.S.C. 112, the inventor(s), at the time the application was filed, had possession of the claimed invention.
Regarding claim 6, the claim recites the limitation “the another device using the interface to wirelessly transmit a request message to the device for requesting the readable attestation, the device subsequently using the interface to responsively transmit a response message to the another device, the response message including the readable attestation  (emphasis added). However, the aforementioned limitations are not discussed in the specification.  At most is the paragraph of 0013 of the original specification.   The Examiner respectfully requests the Applicant point out where in the specification support can be found for the aforementioned newly added limitations.  Applicant is required to cancel the new matter in the reply to this Office Action.
Regarding claim 23, the claim recites the limitation “wherein the first device reads the readable element with a camera.”  (emphasis added).  However, the aforementioned limitations are not discussed in the specification. At most is the paragraphs of 0015 and 0018 of the original specification. The Examiner respectfully requests the Applicant point out where in the specification support can be found for the aforementioned newly added limitations.  Applicant is required to cancel the new matter in the reply to this Office Action.
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1-2, 4, 19, and 22 are rejected under 35 U.S.C. 103 as being unpatentable over Kekitcheff et al. (“Kekicheff,” US 2018/0091498, filed Sep. 27, 2016) in view of Krahn (“Krahn.
Regarding claim 1, Kekitcheff discloses a method for authenticating trust in an identity of a device, the method comprising: 
electronically determining a non-readable attestation for the device from a non-readable element of the device (Kekitcheff: par. 0004, centrally pre-assign known numbers to devices and bind them to owners at the time of manufacture; par. 0014, The identifier [i.e. non-readable element] is secure in that it is unaltered after generation, but is not secret in that once generated, the identifier may be shared with other entities beyond the device); 
electronically determining a readable attestation for the device from a readable element of the device (Kekitcheff: par. par. 0033, the user device 102 is connected network to the connected device 130 via a physical connection, a Bluetooth TM or near-field communication (NFC)[ i.e. readable element]); 
Kekicheff does not explicitly disclose determining an authentication for the device based on a comparison of the non-readable attestation and the readable attestation, the authentication being sufficient to indicate trust in an identity of the device.
However, in an analogous art Krahn discloses, wherein determining an authentication for the device based on a comparison of the non-readable attestation and the readable attestation, the authentication being sufficient to indicate trust in an identity of the device (Krahn: Col. 6, lines 35-39,  In some implementations, a generalized endorsement credential, which may be a digital certificate for the generalized endorsement key, can be sent as part of the specialized endorsement [i.e. digital certificate] to certificate authority server 110;  Col. 6, limes 55-65, In some implementations, specialized endorsement credential 148 may be provided to certificate authority server 110 in a request for an attestation identity credential needed by security module 180 (or computing device on which the security module resides).  Certificate authority server 110 may determine whether one or more extended integrity measurements in specialized endorsement 148 are valid.  The validity [i.e., sufficient to indicate trust] may be determined by certificate authority server 110 based on a comparison of the extended integrity measurements to one or more valid extended integrity measurements stored at device information database 194 [i.e. generating an authentication for the device based on a comparison of the attestation]).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teaching of Krahn with the method and system of Kekicheff, wherein determining an authentication for the device based on a comparison of the non-readable attestation and the readable attestation, the authentication being sufficient to indicate trust in an identity of the device. One would have been motivated to allow an endorsement authority to provide a generalized endorsement key to a security module, where the security module is associated with a computing device and where the generalized endorsement key is independent of characteristics of the computing device, a specialized endorsement credential can be automatically generated (e.g., generated upon receipt of a generalized endorsement key) where the specialized endorsement credential includes one or more of a model, hardware identification or batch of the computing device (Krahn: Col. 3, lines 5-31).
Regarding claim 2, the combination of Kekicheff and Krahn teaches the method of claim 1.  The combination of Kekicheff and Krahn further teaches performing the comparison at a trust authority operating independently of the device (Kekicheff: fig. 5, par. 0033; Krahn: Col. 6, limes 55-65), the trust authority determining the non-readable (Kekicheff: fig. 5, par. 0033, the user device 102 is connected network to the connected device130 via a physical connection, a Bluetooth TM or near-field communication (NFC); Krahn: Col. 6, limes 55-65, Certificate authority server 110 [i.e. a trust authority]may determine whether one or more extended integrity measurements in specialized endorsement 148 are valid… ) and  determining the readable attestation through separate communications with another device in proximity to the device (Kekicheff: fig. 5, par. 0033, the user device 102 is connected network to the connected device130 via a physical connection, a Bluetooth TM or near-field communication (NFC); Krahn: Col. 6, limes 55-65, Certificate authority server 110 may determine whether one or more extended integrity measurements in specialized endorsement 148 are valid… ).
