DETAILED ACTION
This action is in response to amendments/arguments filed 11/11/2022. Claims 1, 2 and 4-20 are pending with claims 1, 2, 4-20 having been amended.

Priority
Acknowledgment is made of applicant's claim for foreign priority under 35 U.S.C. 119(a)-(d).  The certified copy has been received.

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Terminal Disclaimer
The terminal Disclaimer filed 1/11/2022 has been approved 1/11/2022

Response to Arguments
Applicant's arguments filed 1/11/2022 have been fully considered 
A) Applicant's arguments with respect to claim 1 that Askar (US 10,291,477) in view of Alexander et al (2010/0043062) does not teaches “a first user hub device” have been fully considered but they are not persuasive. 
Regarding A) it is noted the claim reads “a first user device” not “a first user hub device” as argued. Askar teaches a first user device/a first user hub device in figure 4 step 2 and column 10 lines 54-59 i.e. In step 2, an loT device 420 may establish a local area network (LAN) connection with the hub device 430 (i.e. claimed a first user device/a first user hub device)).
B) Applicant's arguments with respect to claim 1 that Askar (US 10,291,477) in view of Alexander et al (2010/0043062) does not teaches the new amended limitation of “wherein at least one of the two humanly perceptible components is an identifying humanly perceptible component” have been fully considered and are not persuasive.  
Regarding B) Alexander teaches wherein at least one of the two humanly perceptible components is an identifying humanly perceptible component in paragraph 0072-0074 i.e. In some embodiments, image-based authentication may include generating a graphical display, such as an image grid, that may display images from different categories, including at least one preselected authentication category. The location of the categories in the graphical display may be randomized. The specific image for each category may be chosen randomly from a database of images for that specific category. Each image can be overlaid with a randomly generated image identifier. The user may select or input the image identifiers (or password elements) corresponding to the images or icons selected within the arrangement. Selected image identifiers can then be communicated by the client system to the server system. The server system can compare the user selected image identifiers relative to a reference password, and further analyze related information with any other associated authentication data that may be stored in a memory within the server system. Upon the correct entry of the one or more image identifiers, which matches the reference password, authentication of the user can be completed).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Askar in view of Alexander to include the graphic authentication of Alexander of transmitting a sequence of images that include both images that were initially registered, and other images that are not registered and having the user/device identify those images that he had previously registered to the authentication of Askar to increase the security of the authentication by ensuring correlation between the selected image with the preselected images (see Alexander paragraph 0074).
C) Applicant's arguments with respect to claim 1 that Askar (US 10,291,477) in view of Alexander et al (2010/0043062) does not teaches “receiving, over the hub link, a responsive message from the second user hub device” have been fully considered but they are not persuasive
Regarding C) it is noted the claim reads “receiving, over the hub link, a responsive message from the second user device” not “receiving, over the hub link, a responsive message from the second user hub device” as argued. Askar teaches receiving, over the hub link, a responsive message from the second user device in figure 4 step 7-8 and column 12 lines 15-31 i.e. In step 7, the IoT device 420 may send a request for service registration to the hub device 430…The IoT device 420 may send the request at some point after the IoT device 420 receives the security token from the hub device 430. In addition, the request for service registration may include the security token that was previously received from the hub device 430. In step 8, the hub device 430 may determine whether the security token included in the request for service registration corresponds to the security token previously provided from the hub device 430 to the loT device 420 (in step 5)). If so, the hub device 430 may authenticate the loT device 420. In other words, the hub device 430 may authenticate the loT device 420 based on the security token received from the loT device 420);
D) Applicant's arguments with respect to claim 1 that Askar (US 10,291,477) ) in view of Alexander et al (2010/0043062) does not teaches “determining whether the responsive message includes a selection of the identifying humanly perceptible component” and “when a result of the determining is affirmative, establishing an authenticated session over the hub link between the first device and the second device” because examiner relies upon operations performed by Askar hub device and not the recited “first user device” have been fully considered but they are not persuasive. 
Regarding D) It is noted that claim reads “first user device” and “second used device” and makes no distinction which one is the hub device. In arguments on page 9 application argued the first user device is a hub device and not an IOT device for the limitation. Now on page 12 application argued the first user device is not a hub device and the second user device is the hub device while again the claims make no distinction which user device is the hub device.
 
Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.


The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.


