DETAILED ACTION
1.	This action is responsive to the communications filed on 02/02/2022.
2.	Claims 1-20 are pending in this application.
3.	Claims 1, 4, 8, 15, 18, have been amended.

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Response to Arguments
Applicant’s arguments with respect to claims 1-20 have been considered but are moot because the new ground of rejection does not rely on any reference applied in the prior rejection of record for any teaching or matter specifically challenged in the argument.

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

The factual inquiries for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.
Claims 1-20 are rejected under 35 U.S.C. 103 as being unpatentable over Logue (US 9,130,910) in view of Chung (US 2016/0323112) and Goetz et al. (US 2015/0220561).
Regarding claim 1, Logue disclosed:
A system, comprising: a computing device (Figure 8, device 500) comprising a processor and a memory (Column 23, Lines 3-12, processor and memory); and 
a set of machine-readable instructions stored in the memory that, when executed by the processor, cause the computing device to at least (Column 23, Lines 15-20, executing instructions): 
provide a machine-identifier to a cloud-based directory service, the machine-identifier uniquely identifying a client device from among a plurality of computing devices (Column 25, Lines 39-59, device 500 connects to service 502. Communication with service 502 through an interface to implement the cloud (i.e., cloud based directory service). Column 28, Lines 24-43, the service receives a message (i.e. providing) with an indication of provisioning status with header information identifying the device (i.e., client device). Column 28, Lines 44-53, the message received by the service includes a device identifier (i.e., machine identifier) that is used to lookup the particular provisioning information relevant to the device that is stored in a provisioning database); 
receive a token from the cloud-based directory service in response to providing the machine-identifier to the cloud-based directory service (Column 29, Lines 21-36, obtaining a device ID for device and looking up a certification bundle (i.e., token) for the device. The certification bundle includes a certificate for the device, a private key to be used by the device (i.e., receiving the certification bundle), and a pairing code); 
generate a package file that contains the token, the package file being associated with the machine-identifier (Column 29, Lines 37-53, using the device ID, the certification bundle is encrypted (i.e., generate a package file) using a key that is stored on the device at time of manufacture. The device decrypting the bundle); and 
provide the package to a cache server in network communication with the computing device (Column 29, Lines 50-53, sending the bundle to a remote location, such as a provisioning database (i.e., cache server)).
While Logue disclosed providing a machine identifier (see above), Logue does not explicitly disclose providing a machine identifier and administrative credentials.
However, in an analogous art, Chung disclosed providing a machine identifier and administrative credentials (Paragraph 28, when users using the computing devices 110a-z authenticate for the first time, credentials such as user names and passwords (i.e., administrative credentials) along with other information from the computing devices 112a-z may be received. Paragraph 35, along with the credentials, the receiver also receives client device specific information, such as a device unique identifier (i.e., machine identifier) from the client device).
	One of ordinary skill in the art would have been motivated to combine the teachings of Logue with Chung because they involve authenticating devices before allowing network connections, and as such, are within the same environment.  
	Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to incorporate the administrative credentials of Chung with the teachings of Logue in order to include advantageous security features in order to be more secure (Chung, Paragraph 54).
	While Logue and Chung disclosed receiving a token (see above), Logue and Chung did not explicitly disclose wherein the token is unique to the machine-identifier.
	However, in an analogous art, Goetz disclosed wherein the token is unique to the machine-identifier (Paragraph 73, a credential is an identifying token. The token is uniquely known and associated with the user’s identity. Unique machine identifying data is used as the credential, such as an IP address, MAC address, or serial number information. The identity based credential is unique to the user being identified).
	One of ordinary skill in the art would have been motivated to combine the teachings of Logue and Chung with Goetz because they involve authenticating devices before allowing network connections, and as such, are within the same environment.  
	Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to incorporate the token being unique to the machine-identifier of Goetz with the teachings of Logue and Chung in order to enable operational efficiency within the cloud computing system as a whole (Goetz, Paragraph 79).
	Regarding claims 8, 15, the claim is substantially similar to claim 1. Claim 15 recites a non-transitory computer readable medium and a processor (Chung, Column 21, Lines 38-50, processors and interfaces). Therefore, the claims are rejected under the same rationale. 
	Regarding claims 2, 9, the limitations of claims 1, 8, have been addressed. Logue, Chung, and Goetz disclosed:
	wherein the processor is a first processor; the memory is a first memory (Logue, Column 23, Lines 3-12, processor and memory); 
the set of machine-readable instructions are a first set of machine-readable instructions (Logue, Column 23, Lines 15-20, executing instructions); 
the cache server comprises a second processor and a second memory (Logue, Column 25, Lines 55-60, device receives provisioning data from the provisioning database. Column 25, Line 61 – Column 26, Line 2, the provisioning database is populated with information and stores information. As such, in order to send provisioning data and store provisioning data, a processor and memory would be necessary); and 
the system further comprises a second set of machine-readable instructions stored in the second memory that, when executed by the second processor, cause the cache server to at least: receive a request to apply the package file to the client device, the request comprising a machine-identifier of the client device (Logue, Column 16, Line 65 – Column 17, Line 3, transmitting the data upon receiving a request from a user. Column 27, Lines 1-19, device 500 sends a message that the device is not provisioned. Column 28, Lines 44-53, the message received by the service includes a device identifier (e.g., device serial number) that is used to lookup the particular provisioning information relevant to the device that is stored in a provisioning database); 
identify a package file associated with a machine-identifier of the client device (Logue, Column 25, Line 65 – Column 26, Line 22, the provisioning data stored in the database includes the device serial number, device ID, and the provisioning data. The requests from the device are referenced by a serial number with the provisioning database entries indexed by the device serial number); and 
apply the package file to the client device in response to confirmation that the machine-identifier matches the machine identifier associated with the package file, wherein application of the package file to the client device causes the token to be stored on the client device (Logue, Column 27, Lines 50-58, verifying that the provisioning information has been stored in the device. Column 28, Lines 54-67, the service determines whether the device ID in the request matches the device ID in the provisioning information).
Regarding claims 3, 10, the limitations of claims 2, 8, have been addressed. Logue, Chung, and Goetz disclosed:
wherein the client device comprises third processor, a third memory, and a third set of machine-readable instructions that, when executed, cause the client device to at least: obtain user credentials from a user of the client device (Chung, Paragraph 28, when users using the computing devices 110a-z authenticate for the first time, credentials such as user names and passwords (i.e., administrative credentials) along with other information from the computing devices 112a-z may be received. Paragraph 35, along with the credentials, the receiver also receives client device specific information, such as a device unique identifier (i.e., machine identifier) from the client device); and 
send a request to the cloud-based directory service to join a domain managed by the cloud-based directory service, the request comprising the user credentials and the token (Chung, Paragraph 5, a user of a client device requests access to a service. The user is prompted for credentials, such as ID and password. After providing the credentials, the credentials are exchanged for an authorization token so that in subsequent requests, the client device passes the token to the services).
For motivation, please refer to claim 1. 
Regarding claims 4, 12, the limitations of claims 3, 8, have been addressed. Logue, Chung, and Goetz disclosed:
wherein the client device sends the request to the cloud-based directory service to join the domain in response to a first login by the user (Chung, Paragraph 28, when users using the computing devices 110a-z authenticate for the first time, credentials such as user names and passwords (i.e., administrative credentials) along with other information from the computing devices 112a-z may be received. Paragraph 53, based on the authentication data, the service (i.e., cloud based directory service) to grant or deny the service request).
For motivation, please refer to claim 1. 