Regarding claim 4, the combination of Kekicheff and Krahn teaches the method of claim 2. The combination of Kekicheff and Krahn further discloses further comprising adding the readable attestation to the readable element and the non-readable attestation to the device in an application process (Kekitcheff: par. 0004, centrally pre-assign known numbers to devices and bind them to owners at the time of manufacture; par. 0014, The identifier [i.e. non-readable]  is secure in that it is unaltered after generation, but is not secret in that once generated, the identifier may be shared with other entities beyond the device; par. 0033, the user device 102 is connected network to the connected device 130 via a physical connection , a Bluetooth TM or near-field communication (NFC)[ i.e. readable-element]), the application process resulting in the device being operable to share the readable attestation through an interface (Kekitcheff: par. 0004, par. 0014, 0033) and inoperable to share the non-readable attestation through the interface, the another device (Kekitcheff: par. 0004, par. 0014, 0033; fig. 5, p ar. 0037 network connection 131).
Regarding claim 19, Kekitcheff teaches an authentication system comprising:
a first device having an attestation separately stored on a readable element and a non-readable element (Kekitcheff: par. 0004, centrally pre-assign known numbers to devices and bind them to owners at the time of manufacture; par. 0014, The identifier [i.e. non-readable element] is secure in that it is unaltered after generation, but is not secret in that once generated, the identifier may be shared with other entities beyond the device; Kekitcheff:  par. 0033, the user device 102 is connected network to the connected device 130 via a physical connection , a Bluetooth TM or near-field communication (NFC)[ readable-element]);
a second device reading the attestation from the readable element (Kekicheff:  fig. 5, par. 0032, connected device 130; providing a user interface for downloading the application 112; par. 0033, the user device 102 is connected network to the connected device130  via a physical connection, a Bluetooth TM or near-field communication (NFC)); and 
Kekitcheff  discloses the second device generating the second message to include the attestation from the readable element but does not does not explicitly disclose a trusted authority generating an authentication for use in assessing trust in an identity of the first device based on a comparison of a first message to a second message, the first device generating the first message to include the attestation from the non-readable element.
(Krahn: Col. 6, lines 35-39,  In some implementations, a generalized endorsement credential, which may be a digital certificate for the generalized endorsement key, can be sent as part of the specialized endorsement to certificate authority server 110;  Col. 6, limes 55-65, In some implementations, specialized endorsement credential 148 may be provided to certificate authority server 110 in a request for an attestation identity credential needed by security module 180 (or computing device on which the security module resides).  Certificate authority server 110  may determine whether one or more extended integrity measurements in specialized endorsement 148 are valid.  The validity  may be determined by certificate authority server 110 based on a comparison of the extended integrity measurements to one or more valid extended integrity measurements stored at device information database 194 [i.e. generating an authentication for the device based on a comparison of the attestation]).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teaching of Krahn with the method and system of Kekicheff,  to include “a trusted authority generating an authentication for use in assessing trust in an identity of the first device based on a comparison of a first message to a second message, the first device generating the first message to include the attestation from the non-readable element”. One would have been motivated to allow an endorsement authority to provide a generalized endorsement key to a security module, where the security module is associated with a computing device and  (Krahn: Col. 3, lines 5-31).
Regarding claim 22, the combination of Kekicheff, and Krahn discloses the system of claim 19.  The combination of Kekicheff, and Krahn further discloses wherein the readable element is included within the first device as part of a display, a user interface, a universal serial bus (USB) interface, a near-field communication (NFC) interface, a Bluetooth interface or an optically readable image (Kekicheff:  par. 0033, the user device 102 is connected network to the connected device130 via a physical connection, a Bluetooth TM or near-field communication).
Claim 3 is rejected under 35 U.S.C. 103 as being unpatentable over Kekitcheff et al. (“Kekicheff,” US 2018/0091498, filed Sep. 27, 2016) in view of Krahn (“Krahn,” US 9,692,599, published Jun. 27, 2017), further in view of Bade et al. (“Bade,” US 2006/0090070, published Apr. 27, 20006).