Claims 2, 6 and 8-10 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA  35 U.S.C. 112, the applicant), regards as the invention.
Claim 2 recites the limitation "the first user hub device" in line 2.  There is insufficient antecedent basis for this limitation in the claim. 
Claim 2 recites the limitation "the second user hub device" in line 2-3.  There is insufficient antecedent basis for this limitation in the claim. 
Claim 6 recites the limitation "the first user hub device" in line 2.  There is insufficient antecedent basis for this limitation in the claim. 
Claim 6 recites the limitation "the second user hub device" in line 3 and 4.  There is insufficient antecedent basis for this limitation in the claim. 
Claim 8 recites the limitation "the first user hub device" in line 2.  There is insufficient antecedent basis for this limitation in the claim. 
Claim 8 recites the limitation "the second user hub device" in line 3.  There is insufficient antecedent basis for this limitation in the claim. 
Claim 9 recites the limitation "the first user hub device" in line 3.  There is insufficient antecedent basis for this limitation in the claim. 
Claim 9 recites the limitation "the second user hub device" in line 4.  There is insufficient antecedent basis for this limitation in the claim. 
Claim 10 recites the limitation "the first user hub device" in line 2.  There is insufficient antecedent basis for this limitation in the claim. 
Claim 10 recites the limitation "the second user hub device" in line 3-4.  There is insufficient antecedent basis for this limitation in the claim. 

Claim Rejections - 35 USC § 112
The following is a quotation of the first paragraph of 35 U.S.C. 112(a):
(a) IN GENERAL.—The specification shall contain a written description of the invention, and of the manner and process of making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it pertains, or with which it is most nearly connected, to make and use the same, and shall set forth the best mode contemplated by the inventor or joint inventor of carrying out the invention.

The following is a quotation of the first paragraph of pre-AIA  35 U.S.C. 112:
The specification shall contain a written description of the invention, and of the manner and process of making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it pertains, or with which it is most nearly connected, to make and use the same, and shall set forth the best mode contemplated by the inventor of carrying out his invention.

Claims 13-20 are rejected under 35 U.S.C. 112(a) or 35 U.S.C. 112 (pre-AIA ), first paragraph, as failing to comply with the written description requirement. The claim(s) contains subject matter which was not described in the specification in such a way as to reasonably convey to one skilled in the relevant art that the inventor or a joint inventor, or for applications subject to pre-AIA  35 U.S.C. 112, the inventor(s), at the time the application was filed, had possession of the claimed invention.
The specification does not disclose the amended limitation of “establishing a hub link between the first user hub device and a second user hub device”. The specification discloses establishing a hub link between the first user hub device and a second user device in which one device is always a hub device and the other is always an IOT device. Nowhere in the specification in a link established between two hub device. Figure 3 and paragraph 0052 of the specification clearly teach establishing a hub link between an IOT device and a hub device.

Claim Rejections - 35 USC § 103
Claims 1, 4, 8, 10-13, 15, 16, 18 and 20 are rejected under 35 U.S.C. 103 as being unpatentable over Askar (US 10,291,477) in view of Alexander et al (2010/0043062) in view of Findling et al “Towards Device-to-User Authentication: Protecting Against Phishing Hardware by Ensuring Mobile Device Authenticity using Vibration Patterns”.
With respect to claim 1 Askar teaches a process comprising: 
at a first user device (see Askar figure 4 step 2 and column 10 lines 54-59 i.e. In step 2, an loT device 420 may establish a local area network (LAN) connection with the hub device 430),
establishing a hub link with a second device (see Askar figure 4 step 2 and column 10 lines 54-59 i.e. In step 2, an loT device 420 may establish a local area network (LAN) connection with the hub device 430. The loT device 420 may be preconfigured with hub connection information. The hub connection information may include a service set identifier (SSID) associated with the hub device 430 and instructions to connect to the hub device 430); 
wherein at least one perceptible components is an identifying perceptible component (see Askar figure 4 step 5 and column 11 lines 49-55 i.e. a security token); 
sending, over the hub link, an initial authentication signal that includes the identifying perceptible component (see Askar figure 4 step 5 and column 11 lines 49-55 i.e. In step 5, the hub device 430 may provide a security token to the loT device 420 after the request for hub registration is validated at the hub device 430);
receiving, over the hub link, a responsive message from the second device (see Askar column 11 lines 4-15 i.e. After the connection is established between the loT device 420 and the hub device 430, subsequent communications between the loT device 420 and the hub device 430 may be encrypted for security purposes. The communications between the loT device 420 and the hub device 430 may be encrypted using security keys. The security keys may be derived based on various types of information (e.g., the SSID, loT device information) known to the loT device 420 and/or the hub device 430); 
determining whether the responsive message includes a selection of the identifying perceptible component (see Askar column 12 lines 24-31 i.e. In step 8, the hub device 430 may determine whether the security token included in the request for service registration corresponds to the security token previously provided from the hub device 430 to the loT device 420 (in step 5)). If so, the hub device 430 may authenticate the loT device 420. In other words, the hub device 430 may authenticate the loT device 420 based on the security token received from the loT device 420); and 
when a result of the determining is affirmative, establishing an authenticated session over the hub link between the first device and the second device (see Askar figure 4 step 10 and column 12 lines 45-60 i.e. The IoT service 440 may verify the dedicated security certificate and setup the connection with the IoT device 420. After the connection is established, the IoT device 420 may securely communicate IoT device data to the IoT service 440. The IoT device 420 may perform the IoT device data communications in accordance with a message queue telemetry transport (MQTT) protocol, which may be used as a lightweight messaging protocol for use on top of a transmission control protocol (TCP)/Internet Protocol (IP) protocol. The IoT device 420 may communicate the IoT device data directly to the IoT service 440, or alternatively, the IoT device may communicate the IoT device data to the IoT service 440 via the hub device 430).
Askar does not teach randomly generating at least two humanly perceptible components; wherein the initial authentication signal includes a second humanly perceptible components.
Alexander teaches randomly generating at least two humanly perceptible components; wherein the initial authentication signal includes a second humanly perceptible components (see Alexander paragraph 0072-0074 i.e. In some embodiments, image-based authentication may include generating a graphical display, such as an image grid, that may display images from different categories, including at least one preselected authentication category. The location of the categories in the graphical display may be randomized. The specific image for each category may be chosen randomly from a database of images for that specific category. Each image can be overlaid with a randomly generated image identifier. The user may select or input the image identifiers (or password elements) corresponding to the images or icons selected within the arrangement. Selected image identifiers can then be communicated by the client system to the server system. The server system can compare the user selected image identifiers relative to a reference password, and further analyze related information with any other associated authentication data that may be stored in a memory within the server system. Upon the correct entry of the one or more image identifiers, which matches the reference password, authentication of the user can be completed).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Askar in view of Alexander to include the graphic authentication of Alexander of transmitting a sequence of images that include both images that were initially registered, and other images that are not registered and having the user/device identify those images that he had previously registered to the authentication of Askar to increase the security of the authentication by ensuring correlation between the selected image with the preselected imags (see Alexander paragraph 0074).

