DETAILED ACTION
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

The applicant amended claims 1, 8 and 10 in the amendment received on 3/9/2022.

The claims 1-18 are pending.

Response to Arguments
Applicant’s arguments with respect to claims 1-18 have been considered but are moot in view of the new grounds of rejection.

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1, 5-10 and 17-18 is/are rejected under 35 U.S.C. 103 as being unpatentable over Zimny et al. (U.S. Publication No. 2019/0205541 A1) in view of Theebaprakasam et al. (U.S. Patent No. 2019/0089809 A1), and Loladia et al. (U.S. Patent No. 10,678,906 B1), and in further view of Smith et al. (U.S. Publication No. 2019/0349426 A1).
With respect to claim 1, Zimny discloses a computer program product for a message broker to support publish-subscribe pattern messaging, the computer program product comprising: one or more computer-readable tangible storage devices and program instructions stored on at least one of the one or more computer-readable tangible storage devices, the program instructions comprising: program instructions to receive a connect message from an external client (i.e., In particular, the control logic 430 for each type of multi-mode device node may include instructions for initializing the multi-mode device node upon startup, searching for and connecting to a local network of interconnected devices to join (e.g., a gateway device node or another device node), responding to polling commands (e.g., transmitted by a gateway device node), adding a new device node to the network, registering that new device node with a gateway device node, removing a device node from the network, establishing a master/slave relationship with another device node, and exchanging communications with an access device. The control logic 430 of the low-power controller 422 may also include instructions for toggling between a sleep mode and an awake mode during which the multi-mode device node 400 transmits announcements at periodic intervals (e.g., every 10-50 ms) for a predetermined time period (e.g., for 30-60 seconds). If the multi-mode device node 400 receives a pairing request while awake--e.g., from an access device or another device node--then the multi-mode device node may pair and communicate with that access device or device node, ¶ 108.  See ¶ 127 for the message broker 704.  A bridge computing device may publish an asynchronous event ("AsyncEvent") message to indicate an event initiated by a device node. A bridge computing device may publish a device assignment ("AutoAssignDevice") message to indicate that a bridge computing device has discovered and paired with a new device node. A bridge computing device may publish a status update ("UpdateDeviceStatus") message when a child device node connects and/or disconnects to the bridge computing device, ¶ 144). 
Zimny also discloses a token (i.e., The security modes that do not require encryption may include security modes that require authentication of a security token in order to communicate as well as security modes that permit communication without authenticating a security token, ¶ 89). 
Zimny may not explicitly disclose wherein the external client is under system control outside of the message broker and does not subscribe to a default topic of the message broker, and wherein the authentication token is a JSON web token.
However, Theebaprakasam discloses wherein the external client is under system control outside of the message broker and does not subscribe to a default topic of the message broker, and wherein the authentication token is a JSON web token (i.e., The OpenID Connect platform service implements standard OpenID Connect Login/Logout flows. Interactive web-based and native applications leverage standard browser-based OpenID Connect flow to request user authentication, receiving standard identity tokens that are JavaScript Object Notation (" JSON") Web Tokens ("JWTs") conveying the user's authenticated identity [wherein the authentication token is a JSON web token]. Internally, the runtime authentication model is stateless, maintaining the user's authentication/session state in the form of a host HTTP cookie (including the JWT identity token). The authentication interaction initiated via the OpenID Connect protocol is delegated to a trusted SSO service that implements the user login/logout ceremonies for local and federated logins. Further details of this functionality are disclosed below with reference to FIGS. 10 and 11. In one embodiment, OpenID Connect functionality is implemented according to, for example, OpenID Foundation standards, ¶ 84.  In the embodiment of FIG. 9, any one of a variety of applications/services 902 may make HTTP calls to IDCS APIs to use IDCS services. In one embodiment, the HTTP requests of applications/services 902 go through an Oracle Public Cloud Load Balancing External Virtual IP address ("VIP") 906 (or other similar technologies), a public cloud web routing tier 908, and an IDCS Load Balancing Internal VIP appliance 910 (or other similar technologies), to be received by IDCS web routing tier 912. IDCS web routing tier 912 receives the requests coming in from the outside [wherein the external client is under system control outside of the message broker and does not subscribe to a default topic of the message broker] or from the inside of IDCS and routes them across either an IDCS platform services tier 914 or an IDCS infrastructure services tier 916. IDCS platform services tier 914 includes IDCS microservices that are invoked from the outside of IDCS, such as OpenID Connect, OAuth, SAML, SCIM, etc. IDCS infrastructure services tier 916 includes supporting microservices that are invoked from the inside of IDCS to support the functionality of other IDCS microservices, ¶ 157.  In the embodiment of FIG. 9, other than the data tier 918 which communicates based on Structured Query Language ("SQL") and the ID store tier 920 that communicates based on LDAP, OAuth protocol is used to protect the communication among IDCS components (e.g., microservices) within IDCS, and the same tokens that are used for securing access from the outside of IDCS are also used for security within IDCS [wherein the authentication token is a JSON web token], ¶ 159) in order to allow for identity management, and in particular, to identity management in a cloud system (¶ 1).
