DETAILED ACTION
Claims 1-5 and 11-20 are presented for examination
Claims 6-10 have been cancelled

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Drawings
The drawings are objected to as failing to comply with 37 CFR 1.84(p)(5) because they include the following reference character(s) not mentioned in the description: Fig. 8’s reference number 10.
The drawings are objected to because Fig. 4 states in step S41 “if yes, disapproving and discarding the identity authentication result and executing, S42, and if no, executing S43” However, this is does not correspond with what is mentioned in the specification. It should be corrected to state “if no, disapproving and discarding the identity authentication result and executing, S42, and if yes, executing S43”
 Fig. 4 further states in step S43 that "determine whether the legal digital string meets a condition specified by the distributed consensus mechanism, if yes, executing S42, and if no, reaching a consensus...". However, this is does not correspond with what is mentioned in the specification. It should be corrected to state "determine whether the legal digital string meets a condition specified by the distributed consensus mechanism, if no, executing S42, and if yes, reaching a consensus..." .  
Corrected drawing sheets in compliance with 37 CFR 1.121(d) are required in reply to the Office action to avoid abandonment of the application. Any amended replacement drawing sheet should include all of the figures appearing on the immediate prior version of the sheet, even if only one figure is being amended. The figure or figure number of an amended drawing should not be labeled as “amended.” If a drawing figure is to be canceled, the appropriate figure must be removed from the replacement sheet, and where necessary, the remaining figures must be renumbered and appropriate changes made to the brief description of the several views of the drawings for consistency. Additional replacement sheets may be necessary to show the renumbering of the remaining figures. Each drawing sheet submitted after the filing date of an application must be labeled in the top margin as either “Replacement Sheet” or “New Sheet” pursuant to 37 CFR 1.121(d). If the changes are not accepted by the examiner, the applicant will be notified and informed of any required corrective action in the next Office action. The objection to the drawings will not be held in abeyance.

Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.


Claims 1, 4, 5, 11, 14, 16, and 19 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA  35 U.S.C. 112, the applicant), regards as the invention.
Claims 1, 11, and 16 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point and distinctly claim the subject matter which the inventor or a joint inventor, regards as the invention. The claims recite the limitation “cross-domain strong logical isolation”. The word strong is a relative term and therefore it renders the claims indefinite. For the purpose of examination, this limitation is interpreted as “cross-domain logical isolation”.
Claims 1 , 11, and 16 recite the limitation "the blockchain that is synchronously updated and stored locally ".  There is insufficient antecedent basis for this limitation in the claim, there is no previous mention of “and stored locally”. For the purpose of examination, this limitation is
interpreted as “a blockchain that is synchronously updated and stored locally ”.
Claims 4, 14, and 19 recite the limitation " the received identity authentication".   There is insufficient antecedent basis for this limitation in the claim. For the purpose of examination, this limitation is interpreted as “a received identity authentication”.
Claims 4, 14, and 19 recite the limitation " the identity authentication result generated by a third IoT gateway ".   There is insufficient antecedent basis for this limitation in the claim. For the purpose of examination, this limitation is interpreted as “an identity authentication result generated by a third IoT gateway”.
Claims 4are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point and distinctly claim the subject matter which the inventor or a joint inventor, regards as the invention. It is not clear why the same steps outlined in claim 4 are repeated. In S41, i This limitation is interpreted as follows: when the authentication result is different, other nodes are invoked to check for authentication. 
Furthermore, there is another infinite loop in S43 when the legal string does not meet the conditions specified, the process goes back to step S42 and there is no way to break out of from the loop because the legal string will not meet the conditions specified.  For the purpose of examination this limitation is interpreted as follows: if the legal string does not meet the conditions specified, access is denied. 
Claims 4, 14, and 19 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, for reciting the limitation “disproving and discarding” the identity authentication result. However, it is not clear how a consensus is obtained by discarding results received from other IOT gateways. For the purpose of examination this limitation has been interpreted as rather than just disproving and discarding, reaching a consensus among other nodes authentication. 
Claim 5 recites the limitation "the blockchain".  There is insufficient antecedent basis for this limitation in the claim. For the purpose of examination, this limitation is interpreted as “the blockchain”.


Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1, 4, 11, 14, 16, and 19 are rejected under 35 U.S.C. 103 as being unpatentable over CHEN (US-20180212970-A1) in view of AGRAWAL (US-20180302222-A1), and further in view of CUI (CN-107424066-B), hereinafter CHEN-AGRAWAL-CUI.

Regarding claim 1, CHEN teaches “A method for cross-domain strong logical isolation and secure access control in the Internet of Things (IoT), comprising: ([CHEN, para. 0053] “FIG. 7 is a flow diagram illustrating an exemplary process 700 for performing distributed authentication in an IoT network. In one implementation, process 700 may be implemented by one or more devices in private domain 240. In another implementation, process 700 may be implemented by one or more devices in private domain 240 in conjunction with a device in public domain 242.”) S1, receiving an identity authentication request from a host outside a domain by a target IoT gateway in the domain, packaging the identity authentication request into a release requesting data packet, and broadcasting the release requesting data packet to all IoT gateways in the domain excluding the target IoT gateway; ([CHEN, para. 0054 ] “Process 700 may include receiving an access request from a node in an IoT network with an authenticated user (block 705), and identifying if the request is from a trusted node (block 710). For example, a user (or app) of user device 150 may login to an IoT resource in a trusted network (e.g., IoT portal 122 or IoT core platform 124) or an IoT resource in an untrusted network (e.g., partner network 160-1 or 160-2).”) … ([CHEN, para. 0035] “Each authentication 320 is posted to IoT network 300 (e.g., broadcast from receiving IoT resource control point 305-1 to each other IoT resource control point 305-2 to 305-4)”) … ([CHEN, para. 0024] “The IoT data services may include receiving packets that are transmitted by IoT devices 140, inspecting each packet, identifying data that can be linked to IoT data carried in a packet, and aggregating the linked data.”) S2, authenticating the release requesting data packet by all IoT gateways in the domain to generate respective identity authentication results; ([CHEN, para. 0055] “IoT portal 122 may broadcast an access list as an encrypted block in a blockchain in to other nodes in trusted domain 242 (e.g., authentication control point 220, etc.). Each node the trusted domain 242 may perform, for example, a mining operation or another proof of work to verify the access list. The proof of work solutions from the trusted nodes may be compared and determined if there is a consensus.”) … ([CHEN, para. 0057] “If there is a consensus for validation of the access request (block 725—YES) or if there is mutual trust with the IoT node (block 730—YES), process 700 may include receiving user information (block 735) and using the user information to send an access token for an IoT resource associated with the request (block 740). For example, either authentication control point 210 or authentication control point 220 may receive user information from the validated node and forward an access token to allow interaction with a respective IoT resource (such as API server 212 or 222).”) S3, once a first IoT gateways in the domain generates the identity authentication result, initiating a distributed consensus procedure based on a distributed consensus mechanism and obtaining a legal digital string that is in conformity with the distributed consensus mechanism, and sending the identity authentication result and the legal digital string to other IoT gateways in the domain; ([CHEN, para. 0038] “According to implementations described herein, authentications can be verified using a combination of “proof of trust” among trusted nodes and “proof of work” among untrusted nodes.”) … ([CHEN, para. 0039] “FIG. 4 illustrates use of “proof of trust” and “proof of work” in a portion 400 of network environment 100. Network portion 400 may include IoT portal 122, IoT core platform 124, and partner networks 160-1 and 160-2. IoT portal 122 and IoT core platform 124 (as part of service network 120) may be considered trusted nodes within a private domain (e.g., private domain 240). Partner networks 160-1 and 160-2 may be considered untrusted nodes in a public domain (e.g., public domain 242). Among the trusted nodes, token-based authentications (e.g., OAuth key exchange, etc.) can be used as proof of trust 430. Among untrusted nodes, proof of work 410, a hashing computation similar to blockchain mining, can be used.”) … ([CHEN, para. 0040] “Generally, hashing is hard to compute and easy to verify. So for external verification, implementations described herein use proof of work 410 