With respect to claim 8 Askar teaches the process of claim 1, further comprising: at the first user hub device, receiving, from the second user hub device and over the hub link, a cryptological component securing the responsive message; and decrypting the responsive message based on the cryptological component (see Askar column 11 lines 4-15 i.e. After the connection is established between the loT device 420 and the hub device 430, subsequent communications between the loT device 420 and the hub device 430 may be encrypted for security purposes. The communications between the loT device 420 and the hub device 430 may be encrypted using security keys. The security keys may be derived based on various types of information (e.g., the SSID, loT device information) known to the loT device 420 and/or the hub device 430).

With respect to claim 10 Askar teaches the process of claim 1, further comprising: at the first user hub device, communicatively coupling, via an external hub link, the second user hub device with a third device (see Askar figure 4 step 10 and column 12 lines 45-60 i.e. The IoT service 440 may verify the dedicated security certificate and setup the connection with the IoT device 420. After the connection is established, the IoT device 420 may securely communicate IoT device data to the IoT service 440. The IoT device 420 may perform the IoT device data communications in accordance with a message queue telemetry transport (MQTT) protocol, which may be used as a lightweight messaging protocol for use on top of a transmission control protocol (TCP)/Internet Protocol (IP) protocol. The IoT device 420 may communicate the IoT device data directly to the IoT service 440, or alternatively, the IoT device may communicate the IoT device data to the IoT service 440 via the hub device 430).

With respect to claim 11 Askar teaches the process of claim 10, wherein the external hub link utilizes, in a first part, the hub link to connect the first user hub device with the second user hub device and, in a second part, a second hub link to connect the first user device with the third device (see Askar figure 4 step 10 and column 12 lines 45-60 i.e. The IoT service 440 may verify the dedicated security certificate and setup the connection with the IoT device 420. After the connection is established, the IoT device 420 may securely communicate IoT device data to the IoT service 440. The IoT device 420 may perform the IoT device data communications in accordance with a message queue telemetry transport (MQTT) protocol, which may be used as a lightweight messaging protocol for use on top of a transmission control protocol (TCP)/Internet Protocol (IP) protocol. The IoT device 420 may communicate the IoT device data directly to the IoT service 440, or alternatively, the IoT device may communicate the IoT device data to the IoT service 440 via the hub device 430).

With respect to claim 12 Askar teaches the process of claim 11, wherein the third device is at least one of data source, a satellite service provider, a terrestrial service provider, a streaming server, a web server, and a service provider (see Askar column 4 lines 17-22 i.e. The lol devices 140 may establish a connection with an loT service 115, such as an application for managing the environment in the factory, and then the loT devices 140 may periodically upload loT device data (e.g., temperature data, humidity data, and air flow data) to the loT service 115).