Regarding claim 3, the combination of Kekitcheff and Krahn teaches the method of claim 2.  The combination of Kekitcheff and Krahn further teaches comprising transmitting the non-readable attestation from the trusted authority for storage on the non-readable element but does not explicitly disclose, the trusted authority using a key to encrypt the non-readable attestation prior to receipt at the device, the trusted authority 
However, in an analogous art Bade discloses, wherein the trusted authority using a key to encrypt the non-readable attestation prior to receipt at the device, the trusted authority transmitting the non-readable attestation without also transmitting the key such that the device is unaware of the key (Bade: par. 0008 the information associated with the binding is generally encrypted and is stored in non-volatile storage within the device by the manufacturer . With the above-described mechanism, only a trusted system can access data associated with or stored within a particular device, dramatically reducing the impact of misappropriation or misuse of removable devices.).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teaching of Bade with the method and system of Kekicheff and Krahn, to include the trusted authority using a key to encrypt the non-readable attestation prior to receipt at the device, the trusted authority transmitting the non-readable attestation without also transmitting the key such that the device is unaware of the key. One would have been motivated to provide level of security against data mining by misappropriation or misuse of removable devices (Bade: par. 0008).
Claim 5 is rejected under 35 U.S.C. 103 as being unpatentable over Kekitcheff et al. (“Kekicheff,” US 2018/0091498, filed Sep. 27, 2016) in view of Krahn (“Krahn,” US 9,692,599, published Jun. 27, 2017), further in view of Chang (“Chang,.
Regarding claim 5, the combination of Kekicheff and Krahn teaches the method of claim 2. The combination of Kekicheff and Krahn discloses an interface for communication with an another but does not explicitly disclose using the interface to optically scan the readable attestation.
However, in an analogous art, Chang discloses using the interface to optically scan the readable attestation (Chang: par. 0007, An identification device wherein said device could be used to identify the I.D.  with the way of using the bar code, electronic code or the integrated circuit (IC) card through the way of bar code scanner, the reader or the card reader).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teaching of Chang  with the method and system of Kekicheff and Krahn, to include using the interface to optically scan the readable attestation One would have been motivated to provide the on the scene staffs to notice the policemen in a quick time during the happening of abrupt events, thus guarding the property and life safety. The system communicates in a wireless communication manner and hence it is not limited by the location (Chang: pars. 0030-31).
Claim 6 is rejected under 35 U.S.C. 103 as being unpatentable over Kekitcheff et al. (“Kekicheff,” US 2018/0091498, filed Sep. 27, 2016) in view of Krahn (“Krahn,” US 9,692,599, published Jun. 27, 2017), further in view of Noma et al. (“Noma,” US 2007/0136202, published Jun. 14, 2007).
Regarding claim 6, the combination of Kekicheff and Krahn teaches the method of claim 4.  The combination of Kekicheff and Krahn further discloses the another device (Kekicheff:  fig. 5, pars. 0032-0033, connected device 130 providing a user interface for downloading the application 112) but does not explicitly disclose the another device using the interface to wirelessly transmit a request message to the device for requesting the readable attestation, the device subsequently using the interface to responsively transmit a response message to the another device, the response message including the readable attestation.
However, in an analogous art, Noma discloses the another device using the interface to wirelessly transmit a request message to the device for requesting the readable attestation, the device subsequently using the interface to responsively transmit a response message to the another device, the response message including the readable attestation (Noma: par. 0039, when the personal terminal 30 transmits a QR code obtaining request to the personal-information managing apparatus 10 (see (1) in FIG. 1), the personal-information managing apparatus 10 having received this request generates a QR code for accessing corresponding personal information (see (2) in FIG. 1), and transmits the QR code to the personal terminal 30).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teaching of Noma with the method and system of Kekicheff and Krahn to include “the another device using the interface to wirelessly transmit a request message to the device for requesting the readable attestation, the device subsequently using the interface to responsively transmit a response message to the another device, the response message including the readable attestation.” One would have been motivated to provide method that can increase convenience of  (Noma: abstract, pars. 0002, 0010).
Claim 16 is rejected under 35 U.S.C. 103 as being unpatentable over Kekitcheff et al. (“Kekicheff,” US 2018/0091498, filed Sep. 27, 2016) in view of Krahn (“Krahn,” US 9,692,599, published Jun. 27, 2017), further in view of Chang (“Chang,” US 2004/0235448, published Nov. 25 2004).