Theebaprakasam also discloses in response to receiving the publish message, program instructions to forward the publish message to any one of the internal clients who subscribe to messages of the defined topic and messages of the default topic (i.e., System 1300 includes a publisher 1301, a dynamic messaging queue 1303 and a messaging microservice 1302. Publisher 1301 in one embodiment is any of the microservices (or could be other components) implemented in the IDCS environment. Each of the producers/microservices 1301 produce messages by providing a topic/event-id [defined topic and messages of the default topic]. Producer 1301 includes an event manager 1320 and a JMS producer 1321, and produces JMS messages 1322. Each JMS message 1322 has JMS properties and a JMS body shown at 1310, ¶ 211.  A message will be published if any subscriber registers for a given topic and event-id combination [in response to receiving the publish message, program instructions to forward the publish message to any one of the internal clients who subscribe to messages of the defined topic and messages of the default topic]. Publisher 1301 is multithreaded and makes runtime decisions to publish messages in one of the active queues 1310-1312 in dynamic queue 1303, ¶ 212.  Because of the large number of events generated in each microservice in IDCS, embodiments classify all of the events to be published. Each event itself contains information about its target functionality and its topic. Based on the target and topic, the selector will decide whether to publish this event or not [in response to receiving the publish message, program instructions to forward the publish message to any one of the internal clients who subscribe to messages of the defined topic and messages of the default topic], ¶ 226).
Theebaprakasam further discloses wherein the default topic is used to transfer an internal state of the message broker comprising security context information in the form of JSON web tokens (i.e., The OpenID Connect platform service implements standard OpenID Connect Login/Logout flows. Interactive web-based and native applications leverage standard browser-based OpenID Connect flow to request user authentication, receiving standard identity tokens that are JavaScript Object Notation (" JSON") Web Tokens ("JWTs") conveying the user's authenticated identity [security context information in the form of JSON web tokens]. Internally, the runtime authentication model is stateless, maintaining the user's authentication/session state in the form of a host HTTP cookie (including the JWT identity token) [wherein the default topic is used to transfer an internal state of the message broker comprising security context information in the form of JSON web tokens]. The authentication interaction initiated via the OpenID Connect protocol is delegated to a trusted SSO service that implements the user login/logout ceremonies for local and federated logins. Further details of this functionality are disclosed below with reference to FIGS. 10 and 11. In one embodiment, OpenID Connect functionality is implemented according to, for example, OpenID Foundation standards, ¶ 84). 
Therefore, based on Zimny in view of Theebaprakasam, it would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to utilize the teaching of Theebaprakasam to the system of Zimny in order to allow for identity management, and in particular, to identity management in a cloud system.
Zimny and Theebaprakasam may not explicitly disclose wherein the connect message contains an authentication token.
However, Loladia discloses wherein the connect message contains an authentication token (i.e., At (3), the authentication service provider 106 delivers the token to the client computing device 102. In some embodiments, the token may be delivered in response to a token delivery request sent from the client computing device 102 to the authentication service provider 106, or the token may be delivered based on an instruction contained within the token generation request sent by the messaging broker 114 at (2). The access token may be stored at the client computing device 102, column 9 last ¶ - column 10 first ¶) in order to allow for the utilization of authentication protocols to facilitate communication with client computing devices utilizing messaging protocols as messages are published by a transmitting client device and identified with a publication topic (column 2 ¶ 7).