With respect to claim 13 Askar teaches a first user hub comprising: 
a hardware processor (see Askar column 17 lines 12-39 i.e. The processor 812 may represent multiple processors and the memory 820 may represent multiple memory units that operate in parallel to the processing circuits. This may provide parallel processing channels for the processes and data in the system. The local interface 818 may be used as a network to facilitate communication between any of the multiple processors and multiple memories); 
a data storage device (see Askar column 17 lines 12-39 i.e. The processor 812 may represent multiple processors and the memory 820 may represent multiple memory units that operate in parallel to the processing circuits. This may provide parallel processing channels for the processes and data in the system. The local interface 818 may be used as a network to facilitate communication between any of the multiple processors and multiple memories); and 
a communications module operable using at least one of a short-range communications technology, an intermediate range communication technology; and a long range communications technology (See Askar column 7 lines 52-59 i.e. The network 250 may include any useful computing network, including an intranet, the Internet, a local area network, a wide area network, a wireless data network, or any other such network or combination thereof. Components utilized for such a system may depend at least in part upon the type of network and/or environment selected. Communication over the network may be enabled by wired or wireless connections and combinations thereof); and 
wherein the data storage device stores non-transitory hardware processor executable instructions instructing the first user hub device to: 
establishing a hub link the hub and a first user hub device and a second user hub device (see Askar figure 4 step 2 and column 10 lines 54-59 i.e. In step 2, an loT device 420 may establish a local area network (LAN) connection with the hub device 430. The loT device 420 may be preconfigured with hub connection information. The hub connection information may include a service set identifier (SSID) associated with the hub device 430 and instructions to connect to the hub device 430); 
wherein at least one perceptible components is an identifying perceptible component (see Askar figure 4 step 5 and column 11 lines 49-55 i.e. a security token); 
send, to the first device and over the hub link, an initial authentication signal that includes the identifying perceptible component (see Askar figure 4 step 5 and column 11 lines 49-55 i.e. In step 5, the hub device 430 may provide a security token to the loT device 420 after the request for hub registration is validated at the hub device 430);
receive, from the second user hub device and over the hub link, a responsive message (see Askar column 11 lines 4-15 i.e. After the connection is established between the loT device 420 and the hub device 430, subsequent communications between the loT device 420 and the hub device 430 may be encrypted for security purposes. The communications between the loT device 420 and the hub device 430 may be encrypted using security keys. The security keys may be derived based on various types of information (e.g., the SSID, loT device information) known to the loT device 420 and/or the hub device 430); 
determine whether the responsive message includes a selection of the identifying perceptible component (see Askar column 12 lines 24-31 i.e. In step 8, the hub device 430 may determine whether the security token included in the request for service registration corresponds to the security token previously provided from the hub device 430 to the loT device 420 (in step 5)). If so, the hub device 430 may authenticate the loT device 420. In other words, the hub device 430 may authenticate the loT device 420 based on the security token received from the loT device 420); and 
when a result of the determining is affirmative, establishing an authenticated session between the first user hub device and the second user hub device (see Askar figure 4 step 10 and column 12 lines 45-60 i.e. The IoT service 440 may verify the dedicated security certificate and setup the connection with the IoT device 420. After the connection is established, the IoT device 420 may securely communicate IoT device data to the IoT service 440. The IoT device 420 may perform the IoT device data communications in accordance with a message queue telemetry transport (MQTT) protocol, which may be used as a lightweight messaging protocol for use on top of a transmission control protocol (TCP)/Internet Protocol (IP) protocol. The IoT device 420 may communicate the IoT device data directly to the IoT service 440, or alternatively, the IoT device may communicate the IoT device data to the IoT service 440 via the hub device 430).
Askar does not teach randomly generating at least two humanly perceptible components; wherein the initial authentication signal includes a second humanly perceptible components.
Alexander teaches randomly generating at least two humanly perceptible components; wherein the initial authentication signal includes a second humanly perceptible components (see Alexander paragraph 0072-0074 i.e. In some embodiments, image-based authentication may include generating a graphical display, such as an image grid, that may display images from different categories, including at least one preselected authentication category. The location of the categories in the graphical display may be randomized. The specific image for each category may be chosen randomly from a database of images for that specific category. Each image can be overlaid with a randomly generated image identifier. The user may select or input the image identifiers (or password elements) corresponding to the images or icons selected within the arrangement. Selected image identifiers can then be communicated by the client system to the server system. The server system can compare the user selected image identifiers relative to a reference password, and further analyze related information with any other associated authentication data that may be stored in a memory within the server system. Upon the correct entry of the one or more image identifiers, which matches the reference password, authentication of the user can be completed).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Askar in view of Alexander to include the graphic authentication of Alexander of transmitting a sequence of images that include both images that were initially registered, and other images that are not registered and having the user/device identify those images that he had previously registered to the authentication of Askar to increase the security of the authentication by ensuring correlation between the selected image with the preselected imags (see Alexander paragraph 0074).