to verify authentications from nodes in untrusted domains, where participating nodes work to solve difficult hashing problems, which the rest of network can then verify. Because it takes real-world computation resources to find solutions to the hashing problems, proof of work is able to use the difficulty of solving hashing function to measure how much of the network agrees on the current state. The only way to hack into the network would be to control a majority of the total computing power (e.g., CPU, memory, or bandwidth) to, for example, pretend the group of nodes disagrees with itself.”) … ([CHEN, para. 0055] “If the request is not from a trusted node (block 710—NO), process 700 may include broadcasting a hash key to other trusted nodes in the IoT network (block 715), receiving solutions from the other trusted nodes (block 720), and determining if there is a consensus for validation of the access request (block 725). For example, when the access request is from an untrusted node, authentication control point 210 of IoT portal 122 may broadcast an access list as an encrypted block in a blockchain in to other nodes in trusted domain 242 (e.g., authentication control point 220, etc.). Each node the trusted domain 242 may perform, for example, a mining operation or another proof of work to verify the access list. The proof of work solutions from the trusted nodes may be compared and determined if there is a consensus.”)
However, CHEN does not teach “S4, when respective IoT gateways in the domain reach a consensus by verifying the identity authentication result and the legal digital string with the distributed consensus mechanism and a node synchronization mechanism, writing and storing the identity authentication result into a new block of a blockchain; and S5, determining, by the target IoT gateway whether the identity authentication result exists by scanning the blockchain that is synchronously updated and stored locally through the node synchronization mechanism, when the identity authentication result exists, sending the identity authentication result to the host, and when the identity authentication result does not exist, continuing the scanning.”.
In analogous teaching, AGRAWAL teaches “S4, when respective IoT gateways in the domain reach a consensus by verifying the identity authentication result and the legal digital string with the distributed consensus mechanism and a node synchronization mechanism, writing and storing the identity authentication result into a new block of a blockchain;” ([AGRAWAL, para. 0077] “FIG. 4 is a flow diagram illustrating a method for updating a blockchain ledger entry in connection with a blockchain-based distributed access control in an IoT network, according to an embodiment of the disclosure.”) … ([AGRAWAL, para. 0078] “Referring to FIG. 4, the electronic device requests access to the zone A. The user 250 is provided access to the various nodes of the IoT network 220 if the electronic device transitions from one node to another and from one zone to another using a valid transaction trail, as shown in FIG. 2B. At operation 402, the transaction trail of the user 250 is determined. At operation 404, the electronic device is detected by any of the nodes in the zone A or by the node 206A. At operation 406, the intent of the user 250 is determined, i.e., the node in the zone A with which the electronic device requests access to is determined.”) … ([AGRAWAL, para. 0062] “The node 206B validates the IoT token based on information available in the blockchain 202. The node 206A allows the transaction based on a successful validation of the IoT token.”) … ([AGRAWAL, para. 0099] “Regarding the IoT network 220 and the blockchain 202, consensus is achieved based on the PoW of the user device 701. For a block of transactional data to be valid, the block must hash to a value less than a current target value. The current target value is based on the probability of a successful block generation. The variable cryptographic puzzle is determined based on the probability of the successful block generation.”) … ([AGRAWAL, para. 0079] “The IoT token is dynamically allocated based on the sequence of transaction blocks in the blockchain 202. At operation 408, the token validator 302 validates the IoT token based on information available in the blockchain 202. At operation 410, the node 206A allows the transaction based on a successful validation of the IoT token. The node 206A further updates the IoT token of the electronic device. The transaction and the updated IoT token is added to the blockchain after consensus among all the nodes in the IoT network 220, linked to the blockchain 202. The transaction and updated