Regarding claim 16, the combination of Kekicheff and Krahn teaches the method of claim 1.  Kekitcheff further discloses generating the readable attestation and the non-readable attestation as a number or a series of bits (Kekitcheff: par. 0004, centrally pre-assign known numbers to devices and bind them to owners at the time of manufacture; par. 0014, The identifier is secure in that it is unaltered after generation, but is not secret in that once generated, the identifier may be shared with other entities beyond the device) but does not explicitly disclose wherein the readable attestation being generated as part of a bar code or QR code, the non-readable attestation being generated as part of a chipset, a silicone or a wafer.
However, in an analogous art, Chang discloses wherein the readable attestation being generated as part of a bar code or QR code, the non-readable attestation being generated as part of a chipset, a silicone or a wafer (Chang: par. 0007, An identification device wherein said device could be used to identify the I.D. with the way of using the bar code, electronic code or the integrated circuit (IC) [i.e. chipset]  card through the way of bar code scanner, the reader or the card reader).
(Chang: pars. 0030-31).
Claims 25 and 13 are rejected under 35 U.S.C. 103 as being unpatentable over Kekitcheff et al. (“Kekicheff,” US 2018/0091498, filed Sep. 27, 2016) in view of Krahn (“Krahn,” US 9,692,599, published Jun. 27, 2017), further in view of Bade et al. (“Bade,” US 2006/0090070, published Apr. 27, 20006).
Regarding claim 25, the combination of Kekitcheff and Krahn teaches the method of claim 1.  The combination of Kekitcheff and Krahn further discloses further comprising a trusted authority performing the comparison (Kekicheff: fig. 5, par. 0033, the user device 102 is connected network to the connected device130 via a physical connection, a Bluetooth TM or near-field communication (NFC); Krahn: Col. 6, limes 55-65, Certificate authority server 110 [i.e. a trust authority]may determine whether one or more extended integrity measurements in specialized endorsement 148 are valid… ) in response to receiving a first message from the device and a second message from an another device, the first message including the non-readable attestation and the second message including the readable attestation, the another device operating in proximity to and  (Kekicheff: fig. 5, par. 0033, the user device 102  is connected network to the connected device130 via a physical connection, a Bluetooth TM or near-field communication (NFC); Krahn: Col. 6, limes 55-65, Certificate authority server 110 may determine whether one or more extended integrity measurements in specialized endorsement 148 are valid…) but does not explicitly disclose the another device having been previously verified by the trust authority as trusted.
However, in an analogous art, Bade discloses the another device having been previously verified by the trust authority as trusted (Bade: par. 0013, binding an initial trusted device; See also, par. 0009, …initial installation of a trusted device into a system, the new device must be bound to the system in order for the device to initialize according to the above-described security methodology).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teaching of Bade with the method and system of Kekitcheff and Krahn, wherein the another device having been previously verified by the trust authority as trusted. One would have been motivated to provide level of security against data mining by misappropriation or misuse of removable devices (Bade: par. 0008).
Regarding claim 13, the combination of Kekicheff, Krahn, and Bade teaches the method of claim 25. The combination of Kekicheff, Krahn, and Bade, further comprising: 
 the trusted authority electronically transmitting an authentication message to indicate the authentication being sufficient for provisioning the device when the non-readable attestation matches with the readable attestation (Krahn: Col. 5, lines 9-10, client computing devices 190, Col. 7, lines 2-6, Certificate authority server 110 compare the extended integrity measurements to one or more valid extended integrity measurements in valid specialized endorsement credentials stored at the device information database 194. When the one or more extended integrity measurements in the specialized endorsement are valid the certificate authority server 110 may generate and provide attestation identity credential. Receipt of attestation identity credential 144 at security module 180 can validate that the specialized endorsement credential 148 is bound to an authentic security module or that security module 180 is authentic [i.e. matching]); and
the trusted authority electronically transmitting an authentication message to indicate the authentication being insufficient for provisioning the device when the non-readable attestation fails to match with the readable attestation (Krahn: Col. 7, lines 14-19; Otherwise, the requested attestation identity credential 144 may not be provided by the certificate authority server 110 to security module 180 indicating that the specialized endorsement credential 148 is not bound to an authentic security module or that security module 180 may not be authentic [i.e. fails to match]) but do not explicitly “the readable element being unaltered since a time of association with the non-readable element when the non-readable attestation matches with the readable attestation”  and “the readable element being altered since the time of association with the non-readable element when the non-readable attestation fails to match with the readable attestation.”