With respect to claim 15 Askar teaches the first user hub device of claim 14, wherein the non-transitory hardware processor executable instructions further instruct the hardware processor to: receive, from the second user hub device and over the hub link, a cryptological component securing the responsive message; and decrypt the responsive message based on the cryptological component (see Askar column 11 lines 4-15 i.e. After the connection is established between the loT device 420 and the hub device 430, subsequent communications between the loT device 420 and the hub device 430 may be encrypted for security purposes. The communications between the loT device 420 and the hub device 430 may be encrypted using security keys. The security keys may be derived based on various types of information (e.g., the SSID, loT device information) known to the loT device 420 and/or the hub device 430)..

With respect to claim 16 Askar teaches the first user hub device of claim 14, wherein the non-transitory hardware processor executable instructions are further operable to instruct the first user hub device to: communicatively couple, via an external hub link, the second user device with a third device; wherein the external hub link utilizes, in a first part, the hub link connecting the first user hub device with the second user hub device and, in a second part, a second hub link to connect the second user hub with the third device (see Askar figure 4 step 10 and column 12 lines 45-60 i.e. The IoT service 440 may verify the dedicated security certificate and setup the connection with the IoT device 420. After the connection is established, the IoT device 420 may securely communicate IoT device data to the IoT service 440. The IoT device 420 may perform the IoT device data communications in accordance with a message queue telemetry transport (MQTT) protocol, which may be used as a lightweight messaging protocol for use on top of a transmission control protocol (TCP)/Internet Protocol (IP) protocol. The IoT device 420 may communicate the IoT device data directly to the IoT service 440, or alternatively, the IoT device may communicate the IoT device data to the IoT service 440 via the hub device 430); and wherein the third device is at least one of data source, a satellite service provider, a terrestrial service provider, a streaming server, a web server, and an Internet service provider (see Askar column 4 lines 17-22 i.e. The lol devices 140 may establish a connection with an loT service 115, such as an application for managing the environment in the factory, and then the loT devices 140 may periodically upload loT device data (e.g., temperature data, humidity data, and air flow data) to the loT service 115).


With respect to claim 18 Askar teaches a non-transitory computer processor readable data storage medium comprising: 
hardware processor executable instructions which, when executed by a hardware processor in a first hub (see Askar column 17 lines 13-33 i.e. The components or modules that are shown as being stored in the memory device 820 may be executed by the processor 812. The term "executable" may mean a program file that is in a form that may be executed by a processor 812), establish an authenticated session between the first hub and a second hub device by facilitating operations including: 
establishing, by the first hub, a hub link with the second hub device (see Askar figure 4 step 2 and column 10 lines 54-59 i.e. In step 2, an loT device 420 may establish a local area network (LAN) connection with the hub device 430. The loT device 420 may be preconfigured with hub connection information. The hub connection information may include a service set identifier (SSID) associated with the hub device 430 and instructions to connect to the hub device 430); 
wherein at least one perceptible components is an identifying perceptible component (see Askar figure 4 step 5 and column 11 lines 49-55 i.e. a security token); 
sending, by the first hub over the hub link, an initial authentication signal that includes the identifying perceptible component (see Askar figure 4 step 5 and column 11 lines 49-55 i.e. In step 5, the hub device 430 may provide a security token to the loT device 420 after the request for hub registration is validated at the hub device 430);
receiving, by the first hub from the second hub over the hub link, a responsive message (see Askar column 11 lines 4-15 i.e. After the connection is established between the loT device 420 and the hub device 430, subsequent communications between the loT device 420 and the hub device 430 may be encrypted for security purposes. The communications between the loT device 420 and the hub device 430 may be encrypted using security keys. The security keys may be derived based on various types of information (e.g., the SSID, loT device information) known to the loT device 420 and/or the hub device 430); 
determining, by the first hub whether the responsive message includes a selection of the identifying perceptible component (see Askar column 12 lines 24-31 i.e. In step 8, the hub device 430 may determine whether the security token included in the request for service registration corresponds to the security token previously provided from the hub device 430 to the loT device 420 (in step 5)). If so, the hub device 430 may authenticate the loT device 420. In other words, the hub device 430 may authenticate the loT device 420 based on the security token received from the loT device 420); and 
when a result of the determining is affirmative, establishing an authenticated session over the hub link between the first hub device and the second hub (see Askar figure 4 step 10 and column 12 lines 45-60 i.e. The IoT service 440 may verify the dedicated security certificate and setup the connection with the IoT device 420. After the connection is established, the IoT device 420 may securely communicate IoT device data to the IoT service 440. The IoT device 420 may perform the IoT device data communications in accordance with a message queue telemetry transport (MQTT) protocol, which may be used as a lightweight messaging protocol for use on top of a transmission control protocol (TCP)/Internet Protocol (IP) protocol. The IoT device 420 may communicate the IoT device data directly to the IoT service 440, or alternatively, the IoT device may communicate the IoT device data to the IoT service 440 via the hub device 430).
Askar does not teach randomly generating at least two humanly perceptible components; wherein the initial authentication signal includes a second humanly perceptible components.
Alexander teaches randomly generating at least two humanly perceptible components; wherein the initial authentication signal includes a second humanly perceptible components (see Alexander paragraph 0072-0074 i.e. In some embodiments, image-based authentication may include generating a graphical display, such as an image grid, that may display images from different categories, including at least one preselected authentication category. The location of the categories in the graphical display may be randomized. The specific image for each category may be chosen randomly from a database of images for that specific category. Each image can be overlaid with a randomly generated image identifier. The user may select or input the image identifiers (or password elements) corresponding to the images or icons selected within the arrangement. Selected image identifiers can then be communicated by the client system to the server system. The server system can compare the user selected image identifiers relative to a reference password, and further analyze related information with any other associated authentication data that may be stored in a memory within the server system. Upon the correct entry of the one or more image identifiers, which matches the reference password, authentication of the user can be completed).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Askar in view of Alexander to include the graphic authentication of Alexander of transmitting a sequence of images that include both images that were initially registered, and other images that are not registered and having the user/device identify those images that he had previously registered to the authentication of Askar to increase the security of the authentication by ensuring correlation between the selected image with the preselected imags (see Alexander paragraph 0074).