IoT token are added to the blockchain 202 using any or a combination of crypto-token protocol, a light cryptographic consensus protocol and a variable cryptographic consensus protocol.”) … ([AGRAWAL, para. 0099] “proof of work (PoW) systems require the nodes to provide a proof of work for a block of transactions to be accepted by the network participants. Regarding the IoT network 220 and the blockchain 202, consensus is achieved based on the PoW…”). [Examiner’s Note: The consensus among all the nodes in the IoT network  has been interpreted to teach the limitation of the synchronization mechanism recited in S4 and S5 because if all the nodes agree on a consensus then they must also be synchronized with each other]
Thus, given the teaching of AGRAWAL, it would have been obvious to one of ordinary skill in the art before the effective filling date of the claimed invention to combine the teaching of storing authentication into a blockchain as taught by AGRAWAL into the teaching of a method for secure access control of Internet of Things as taught by CHEN. One of ordinary skill in the art would have been motivated to do so because AGRAWAL recognizes the need to improve security of IoT networks ([AGRAWAL, para. 0005-0007] “Further, conventional IoT infrastructure lacks continuous security. For example, a user may access an IoT network based on a successful validation of a password. However, with such a validation scheme, continuous monitoring of user activity is compromised. Further, the IoT network is open to external threats such as hacking, data theft and the like, when the IoT network is made accessible to the user. Other issues of conventional IoT infrastructure pertain to limitations in automatically differentiating various users to provide appropriate access levels. Thus, there remains a need for mechanisms through which distributed access control of the IoT network with continuous security can be achieved.”) 
However, CHEN-AGRAWAL does not teach “S5, determining, by the target IoT gateway whether the identity authentication result exists by scanning the blockchain that is synchronously updated and stored locally through the node synchronization mechanism, when the identity authentication result exists, sending the identity authentication result to the host, and when the identity authentication result does not exist, continuing the scanning.”
In analogous teaching, CUI teaches  “S5, determining, by the target IoT gateway whether the identity authentication result exists by scanning the blockchain that is synchronously updated and stored locally through the node synchronization mechanism, when the identity authentication result exists, sending the identity authentication result to the host, and when the identity authentication result does not exist, continuing the scanning.” ([CUI, Page 14 Para. 2 step (7)] “Each accounting node broadcasts the selected node list obtained in the step (6) to all other nodes in the block chain system;”) … ([CUI, Page 15 para. 2 step (8)] “(8) after receiving the broadcasted selected node list, each node in the selected node list acquires the block of each accounting node in the block chain system, judges whether the block height of the node is consistent with the block height of the acquired accounting node or not, if so, enters the step (9), and if not, the step is continuously repeated until the block height of the node is consistent with the block height of the acquired accounting node;”) …. ([CUI, Page 15 para. 2 step (10)] “(10) all the accounting nodes which are not in the selected node list become common nodes, all the nodes in the selected node list become new accounting nodes and start to receive transaction requests from the user side, the transaction requests are identified in common, and blocks generated by the identification in common are added to the block chain.”). 
Thus, given the teaching of CUI, it would have been obvious to one of ordinary skill in the art before the effective filling date of the claimed invention to combine the teaching of scanning the blockchain as taught by CUI into the teaching of a method for secure access control of Internet of Things as taught by CHEN-AGRAWAL. One of ordinary skill in the art would have been motivated to do so because CUI recognized the need to improve conventional consensus mechanisms . ([CUI, Page. 14 Para. 1] “Aiming at the defects or the improvement requirements of the prior art, the invention provides a method and a system for establishing a consensus mechanism based on value quantity, and aims to solve the technical problems that the conventional POW and POS consensus mechanism is high in energy consumption and easy to centralize”)