Although Kekicheff, Krahn, and Bade do not explicitly the readable element being unaltered since a time of association with the non-readable element when the non-readable attestation matches with the readable attestation” and “the readable element being 
However, these additional features above can be easily derived from the features of the combination of Kekicheff, Krahn, and Bade (Krahn: Col. 5, lines 9-10, client computing devices 190, Col. 7, lines 2-6; Krahn: Col. 7, lines 14-19; Bade: par. 0013, binding an initial trusted device; See also, par. 0009,).
Claims 7, 9, and 17 are rejected under 35 U.S.C. 103 as being unpatentable over Kekitcheff et al. (“Kekicheff,” US 2018/0091498, filed Sep. 27, 2016) in view of Krahn (“Krahn,” US 9,692,599, published Jun. 27, 2017), further in view of Bade et al. (“Bade,” US 2006/0090070, published Apr. 27, 20006), and Kiukkonen et al. (“Kiukkonen,” US 2013/0309971, published Nov. 21, 2013).
 Regarding claim 7, the combination of Kekitcheff, Krahn, and Bade teaches the method of claim 25.   The combination of Kekicheff, Krahn, and Bade further discloses further comprising:  
the trusted authority electronically transmitting an authentication message to indicate the authentication being sufficient for provisioning the device when the non-readable attestation matches with the readable attestation (Krahn: Col. 5, lines 9-10, client computing devices 190, Col. 7, lines 2-6, Certificate authority server 110 compare the extended integrity measurements to one or more valid extended integrity measurements in valid specialized endorsement credentials stored at the device information database 194. When the one or more extended integrity measurements in the specialized endorsement are valid the certificate authority server 110 may generate and provide attestation identity credential. Receipt of attestation identity credential 144 at security module 180 can validate that the specialized endorsement credential 148 is bound to an authentic security module or that security module 180 is authentic [i.e. matching]); and
the trusted authority electronically transmitting the authentication message
to indicate the authentication being insufficient for provisioning the device when the non-readable attestation fails to match with the readable attestation (Krahn: Col. 7, lines 14-19; Otherwise, the requested attestation identity credential 144 may not be provided by the certificate authority server 110 to security module 180 indicating that the specialized endorsement credential 148 is not bound to an authentic security module or that security module 180 may not be authentic [i.e. fails to match]) but do  not explicitly “to onboard with an access point.”
However, in an analogous art, Kiukkonen discloses “to onboard with access point” (Kiukkonen: par. 0232, The authentication information, such as a password or key, is passed by the access point AP over the backbone network 37 to the access rights server 35.  The authentication module in the access rights server 35 stores the authentication information, such as a password or key, to compare with credentials to be submitted by the guest device B when it accesses the access point AP.  This will enable guest device B to setup an IEEE 802.11 in-band short-range carrier communication connection with the access point AP according to the IEEE 802.11 in-band short-range carrier communication connection parameters).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teaching of Kiukkonen with the method and system of Kekicheff and Krahn, to include “to onboard with access  (Kiukkonen: abstract; par. 0233).
Regarding claim 9, the combination of Kekicheff, Krahn, Bade, and Kiukkonen taches the method of claim 7.  The combination of Kekicheff, Krahn, Bade, and Kiukkonen further disclose further comprising executing a provisioning process for the device when the authentication is sufficient, the provisioning process including the another device providing information to the device needed for the device to onboard with the access point, the onboard occurring based on signals exchanged between the device and the access point (Kekicheff: fig. 5, par. 0033; Krahn: Col. 5, lines 9-10, client computing devices 190, Col. 7, lines 2-6, Certificate authority server 110 compare the extended integrity measurements to one or more valid extended integrity measurements in valid specialized endorsement credentials stored at the device information database 194. When the one or more extended integrity measurements in the specialized endorsement are valid the certificate authority server 110 may generate and provide attestation identity credential. Receipt of attestation identity credential 144 at security module 180 can validate that the specialized endorsement credential 148 is bound to an authentic security module or that security module 180 is authentic [i.e. matching]; Kiukkonen: par. 0232).