With respect to claim 20 Askar teaches the non-transitory computer processor readable medium of claim 18, wherein the hardware processor executable instructions further facilitate operations comprising: communicatively coupling the second hub with at least one of a data source, a satellite service provider, a terrestrial service provider, a streaming server, a web server, and a service provider (see Askar column 4 lines 17-22 i.e. The lol devices 140 may establish a connection with an loT service 115, such as an application for managing the environment in the factory, and then the loT devices 140 may periodically upload loT device data (e.g., temperature data, humidity data, and air flow data) to the loT service 115).

Claims 4, 5, 7, 9 and 14 are rejected under 35 U.S.C. 103 as being unpatentable over Askar (US 10,291,477) in view of Alexander et al (2010/0043062) in view of Findling et al “Towards Device-to-User Authentication: Protecting Against Phishing Hardware by Ensuring Mobile Device Authenticity using Vibration Patterns”
With respect to claim 4 Askar teaches the process of claim 1, but does not disclose wherein at least one of the at least two humanly perceptible components includes at least one of a uniquely identifying sound, a uniquely identifying sequence of two or more sounds, and a uniquely identifying Morris code pattern that includes two or more sounds.
Findling teaches wherein at least one of the at least two humanly perceptible components includes at least one of a uniquely identifying sound, a uniquely identifying sequence of two or more sounds, and a uniquely identifying Morris code pattern that includes two or more sounds (see Findling section Device-to-User Authentication Approaches i.e. Sound, Analogous to using visual information, authentication information can be revealed via sound, For example, HAPADEP [15] uses a human recognizable MI codec transporting 240 bits of information in 3.45 (70 b/s}, which seams sufficient for DOU authentication tasks).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Askar in view of Findling to have used sound as one of many ways to provide mobile device-to-user (D2U) authentication (see Findling section Device-to-User Authentication Approaches / Sound). Therefore one would have been motivated to have sound as a way to provide mobile device-to-user (D2U) authentication.

	
With respect to claim 5 Askar teaches the process of claim 1, but does not disclose wherein the identifying humanly perceptible component includes at least one of a uniquely identifying vibration pattern, a uniquely identifying vibration frequency, and a uniquely identifying Morris code pattern that includes two or more vibrations.
Findling teaches wherein the identifying humanly perceptible component includes at least one of a uniquely identifying vibration pattern, a uniquely identifying vibration frequency, and a uniquely identifying Morris code pattern that includes two or more vibrations (see Findling section Preliminary Vibration Code)
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Askar in view of Findling to have used a uniquely identifying vibration pattern as a way to provide mobile device-to-user (D2U) authentication as one D2U feedback channel that is unobtrusive and hard to eavesdrop since a user study estimated vibration pattern recognition using a setup of 7 bits per second (b/s) that users are able to distinguish vibration correctness of 97.5 percent (See Findling Abstract). Therefore one would have been motivated to have used identifying vibration pattern as a way to provide mobile device-to-user (D2U) authentication.

With respect to claim 7 Askar teaches the process of claim 6, but does not disclose wherein the user data includes at least one of a fingerprint, a password, a pin, and a pattern.
Findling teaches wherein the user data includes at least one of a fingerprint, a password, a pin, and a pattern (see abstract i.e. Users usually authenticate to mobile devices before using thern (e.g. PIN, password)).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Askar in view of Findling to have used a PIN, password as a way to provide user-to-mobile device (U2D) authentication before being able to use the device (See Findling Abstract). Therefore one would have been motivated to have used a PIN, password as a way to provide user-to-mobile device (U2D) authentication.