Regarding claim 11, claim 11 recites a processor and memory having instructions stored there on to perform the features of claim 1. Therefore, claim 11 is rejected in a similar manner as in the rejection of claim 1. 

Regarding claim 16, claim 16 recites a non-transitory computer readable medium having instructions stored thereon to perform the steps of claim 1. Therefore, claim 16 is rejected in a similar manner as in the rejection of claim 1.

Regarding claim 4, 14, and 19, CHEN-AGRAWAL-CUI teach all limitations of claims 1, 11, and 16. Furthermore, these claims are rejected multiple times under 112(b), therefore it is being interpreted as best understood by the examiner. CHEN further teaches “S41, when the received identity authentication result is different from the identity authentication result generated by a third IoT gateway of the other IoT gateways, disproving and discarding, by the third IoT gateway, the identity authentication result and executing S42, and when the received identity authentication result is the same as the authentication result generated by the third IoT gateway, executing, by the third IoT gateway, S43; ([CHEN, Para. 0055] “For example, when the access request is from an untrusted node, authentication control point 210 of IoT portal 122 may broadcast an access list as an encrypted block in a blockchain in to other nodes in trusted domain 242 (e.g., authentication control point 220, etc.). Each node the trusted domain 242 may perform, for example, a mining operation or another proof of work to verify the access list. The proof of work solutions from the trusted nodes may be compared and determined if there is a consensus.”)  S42, obtaining by the third IoT gateway the legal digital string that is in conformity with the distributed consensus mechanism, initiating the distributed consensus procedure after the obtaining of the legal digital string is completed, sending the identity authentication result and the legal digital string of the third IoT gateway to all other IoT gateways in the domain excluding the third IoT gateway, and executing S41; and ([CHEN, para. 0038] “According to implementations described herein, authentications can be verified using a combination of “proof of trust” among trusted nodes and “proof of work” among untrusted nodes.”) ([CHEN, para. 0039] “FIG. 4 illustrates use of “proof of trust” and “proof of work” in a portion 400 of network environment 100. Network portion 400 may include IoT portal 122, IoT core platform 124, and partner networks 160-1 and 160-2. IoT portal 122 and IoT core platform 124 (as part of service network 120) may be considered trusted nodes within a private domain (e.g., private domain 240). Partner networks 160-1 and 160-2 may be considered untrusted nodes in a public domain (e.g., public domain 242). Among the trusted nodes, token-based authentications (e.g., OAuth key exchange, etc.) can be used as proof of trust 430. Among untrusted nodes, proof of work 410, a hashing computation similar to blockchain mining, can be used.”) ([CHEN, para. 0040] “Generally, hashing is hard to compute and easy to verify. So for external verification, implementations described herein use proof of work 410 to verify authentications from nodes in untrusted domains, where participating nodes work to solve difficult hashing problems, which the rest of network can then verify. Because it takes real-world computation resources to find solutions to the hashing problems, proof of work is able to use the difficulty of solving hashing function to measure how much of the network agrees on the current state. The only way to hack into the network would be to control a majority of the total computing power (e.g., CPU, memory, or bandwidth) to, for example, pretend the group of nodes disagrees with itself.”). 
However, CHEN does not teach “S43, determining, by the third IoT gateway, whether the received legal digital string meets a condition specified by the distributed consensus mechanism, when the received legal digital string does not meet the condition specified by the distributed consensus mechanism, executing S42, and when the received legal digital string meets the condition specified by the distributed consensus mechanism, reaching a consensus on the identity authentication result and the legal digital string through the distributed consensus mechanism and the node synchronization mechanism, writing and storing, by the third IoT gateway, the identity authentication result into the new block of the blockchain.”
In an analogous teaching, AGRAWAL teaches “S43, determining, by the third IoT gateway, whether the received legal digital string meets a condition specified by the distributed consensus mechanism, when the received legal digital string does not meet the condition specified by the distributed consensus mechanism, executing S42, and when the received legal digital string meets the condition specified by the distributed consensus mechanism, reaching a consensus on the identity authentication result and the legal digital string through the distributed consensus mechanism and the node synchronization mechanism, writing and storing, by the third IoT gateway, the identity authentication result into the new block of the blockchain.” ([AGRAWAL, para. 0077] “FIG. 4 is a flow diagram illustrating a method for updating a blockchain ledger entry in connection with a blockchain-based distributed access control in an IoT network, according to an embodiment of the disclosure.”) ([AGRAWAL, para. 0099] “Regarding the IoT network 220 and the blockchain 202, consensus is achieved based on the PoW of the user device 701. For a block of transactional data to be valid, the block must hash to a value less than a current target value. The current target value is based on the probability of a successful block generation. The variable cryptographic puzzle is determined based on the probability of the successful block generation.”) ([AGRAWAL, para. 0079] “The IoT token is dynamically allocated based on the sequence of transaction blocks in the blockchain 202. At operation 408, the token validator 302 validates the IoT token based on information available in the blockchain 202. At operation 410, the node 206A allows the transaction based on a successful validation of the IoT token. The node 206A further updates the IoT token of the electronic device. The transaction and the updated IoT token is added to the blockchain after consensus among all the nodes in the IoT network 220, linked to the blockchain 202. The transaction and updated IoT token are added to the blockchain 202 using any or a combination of crypto-token protocol, a light cryptographic consensus protocol and a variable cryptographic consensus protocol.”).
The same motivation to modify CHEN with AGRAWAL as in the rejection of claim 1 applies. 