Regarding claim 17, the combination of Kekicheff, Krahn, Bade, and Kiukkonen teaches the method of claim 9.  The combination further disclosesfurther comprising generating the readable element to include a public key (Bade: par. 0026, The present invention uses encryption and public/private key to secure binding-related communications between devices) and/or a plurality of attributes associated with the device, the another device recovering the public key and/or the plurality of attributes from the readable element, the provision process relying on the public key and/or the plurality of attributes to facilitate generating the information.
Claim 18 is rejected under 35 U.S.C. 103 as being unpatentable over Kekitcheff et al. (“Kekicheff,” US 2018/0091498, filed Sep. 27, 2016) in view of Krahn (“Krahn,” US 9,692,599, published Jun. 27, 2017), futher in view of Kiukkonen et al. (“Kiukkonen,” US 2013/0309971, published Nov. 21, 2013).\
Regarding claim 18, Kekicheff teaches a non-transitory computer-readable medium having a plurality of instructions executable with a processor of a trusted authority for authenticating trust in an identity of a device, the plurality of instructions being sufficient for:
 generating a readable attestation and a non-readable attestation for the device (Kekitcheff: par. 0004, centrally pre-assign known numbers to devices and bind them to owners at the time of manufacture; par. 0014, The identifier [i.e. non-readable element] is secure in that it is unaltered after generation, but is not secret in that once generated, the identifier may be shared with other entities beyond the device;  par. 0033, the user device 102 is connected network to the connected device 130 via a physical connection , a Bluetooth TM or near-field communication (NFC)[ i.e. readable element]);
communicating the readable attestation for storage on a readable element of the device and communicating the non-readable attestation for storage on a non-readable (Kekitcheff: par. 0025, device binding system 190 not only includes the device 102 and the authority 150 but the certificate authority 170 as well.  In such embodiments, the authority 150 also includes cryptographic services 158 and other related information that may include certificates 160 issued by a certificate authority (CA) 170 for verification of the device credentials, when presented; See also pars. 0026, 0033); and
Kekitcheff further discloses communicating the readable attestation for storage on a readable element of the device and including the readable attestation, the another device obtaining the readable attestation from the readable element and communicating the non-readable attestation for storage on a non-readable element of the device  as recited above but does not explicitly disclose generating an authentication for the device based on a comparison of a first message to a second message.
However, in an analogous art, Krahn discloses generating an authentication for the device based on a comparison of a first message to a second message (Krahn: Col. 5, lines 9-10, client computing devices 190; Col. 6, lines 35-39;  Col. 6, limes 55-65, In some implementations, specialized endorsement credential 148 [i.e. digital certificate] may be provided to certificate authority server 110 in a request for an attestation identity credential needed by security module 180 (or computing device on which the security module resides).  Certificate authority server 110 may determine whether one or more extended integrity measurements in specialized endorsement 148 are valid.  The validity may be determined by certificate authority server 110 based on a comparison of the extended integrity measurements to one or more valid extended integrity measurements stored at device information database 194 [i.e. generating an authentication for the device based on a comparison of the attestation])
 (Krahn: Col. 3, lines 5-31).
The combination of Kekitcheff and Krahn teaches the first message being transmitted from the device and including the non-readable attestation, the second message being transmitted from an another device as recited above but does not explicitly display transmission through an access point.
However, in an analogous art, Kiukkonen discloses “transmission through an access point” (Kiukkonen: par. 0232, The authentication information, such as a password or key, is passed by the access point AP over the backbone network 37 to the access rights server 35.  The authentication module in the access rights server 35 stores the authentication information, such as a password or key, to compare with credentials to be submitted by the guest device B when it accesses the access point AP.  This will enable guest device B to setup an IEEE 802.11 in-band short-range carrier communication connection with the access point AP according to the IEEE 802.11 in-band short-range carrier communication connection parameters).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teaching of Kiukkonen with the method and system of Kekicheff and Krahn, to include “transmission through an access point”. One would have been motivated to enable the hosting apparatus to generate unique random numbers so as to improve security of the hosting apparatus.  The method enables making operation of touching the hosting apparatus to the guest apparatus due to desire for apparatuses to communicate, so that identity information reduces delays in connection setup (Kiukkonen: abstract; par. 0233).
Claim 20 is rejected under 35 U.S.C. 103 as being unpatentable over Kekitcheff et al. (“Kekicheff,” US 2018/0091498, filed Sep. 27, 2016) in view of Krahn (“Krahn,” US 9,692,599, published Jun. 27, 2017), further in view of Kiukkonen et al. (“Kiukkonen,” US 2013/0309971, published Nov. 21, 2013).