With respect to claim 9 Askar teaches the process of claim 1, but does not disclose further comprising: before sending the authentication signal, presenting, by the first user hub device and in a humanly perceptible form, the identifying perceptible component to a user of the second user hub device.
Findling teaches further comprising: before sending the authentication signal, presenting, by the first user hub device and in a humanly perceptible form, the identifying perceptible component to a user of the second user hub device (see Findling section Device-to-User Authentication Approaches i.e. Sound, Analogous to using visual information, authentication information can be revealed via sound, For example, HAPADEP [15] uses a human recognizable MI codec transporting 240 bits of information in 3.45 (70 b/s}, which seams sufficient for DOU authentication tasks).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Askar in view of Findling to have used a uniquely identifying vibration pattern as a way to provide mobile device-to-user (D2U) authentication as one D2U feedback channel that is unobtrusive and hard to eavesdrop since a user study estimated vibration pattern recognition using a setup of 7 bits per second (b/s) that users are able to distinguish vibration correctness of 97.5 percent (See Findling Abstract). Therefore one would have been motivated to have used identifying vibration pattern as a way to provide mobile device-to-user (D2U) authentication.

With respect to claim 14 Askar teaches the first user hub device of claim 13, but does not disclose wherein at least one of the at least two perceptible components includes at least one of: a uniquely identifying sound; a uniquely identifying sequence of two or more sounds; a uniquely identifying Morris code pattern that includes two or more sounds; a uniquely identifying vibration pattern; a uniquely identifying vibration frequency; and a uniquely identifying Morris code pattern that includes two or more vibrations. 
Findling teraches wherein at least one of the at least two perceptible components includes at least one of: a uniquely identifying sound; a uniquely identifying sequence of two or more sounds; a uniquely identifying Morris code pattern that includes two or more sounds; a uniquely identifying vibration pattern; a uniquely identifying vibration frequency; and a uniquely identifying Morris code pattern that includes two or more vibrations (see Findling section Device-to-User Authentication Approaches i.e. Sound, Analogous to using visual information, authentication information can be revealed via sound, For example, HAPADEP [15] uses a human recognizable MI codec transporting 240 bits of information in 3.45 (70 b/s}, which seams sufficient for DOU authentication tasks).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Askar in view of Findling to have used a uniquely identifying vibration pattern as a way to provide mobile device-to-user (D2U) authentication as one D2U feedback channel that is unobtrusive and hard to eavesdrop since a user study estimated vibration pattern recognition using a setup of 7 bits per second (b/s) that users are able to distinguish vibration correctness of 97.5 percent (See Findling Abstract). Therefore one would have been motivated to have used identifying vibration pattern as a way to provide mobile device-to-user (D2U) authentication.

Claims 2, 6, 17 and 19 are rejected under 35 U.S.C. 103 as being unpatentable over Askar (US 10,291,477) in view of Alexander et al (2010/0043062) in view of Song et al (US 2015/0334554).
With respect to claim 2 Askar teaches the process of claim 1, wherein the hub link is established using at least one of the short range communications technology, an intermediate range communications technology, and a long range communications technology (see Askar column 7 lines 52-59 i.e. The network 250 may include any useful computing network, including an intranet, the Internet, a local area network, a wide area network, a wireless data network, or any other such network or combination thereof. Components utilized for such a system may depend at least in part upon the type of network and/or environment selected. Communication over the network may be enabled by wired or wireless connections and combinations thereof).
	Askar does not teach establishing a first connection between the first user hub device and the second user hub device; wherein a first connection is established before the hub link is established; wherein the first connection is established using short range communications technology.
Song teaches establishing a first connection between the first user hub device and the second user hub device; wherein a first connection is established before the hub link is established; wherein the first connection is established using short range communications technology (see Song paragraph 0314 i.e. The loT devices may include an accessible interface, for information exchange. The accessible interface may include a modem communication interface that can access at least one of a wired local area network (LAN), a wireless local area network and a mobile cellular network. The wireless local area network may be a network that can support Bluetooth (BT), Wireless Fidelity (Wi-Fi), Zigbee and the like). It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Askar in view of Song to have included Bluetooth in the loT devices accessible interface so that the loT device can also communicate on a Bluetooth network (see Song paragraph 0314).

With respect to claim 6 Asker teaches the process of claim 1, but does not disclose further comprising: at the first user hub device, receiving, from the second user hub device and over the hub link, user data uniquely identifying an intended user of the second user hub device for the authenticated session; and determining whether the intended user is authorized for the authenticated session. 
	Song teaches further comprising: at the first user hub device, receiving, from the second user hub device and over the hub link, user data uniquely identifying an intended user of the second user hub device for the authenticated session; and determining whether the intended user is authorized for the authenticated session (see Song paragraph 0385 i.e. Among the service providers, the smart home service provider 2850 may authenticate the user information received from the user 2812, and control the loT devices provided in the home of the user 2812 based on the value set in the server. For example, the smart home service provider 2850 may provide a smart home service for controlling heating/cooling-related loT devices installed in the home of the user 2812, loT devices related to energy resources such as gas, water and electricity, lol devices related to indoor conditions such as lighting, humidity and air cleaning).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Askar in view of Song to have the smart home service provider authenticate the user information received from the user in order to user authenticated control of the loT devices in the home of the user (see Song paragraph 0385).