Loladia further discloses program instructions to establish a connection to the external client in response to receiving the connect message (i.e., With reference now to FIG. 5C, after receiving and storing the access token, at (4), the client computing device 102 connects to the messaging broker 114 and transmits a subsequent authentication request, including the token, to the messaging broker 114 through the network 120 [program instructions to establish a connection to the external client in response to receiving the connect message]. … For example, the first authentication request may have contained a request for TLS handshake authentication, and the subsequent authentication request may contain the stored token for unilateral authentication by the messaging broker 114 or the authentication service provider 104 without utilizing a mutual authentication method, column 10 ¶ 2). 
Loladia also discloses wherein establishing the connection to the external client comprises: program instructions to extract the authentication token from the connect message (i.e., At (3), the authentication service provider 106 delivers the token to the client computing device 102. In some embodiments, the token may be delivered in response to a token delivery request sent from the client computing device 102 to the authentication service provider 106, or the token may be delivered based on an instruction contained within the token generation request sent by the messaging broker 114 at (2). The access token may be stored at the client computing device 102, column 9 last ¶ - column 10 first ¶.  At (5), the messaging broker 114 processes the token received from the client computing device 102 in the authentication request [program instructions to extract the authentication token from the connect message], column 10 ¶ 3). 
Loladia further discloses program instructions to store the extracted authentication token for internal clients of the message broker (i.e., In accordance with embodiments, the content management system 110 includes one or more servers for implementing services of a messaging broker 114, one or more host computing devices 116 for implementing virtual machine instances associated with client computing devices 102, and a token data store 112, column 5 ¶ 2 and figure 1.  The access token may be stored at the client computing device 102, column 10 first ¶). 
Loladia also discloses to receive, from an external client with an established connection, a publish message on a defined topic without an authentication token, on a defined publish and subscribe topic authorized by the authentication token, wherein the external client has only one publish and subscribe topic reserved for it (i.e., Accordingly, as messages are published by a transmitting client device and identified with a publication topic, the messaging broker matches the published message with the registered client devices and forwards the published message to all the registered devices, column 2 ¶ 7.  In accordance with embodiments, the content management system 110 includes one or more servers for implementing services of a messaging broker 114, one or more host computing devices 116 for implementing virtual machine instances associated with client computing devices 102, and a token data store 112. As described in further detail below, the messaging broker 114 can receive registration request from client computing devices 102 and authentication service providers 104 for content items associated with particular topics [wherein the external client has one or more publish and subscribe topic reserved for it].  As such, in some aspects, the messaging broker 114 may receive content published by the authentication service providers 104 that include executable code or other instructions to be executed by the client devices 102. In other aspects, the messaging broker 114 can receive content published by the client computing devices 102 corresponding to a processing result, authentication request, token, or the like. The messaging broker 114 can then publish the received content [to receive, from an external client with an established connection, a publish message on a defined topic without an authentication token, on a defined publish and subscribe topic authorized by the authentication token], column 5 ¶ 2.  For example, the first authentication request may have contained a request for TLS handshake authentication, and the subsequent authentication request may contain the stored token for unilateral authentication by the messaging broker 114 or the authentication service provider 104 without utilizing a mutual authentication method [to receive, from an external client with an established connection, a publish message on a defined topic without an authentication token], column 10 ¶ 2.  It would be obvious to one of ordinary skill in the art that one of the users using the system could be, subscribed to/published to, only one topic).
Therefore, based on Zimny in view of Theebaprakasam, and further in view of Loladia, it would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to utilize the teaching of Loladia to the system of Zimny and Theebaprakasam in order to allow for the utilization of authentication protocols to facilitate communication with client computing devices utilizing messaging protocols as messages are published by a transmitting client device and identified with a publication topic.
Zimny, Theebaprakasam and Loladia may not explicitly disclose wherein a publish and subscribe topic format includes a device identifier of an external client.