Regarding claim 20, the combination of Kekicheff, and Krahn discloses the system of claim 19.  Kekicheff, and Krahn do not explicitly disclose wherein the second device exchanges signals with the first device when the authentication indicates trust in the identity of the first device,  the first device transmitting the first message to the trusted authority independently of the second device transmitting the second message to the trusted authority, the trusted authority indicating trust in the identity when the attestations within the first and second message match (Kekicheff: fig. 5, par. 0033, the user device 102 is connected network to the connected device130 via a physical connection, a Bluetooth TM or near-field communication; Krahn: Col. 6, limes 55-65, Certificate authority server 110 may determine whether one or more extended integrity measurements in specialized endorsement 148 are valid… ;  Col. 5, lines 9-10, client computing devices 190, Col. 7, lines 2-6, Certificate authority server 110 compare the extended integrity measurements to one or more valid extended integrity measurements in valid specialized endorsement credentials stored at the device information database 194. When the one or more extended integrity measurements in the specialized endorsement are valid the certificate authority server 110 may generate and provide attestation identity credential. Receipt of attestation identity credential 144 at security module 180 can validate that the specialized endorsement credential 148 is bound to an authentic security module or that security module 180 is authentic [i.e. matching, i.e. trust]) and mistrust in the identity when the attestations within the first and second messages fail to match  (Kekicheff: fig. 5, par. 0033, the user device 102 is connected network to the connected device130 via a physical connection, a Bluetooth TM or near-field ; Krahn: Col. 7, lines 14-19; Otherwise, the requested attestation identity credential 144 may not be provided by the certificate authority server 110 to security module 180 indicating that the specialized endorsement credential 148 is not bound to an authentic security module or that security module 180 may not be authentic [i.e. fails to match]) but does not explicitly disclose “automatically onboarding the first device to an access point.”
However, in an analogous art, Kiukkonen discloses “automatically onboarding the first device to an access point” (Kiukkonen: par. 0232, The authentication information, such as a password or key, is passed by the access point AP over the backbone network 37 to the access rights server 35.  The authentication module in the access rights server 35 stores the authentication information, such as a password or key, to compare with credentials to be submitted by the guest device B when it accesses the access point AP.  This will enable guest device B to setup an IEEE 802.11 in-band short-range carrier communication connection with the access point AP according to the IEEE 802.11 in-band short-range carrier communication connection parameters).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teaching of Kiukkonen with the method and system of Kekicheff and Krahn, to include “automatically onboarding the first device to an access point” One would have been motivated to enable the hosting apparatus to generate unique random numbers so as to improve security of the hosting apparatus.  The method enables making operation of touching the hosting apparatus to the guest apparatus due to desire for apparatuses to communicate, so that identity information reduces delays in connection setup (Kiukkonen: abstract; par. 0233).
Claim 21 is rejected under 35 U.S.C. 103 as being unpatentable over Kekitcheff et al. (“Kekicheff,” US 2018/0091498, filed Sep. 27, 2016) in view of Krahn (“Krahn,” US 9,692,599, published Jun. 27, 2017), further in view of Gulati (“Gulati,” US 2018/0041341, filed Aug. 3, 2017).
Regarding claim 21, the combination of Kekicheff, and Krahn discloses the system of claim 19. Kekicheff, and Krahn do not explicitly disclose wherein the non-readable element is hardwired within the first device as part of a chipset, a silicone or a wafer.
(Gulati: par. 0249, The silicon vendor device certificate 926 is set of data elements that securely define the identity of one of the secure elements, such as the programmable devices 128 or trusted device 130. The silicon vendor device certificate 926 can include the device identification 302, a silicon vendor public key 954, and/or other security information; par. 0280).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teaching of Gulati with the method and system of Kekicheff and Krahn, to include “the non-readable element is hardwired within the first device as part of a chipset, a silicone or a wafer”. One would have been motivated to simplify elimination of unauthorized accesses and device cloning using a two-way communication mechanism that includes additional steps of performing secure acknowledgement or secure identification. The system simplifies subsequent detection and authentication of unauthorized devices using parameters associated with unauthorized programmable devices that are saved to facilitate subsequent processing and to improve overall performance of the system (Gulati: pars. 0037, 0212).