With respect to claim 17 Asker teaches the first user hub device of claim 15, but does not disclose 17 wherein the non-transitory hardware processor executable instructions are further operable to instruct the first user hub device to: receive from the second user hub device and over the hub link, user data uniquely identifying an intended user of the second user hub device for the authenticated session; and determine whether the intended user is authorized for the authenticated session.
Song teaches wherein the non-transitory hardware processor executable instructions are further operable to instruct the first user hub device to: receive from the second user hub device and over the hub link, user data uniquely identifying an intended user of the second user hub device for the authenticated session; and determine whether the intended user is authorized for the authenticated session (see Song paragraph 0385 i.e. Among the service providers, the smart home service provider 2850 may authenticate the user information received from the user 2812, and control the loT devices provided in the home of the user 2812 based on the value set in the server. For example, the smart home service provider 2850 may provide a smart home service for controlling heating/cooling-related loT devices installed in the home of the user 2812, loT devices related to energy resources such as gas, water and electricity, lol devices related to indoor conditions such as lighting, humidity and air cleaning).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Askar in view of Song to have the smart home service provider authenticate the user information received from the user in order to user authenticated control of the loT devices in the home of the user (see Song paragraph 0385).

With respect to claim 19 Asker teaches the non-transitory computer processor readable medium of claim 18, but does not disclose wherein the hardware processor executable instructions further facilitate operations comprising: receiving from the second hub and over the hub link, user data uniquely identifying an intended user of the second hub device for the authenticated session; and determining whether the intended user is authorized for the authenticated session.
Song teaches wherein the hardware processor executable instructions further facilitate operations comprising: receiving from the second hub and over the hub link, user data uniquely identifying an intended user of the second hub device for the authenticated session; and determining whether the intended user is authorized for the authenticated session (see Song paragraph 0385 i.e. Among the service providers, the smart home service provider 2850 may authenticate the user information received from the user 2812, and control the loT devices provided in the home of the user 2812 based on the value set in the server. For example, the smart home service provider 2850 may provide a smart home service for controlling heating/cooling-related loT devices installed in the home of the user 2812, loT devices related to energy resources such as gas, water and electricity, lol devices related to indoor conditions such as lighting, humidity and air cleaning).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Askar in view of Song to have the smart home service provider authenticate the user information received from the user in order to user authenticated control of the loT devices in the home of the user (see Song paragraph 0385).
Prior Art
	Britt et al (2016/0197772) titled “SYSTEM AND METHOD FOR IMPLEMENTING INTERNET OF THINGS (IOT) REMOTE CONTROL APPLICATIONS” teaches his embodiment a single user may have multiple hubs 110-111 installed onsite at a single user premises 180 (e.g., the user's home or business). This may be done, for example, to extend the wireless range needed to connect all of the IoT devices 101-105. As indicated, if a user has multiple hubs 110, 111 they may be connected via a local communication channel (e.g., Wifi, Ethernet, Power Line Networking, etc). In one embodiment, each of the hubs 110-111 may establish a direct connection to the IoT service 120 through a cellular 115 or WiFi 116 connection (not explicitly shown in FIG. 1B). Alternatively, or in addition, one of the IoT hubs such as IoT hub 110 may act as a “master” hub which provides connectivity and/or local services to all of the other IoT hubs on the user premises 180, such as IoT hub 111 (as indicated by the dotted line connecting IoT hub 110 and IoT hub 111). For example, the master IoT hub 110 may be the only IoT hub to establish a direct connection to the IoT service 120. In one embodiment, only the “master” IoT hub 110 is equipped with a cellular communication interface to establish the connection to the IoT service 120. As such, all communication between the IoT service 120 and the other IoT hubs 111 will flow through the master IoT hub 110. In this role, the master IoT hub 110 may be provided with additional program code to perform filtering operations on the data exchanged between the other IoT hubs 111 and IoT service 120 (e.g., servicing some data requests locally when possible).


Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to DEVIN E ALMEIDA whose telephone number is (571)270-1018.  The examiner can normally be reached on Monday-Thursday from 7:30 A.M. to 5:00 P.M.  The examiner can also be reached on alternate Fridays from 7:30 A.M. to 4:00 P.M. 
If attempts to reach the examiner by telephone are unsuccessful, the examiner's supervisor, Saleh Najjar, can be reached on 571-272-4006. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free).
/DEVIN E ALMEIDA/Examiner, Art Unit 2492                                                                                                                                                                                                        


	
/SALEH NAJJAR/Supervisory Patent Examiner, Art Unit 2492