However, Smith discloses wherein a publish and subscribe topic format includes a device identifier of an external client (i.e., FIG. 255 is a schematic diagram of a subscriber obtaining a topic group key in accordance with some embodiments [a publish and subscribe topic], ¶ 263.  The device registrar 3704, or escrow agent, may reside either within the node acting as the explicit pass-through node, or externally as a common agent to a group of nodes [an external client]. The routing request 3702 includes the identification or keys associated with the requester [device id], which may be used by the device registrar 3704 to determine if the pass-through request should be granted or denied [format includes a device identifier of an external client], ¶ 495.  This type of model is also often use in publish/subscribe models, where devices send data via channels as a means of sending data. Further, most model use a central server from where end-points broadcast data from (push), or a content server where they pull from. The techniques described with respect to FIGS. 71 to 74 use a combination of push and pull to distribute content across networks [publish and subscribe topic formats], ¶ 623.  In the hierarchical policy management system 12100, the individual devices are directly addressable [format includes a device identifier], ¶ 882. At block 18010, a DNAP device may publish its attributes and features and request tokens that may be assigned to the DNAP device based on the attributes or identity of the device [format includes a device identifier of an external client]. A decision to assign tokens may be controlled by a network administrator through the use of policies or based on, for example, the device's network, address, identity, device type, device capabilities, device features, or based on an effectiveness measure of the policy on the device and the permissions guide, ¶ 1308.  At block 20306, a determination is made as to whether some or all external modules have been enumeration and details about the requirements of an external module. If not all external modules have been identified, at block 20308, the requirements for the external module are identified and the external module is enumerated. Enumerating external modules allows an IoT device to reference the external modules and access the requirements of an external module [a device identifier of an external client], ¶ 1428.  Process flow resumes at block 20306, where a determination is made if some or all external modules connected to the IoT device are identified and enumerated. Once the external modules have been identified and enumerated, external modules may then be mapped to resources [a device identifier of an external client], ¶ 1431.  The Pub-Sub model allows for a topic to be defined to which network devices may subscribe, publish, or both. Publishers may publish to multiple topics and subscribers may subscribe to multiple topics. Thus, a scalability concern may arise when routing the topic traffic. Topics may be expressed in a variety of data formats including strings, numbers, network (multicast) addresses, UUIDs and Object ID hierarchies [format includes a device identifier of an external client], ¶ 1697) in order to provide a decentralized system for authentication, authorization, and accounting (AAA) which further includes the ability to authorize, broker, arbitrate, and authenticate systems implemented across interconnected heterogeneous infrastructure (¶ 299).
Therefore, based on Zimny in view of Theebaprakasam and Loladia, and further in view of Smith, it would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to utilize the teaching of Smith to the system of Zimny, Theebaprakasam and Loladia in order to provide a decentralized system for authentication, authorization, and accounting (AAA) which further includes the ability to authorize, broker, arbitrate, and authenticate systems implemented across interconnected heterogeneous infrastructure.

With respect to claim 5, Zimny discloses program instructions to forward the token extracted from the connect message to the internal clients, following establishment of the connection to the external client, for storage in respective local memories (i.e., FIG. 10 illustrates example implementations of the server 706 and the third-party computing device 728 of FIG. 7. The server 706, in this particular example, includes a data store 1002 storing multiple user profiles 1004, multiple device profiles 1006, and multiple device-specific encryption keys 1008. The user profiles 1004 and the device profiles 1006, in this example, are included in a list identifying user/device profiles authorized for communications with the server 706 and/or the bridge computing device 702. The server 706 stores the device-specific encryption keys 1008 in association with respective identifiers of the device nodes of a local network of interconnected devices, ¶ 179.  Thus, the keys are forwarded for use/storage in relation to communication with external and internal clients like those shown in figure 2.  The low-power controller, in these example implementations, may thus be in signal communication with the local memory of the gateway device node to access the device node database and access node database [storage in respective local memories], ¶ 92). 

With respect to claim 6, Zimny discloses wherein a given token is forwarded by the message broker to the internal clients by a system publish message using a topic to which the internal clients have privileged subscription rights not available to external clients (i.e., In some examples, a scalable and secure message delivery system is provided by initiating an encrypted publish-subscribe model upon a bridge device powering-on. In some examples, the initial communications are encrypted and sent directly between a bridge device and a server. Subsequently, a message broker may maintain secure channels for encrypted communications between those devices. Such communications enable secure provisioning of commands and authentication information with any number of users or devices, provided that the users or devices have access to encryption keys used to encrypt the communications. In some circumstances, third-party users or devices do not have access to the encryption keys used to encrypt the communications, ¶ 25.  In some examples, a channel may be uniquely associated with a particular device in the environment or with a set of devices in the environment (e.g., some or all device nodes of a local network of interconnected devices). In other examples, a channel may be associated with a topic (e.g., device errors, device diagnostics, and the like). In some examples, a publish-subscribe messaging protocol may be employed to publish and receive messages. In some examples, the broker device 704 uses message queue telemetry transport (MQTT) publish-subscribe messaging protocol to facilitate communications between the bridge computing device 702 and the server 706. The broker device 704 may connect with some or all of the devices disclosed herein, ¶ 128.  In some examples, the bridge computing device 702 subscribes to the first channel or topic (e.g., "server channel") to which the server 706 will publish its messages (816). In some examples, the bridge computing device 702 subscribes to the server channel identified in the response prior to the server 706 publishing a message (818). However, in some examples, the bridge computing device 702 may subscribe to the server channel at any time such as, for example, before, at the same time, or after the server 706 publishes a message, ¶ 163). 