Claim 26 is rejected under 35 U.S.C. 103 as being unpatentable over Kekitcheff et al. (“Kekicheff,” US 2018/0091498, filed Sep. 27, 2016) in view of Krahn (“Krahn,” US 9,692,599, published Jun. 27, 2017), further in view of Gulati (“Gulati,” US 2018/0041341, filed Aug. 3, 2017), and Kiukkonen et al. (“Kiukkonen.
Regarding claim 26, the combination of Kekicheff, Krahn, and Gulati discloses the system of claim 21.  The combination of Kekicheff, Krahn, and Gulati discloses the trusted authority contemporaneously receiving the first and second messages but does not explicitly disclose following transport through an access point, the another device having previously onboarded with the access point, the device not having previously onboarded with the access open.
However, in an analogous art, Kiukkonen discloses transport through an access point, the another device having previously onboarded with the access point (Kiukkonen: par. 0232, The authentication information, such as a password or key, is passed by the access point AP over the backbone network 37 to the access rights server 35.  The authentication module in the access rights server 35 stores the authentication information, such as a password or key, to compare with credentials to be submitted by the guest device B when it accesses the access point AP.  This will enable guest device B to setup an IEEE 802.11 in-band short-range carrier communication connection with the access point AP according to the IEEE 802.11 in-band short-range carrier com 
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teaching of Kiukkonen with the method and system of Kekicheff, Krahn, and Gulati to include “transport through an access point, the another device having previously onboarded with the access point”. One would have been motivated to enable the hosting apparatus to generate unique random numbers so as to improve security of the hosting apparatus.  The method enables making operation of touching the hosting apparatus to the guest apparatus due to desire for  (Kiukkonen: abstract; par. 0233).
Claim 23 is rejected under 35 U.S.C. 103 as being unpatentable over Kekitcheff et al. (“Kekicheff,” US 2018/0091498, filed Sep. 27, 2016) in view of Krahn (“Krahn,” US 9,692,599, published Jun. 27, 2017), further in view of Fasbender et al. (“Fasbender,” US 2011/0176524, published Jul. 21, 2011).
Regarding claim 23, the combination of Kekicheff, and Krahn discloses the system of claim 19.  Kekicheff, and Krahn do not explicitly discloses wherein the first device reads the readable element with a camera.
However, in an analogous art, Fasbender discloses wherein the first device reads the readable element with a camera.
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teaching of Fasbender with the method and system of Kekicheff and Krahn, to include wherein the first device reads the readable element with a camera. One would have been motivated to exploits benefits of operator-controlled service delivery and charging, while enabling virtually any consumer electronic device to consume operator-offered services (Fasbender: par. 0012).
Claim 24 is rejected under 35 U.S.C. 103 as being unpatentable over Kekitcheff et al. (“Kekicheff,” US 2018/0091498, filed Sep. 27, 2016) in view of Krahn (“Krahn,” US 9,692,599, published Jun. 27, 2017), further in view of Roth et al. (“Roth.
Regarding claim 24, the combination of Kekicheff, and Krahn discloses the system of claim 19. Kekicheff, and Krahn do not explicitly disclose wherein the trusted authority instructs the first device to transmit the first message with a signature, the trusted authority requiring verification of the signature before generating the authentication.
However, in an analogous art, Roth discloses wherein the trusted authority instructs the first device to transmit the first message with a signature, the trusted authority requiring verification of the signature before generating the authentication (Roth: Col. 27, lines 40-59, receiving 2102 a signed message M from a client. As noted, a signed message may comprise the message and a signature for the message. … When a determination is made 2108 whether the signature is verified, appropriate action may be taken. For example, if it is determined 2108 that a signature is not verified, then appropriate action may be taken 2110 such as described above. Similarly, when it is determined 2108 that the signature is in fact verified, then appropriate action may be taken 2112, also as described above).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teaching of Roth with the method and system of Kekicheff, and Krahn to include “wherein the trusted authority instructs the first device to transmit the first message with a signature, the trusted authority requiring verification of the signature before generating the authentication”. One would have been motivated to ensure that services are provided in a secure manner (Roth: Col. 3, lines 50-51).
Conclusion
Applicant’s amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a). 
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to Canh Le whose telephone number is 571-270-1380. The examiner can normally be reached on Monday to Friday 6:00AM to 3:30PM other Friday off.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Luu Pham can be reached on 571-270-5002.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. 
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information 

/Canh Le/
Examiner, Art Unit 2439

March 13th, 2022



/LUU T PHAM/Supervisory Patent Examiner, Art Unit 2439