Claims 2, 5, 12, 15, 17, and 20 are rejected under 35 U.S.C. 103 as being unpatentable over CHEN-AGRAWAL-CUI in view of BIYANI (US-10924466-B2).

Regarding claims 2, 12, and 17 CHEN-AGRAWAL-CUI teach all limitations of claims 1, 11, and 16. However, CHEN-AGRAWAL-CUI does not teach “wherein authenticating the release requesting data packet by all IoT gateways in the domain to generate respective identity authentication results comprising: once the IoT gateways in the domain receive the release requesting data packet, extracting identity information from the release requesting data packet, and authenticating the identity information according to a legal identity certificate stored locally to generate the respective identity authentication results.
In analogous teaching, BIYANI teaches “wherein authenticating the release requesting data packet by all IoT gateways in the domain to generate respective identity authentication results comprising: once the IoT gateways in the domain receive the release requesting data packet, extracting identity information from the release requesting data packet, and authenticating the identity information according to a legal identity certificate stored locally to generate the respective identity authentication results.” ([BIYANI, Col. 13 lines 26-34] “In operation, the IOT gateway 104 is configured to enable a permissioned blockchain that not only performs user authentication but also mutual authentication between the IOT devices 102 thereby generating and securely recording operation and scenario based smart contracts 614. The IOT gateway 104 establishes a peer-to-peer network that authorizes nodes intending to join the network to operate as a Device Chain node and thus facilitates the permissioned distributed ledger system.”) … ([BIYANI, Col. 1 lines 60-67 Col. 2 lines 1-5] “Accordingly, the present disclosure relates to a method of enabling secure access to at least one Internet of Things (IOT) device. The method comprising steps of receiving at least one encrypted block generated by at least one IOT device on the private network, wherein the at least one encrypted block comprises a unique device identification (ID), previous token, current token, time stamp, and event data. The method further comprising parsing the at least one encrypted block received to determine the unique device ID of the at least one IOT device and verifying the authenticity of the at least one IOT device using a device chain to validate the device signature and identity of the at least one IOT device.”) …. ([BIYANI, col. 17 lines 30-48] “The IOT gateway 104 receives the at least one encrypted block 608 from the IOT devices 102 and initiates execution of smart contract associated with the IOT devices 102. The encrypted block 608 comprises a unique device identification (ID), previous token, current token, time stamp, and event data. In one embodiment, the contract event manager (CEM) 118 executes the smart contract 164 to verify the device signature and identify information that transmitted the at least one encrypted block 608. The CEM 118 parses the at least one encrypted block 608 to determine the unique device ID of the IOT devices 102. The CEM 118 verifies the device signature and identity using the device chain module 120. In one embodiment, the device chain module 120 compares the unique device ID of the encrypted block 608 with the unique ID of the IOT devices 102 stored in the device chain data 610 to verify the device signature and identity. Upon successful verification, the CEM 118 further determines the access to the event chain using the previous token, and the current token of the encrypted block 608.”) …. ([BIYANI, col. 9 lines 10-18] “The CA service provider 202 generates a root certificate 206 that may be an identity and device signature certificate of the IOT devices 102 and issues the device certificate 204 using the root certificate 206. The CA service provider 204 stores the device certificate 204 with secure keys in a Hardware Security Module (HSM) 208 of the IOT devices 102. The CA service provider 202 in a cluster share the same database for keeping track of identities and certificates.”) … ([BIYANI,  col. 9 lines 19-28] “The crypto service provider 157 implements encoding and decoding functions to implement strong user authentication …… A registration service 212 receives the device certificate 210 and forwards the device certificate 210 to a device provision service 214 along with secure keys. The device certificate 210 may be then transmitted to the IOT gateway 104 and to IOT MCU 105.”)
Thus, given the teaching of BIYANI, it would have been obvious to one of ordinary skill in the art before the effective filling date of the claimed invention to combine the teaching of extracting information from a request to authenticate an IoT device as taught by BIYANI into the teaching of a method for secure access control of Internet of Things as taught by CHEN-AGRAWAL-CUI. One of ordinary skill in the art would have been motivated to do so because BIYANI recognized the benefit of using a decentralized approach to improve security and reliability of IOT devices. ([BIYANI, Col. 5 lines 54-63] “The present disclosure also provides a well-designed, agile and scalable security solution for globally available IOT devices with improved privacy and reliability. The decentralized and distributed architecture allows the tracking of millions of connected devices, enabling processing of transactions and coordination between devices, thus allowing significant savings in IOT manufacturing process. The decentralized approach eliminates single point of failure, thereby creating a more resilient ecosystem for devices to operate.”)