Regarding claims 5, 11, 16, the limitations of claims 1, 8, 15, have been addressed. Logue, Chung, and Goetz disclosed:
wherein the machine-readable instructions further cause the computing device to include in the package a name of a domain that the token authorizes the client device to join when the token is presented to the cloud-based directory service (Logue, Column 29, Lines 21-35, the certification bundle includes details that the device uses to connect to a network but the device did not have the certification bundle at the time the device was deployed. Thus, the device was unable to join a particular network (e.g., 802.15.4)(i.e., name of a domain)).
Regarding claims 6, 13, 19, the limitations of claims 1, 8, 15, have been addressed. Logue, Chung, and Goetz disclosed:
wherein the package file is a provisioning package file (Logue, Column 29, Lines 37-53, additional information is added to the certification bundle to form provisioning information).
Regarding claims 7, 14, 20, the limitations of claims 1, 8, 15, have been addressed. Logue, Chung, and Goetz disclosed:
wherein the cloud-based directory service implements at least a version of the lightweight directory access protocol (LDAP) (Goetz, Paragraph 82, RBAC analysis engine associated with an LDAP datastore like Active Directory or OpenLDAP).
For motivation, please refer to claim 1. 


Regarding claim 17, the limitations of claim 15 have been addressed. Logue, Chung, and Goetz disclosed:
wherein application of the package file to the client device by the cache server causes the token to be stored on the client device (Logue, Column 27, Lines 50-58, verifying that the provisioning information has been stored in the device).
Regarding claim 18, the limitations of claim 15 have been addressed. Logue, Chung, and Goetz disclosed:
wherein the token, when presented by the client device to the could-based directory service in conjunction with user credentials obtained by the client device, represents to the cloud-based directory service that the client device is authorized to join a domain managed by the cloud-based directory service (Chung, Paragraph 5, a user of a client device requests access to a service. The user is prompted for credentials, such as ID and password. After providing the credentials, the credentials are exchanged for an authorization token so that in subsequent requests, the client device passes the token to the services).
For motivation, please refer to claim 1. 

Conclusion
Examiner’s Note: In the case of amending the claimed invention, Applicant is respectfully requested to indicate the portion(s) of the specification which dictate(s) the structure relied on for proper interpretation and also to verify and ascertain the metes and bounds of the claimed invention.
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to Steven C Nguyen whose telephone number is (571)270-5663. The examiner can normally be reached M-F 7AM - 3PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Christopher Parry can be reached on 571-272-8328. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/S.C.N/Examiner, Art Unit 2451     

/Chris Parry/Supervisory Patent Examiner, Art Unit 2451