Regarding claim 5, CHEN-AGRAWAL-CUI teach all limitations of claim 4. CHEN further teaches “wherein the node synchronization mechanism is configured to, when all IoT gateways in the domain verify the identity authentication result and the legal digital string,” ([CHEN, Para. 0055] “include broadcasting a hash key to other trusted nodes in the IoT network (block 715), receiving solutions from the other trusted nodes (block 720), and determining if there is a consensus for validation of the access request …… IoT portal 122 may broadcast an access list as an encrypted block in a blockchain in to other nodes …… solutions from the trusted nodes may be compared and determined if there is a consensus”).
However, CHEN does not teach “control the IoT gateways in the domain to exchange information and perform synchronous storage on the blockchains.”.
In analogous teaching BIYANI teaches “control the IoT gateways in the domain to exchange information and perform synchronous storage on the blockchains.” ([BIYANI, col. 7 lines 24-28] “The data synchronization module 130 enables synchronization of the enterprise ledger 129 with the distributed ledger 124 of the IOT gateway 104 to retrieve the stored data from the distributed ledger 124 for a predetermined time period.”) ([BIYNAI, col. 14 lines 55-59] “This access right setting is stored in all of the device chain 654 of the blockchain network, and is also shared among all nodes, gateways, and devices. Access and control of users and devices, and transaction authority, are recorded securely in the blockchain.”).
The same motivation to modify BIYANI with CHEN-AGRAWAL-CUI as in the rejection of claim 2, applies. 

Regarding claims 15 and 20, CHEN-AGRAWAL-CUI teach all limitations of claim 11 and 16. Furthermore, claims 15 and 20 recite features similar to those recited in claim 5. Therefore claims 15 and 20 are rejected in a similar manner as in the rejection of claim 5.




Claims 3, 13 and 18 are rejected under 35 U.S.C. 103 as being unpatentable over CHEN-AGRAWAL-CUI in view of DENNIS (GB-2577751-A).

Regarding claim 3, CHEN-AGRAWAL-CUI teaches all limitations of claims 1. CHEN further teaches “initiating…… a distributed consensus procedure, and sending the identity authentication result and the legal digital string to other IoT gateways in the domain” ([CHEN, para. 0055] “include broadcasting a hash key to other trusted nodes in the IoT network …. IoT portal 122 may broadcast an access list as an encrypted block in a blockchain in to other nodes”) However, CHEN-AGRAWAL-CUI does not teach “after the first IoT gateway in the domain generates the identity authentication result, and before the first IoT gateway obtains the legal digital string that is in conformity with the distributed consensus mechanism, when a second IoT gateway in the domain different from the first IoT gateway obtains the identity authentication result and the legal digital string, initiating, by the second IoT, gateway a distributed consensus procedure”.
In an analogous teaching, DENNIS teaches “a second IoT gateway in the domain different from the first IoT gateway obtains the identity authentication result and the legal digital string, initiating, by the second IoT gateway …...” ([DENNIS, page 11 lines 7-13] “In particular, in the present disclosure a random number is generated and the selected node is the node 12 for which the difference between the random number and a numerical representation of the unique node identifier or other unique public identity (if not already in a numerical format) is closest to zero …… The selected node 12 will then be considered to be the leader node. The leader node 12, which may also be referred to as a confirming node, will then be recognized by the blockchain system 10 as having the right to validly confirm any new transactions and write or generate the corresponding new blocks that are to be included in and appended to the end of the blockchain.”) … ([DENNIS, page 29 lines 1-12] “if the participant node is determined, by a consensus protocol of the blockchain system, to be a leader node that can generate one or more new blocks to be validly appended to the blockchain of the blockchain system, the method further comprises: receiving, at the leader node, from the nodes participating in the blockchain system, new transactions for inclusion in the blockchain system; confirming, at the leader node, the received new transactions by searching for corresponding unspent transaction outputs in the blockchain system; generating, at the leader node, a new block comprising the confirmed new transactions and appending this block to a local blockchain stored at the leader node; and broadcasting, from the leader node, the new block to all of the nodes participating in the blockchain system”). However, DENNIS does not explicitly teach “after the first IoT gateway in the domain generates the identity authentication result, and before the first IoT gateway obtains the legal digital string that is in conformity with the distributed consensus mechanism, when a second IoT gateway in the domain different from the first IoT gateway obtains the identity authentication result and the legal digital string, initiating, by the second IoT gateway, the distributed consensus procedure”. But DENNIS does teach this feature in the background ([DENNIS, page 1 lines 29-36] “The most common consensus protocol today is the proof of work protocol, which sets a computational problem with an answer that is simple to validate, but not simple to determine and pits the various nodes in a race to determine the answer. The first node to arrive at the answer writes a block incorporating this answer and a collection of transactions that have been confirmed as being valid by that first node. The completed block is then sent from this first node to the other nodes that it is aware of in the blockchain system, who then forward the completed block to any other nodes that they are in turn aware of.”) …. ([DENNIS, page 2 lines 1-3] “Because the burden of the work associated with the computational problem is asymmetric, the other nodes can easily validate that the new block meets the requirements of the proof of work protocol and the race then begins for the next block.”).
Thus, given the teaching of DENNIS, it would have been obvious to one of ordinary skill in the art before the effective filling date of the claimed invention to modify DENNIS with its background because DENNIS realizes a leader node is similar to the first node solving the problem using a proof of work protocol. ([DENNIS, page 11 lines 19-20] “As such, the leader node is analogous to the first node to solve the computational problem in a proof of work protocol.”).
Furthermore, given the teaching of DENNIS, it would have been obvious to one of ordinary skill in the art before the effective filling date of the claimed invention to combine the teaching of a second node determining a legal string before a first node as taught by DENNIS into the teaching of a method for secure access control of Internet of Things as taught by CHEN-AGRAWAL-CUI. One of ordinary skill in the art would have been motivated to do so because DENNIS recognizes the need to have a robust blockchain system. ([DENNIS, page 2 lines 35-36 Page 3 lines 1-2] “Therefore, we have appreciated that it would be desirable to provide an improved blockchain system with a low energy and computational power requirement for operation with improved distribution and double spend resistance.”).

Regarding claim 13 and 18, CHEN-AGRAWAL-CUI teach all limitations of claim 11 and 16. Furthermore, claims 13 and 18 recite features similar to those recited in claim 3. Therefore claims 13 and 18 is rejected in a similar manner as in the rejection of claim 3. 

The prior art made of record and not relied upon is considered pertinent to applicant’s disclosure.
SUTHAR (US-10972463-B2) discloses using blockchain technology to improve security and authentication of IOT devices. By storing a copy of a distributed ledger into a controller device which authenticates IoT devices, by traversing series of blocks in the blockchain.



Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to AFAQ ALI whose telephone number is (571)272-1571. The examiner can normally be reached Mon - Fri 7:30am - 5:30pm EST.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Kambiz Zand can be reached on (571)272-3811. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/AFAQ ALI/Examiner, Art Unit 2434                                                                                                                                                                                                        
/NOURA ZOUBAIR/Primary Examiner, Art Unit 2434