With respect to claim 7, Zimny discloses program instructions to communicate to internal clients that the token associated with the established connection is no longer valid based on the established connection disconnecting (i.e., In some examples, the server 706 may validate the identity of the third-party computing device 728 to determine whether the third-party computing device 728 is authorized to receive such information. Such validation may include determining whether the server 706 and/or the bridge computing device 702 have previously communicated with the third-party computing device 728, whether the third-party computing device 728 is on an authorized device list, whether the third-party computing device 728 has authorization credentials, or any combination thereof, ¶ 135.  A bridge computing device may publish a message ("LastWillAndTestament") when the bridge computing device establishes a connection with the message broker. In the event the bridge computing device loses its connection with the message broker, the message broker may send the LastWillAndTestament message to the server to inform the server that the connection between the message broker and the bridge computing device has been lost. In this way, the server may determine that the bridge computing device has disconnected from the message broker, ¶ 147.  In response to receiving and/or decrypting the provisioning request, the server 706 prepares a provisioning response. In some examples, the provisioning response includes information such as an address of the message broker 704, an identification of a first channel to which the server 706 will publish its messages, an identification of a second channel to which the bridge computing device 702 should publish its messages, and/or a timeframe for which the first channel and the second channel is or will be available for publication or subscription (e.g., between 1:00 AM and 2:00 AM). For example, as an additional layer of security, the first and/or second channel may be utilized by the server 706 and/or the bridge computing device 702 for publication/subscription only for a limited time (e.g., utilization of the first and/or second channel may expire) [communicate to internal clients that the token associated with the established connection is no longer valid based on the established connection disconnecting], thereby decreasing the window in which an unauthorized party could access the first and/or second channel. In some such examples, upon expiration of the first and/or second channels, the bridge computing device 702 may send a second provisioning request and the server 706 may send a second provisioning response identifying new channels to which the bridge computing device 702 and the server 706 to may publish/subscribe. The bridge computing device 702 may transmit the subsequent provisioning request in response to a determining that the first and/or second channels are no longer available, e.g., after the timeframe for using them has expired [communicate to internal clients that the token associated with the established connection is no longer valid based on the established connection disconnecting], ¶ 159). 
Zimny may not explicitly disclose an authentication token.
However, Theebaprakasam discloses an authentication token (i.e., In the embodiment of FIG. 9, other than the data tier 918 which communicates based on Structured Query Language ("SQL") and the ID store tier 920 that communicates based on LDAP, OAuth protocol is used to protect the communication among IDCS components (e.g., microservices) within IDCS, and the same tokens that are used for securing access from the outside of IDCS are also used for security within IDCS [an authentication token], ¶ 159) in order to allow for identity management, and in particular, to identity management in a cloud system (¶ 1).
Therefore, based on Zimny in view of Theebaprakasam, it would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to utilize the teaching of Theebaprakasam to the system of Zimny in order to allow for identity management, and in particular, to identity management in a cloud system.

With respect to claim 8, Zimny discloses a computer program product for an internal client operating with publish-subscribe pattern messaging, wherein the internal client is associated with a message broker (i.e., An example system in accordance with aspects described herein includes a bridge device and a server. In response to achieving a power-on state, the bridge device transmits a provisioning request to the server. In response to receiving the provisioning request, the server generates a provisioning response that includes information indicating a first channel to which the server will publish its messages and a second channel to which the bridge device should publish its messages. The server also subscribes to that second channel so as to receive messages published by the bridge device. In response to receipt of the provisioning response, the bridge device subscribes to the first channel so as to receive messages published by the server. Additional aspects and features will be appreciated upon review of the additional disclosures below, ¶ 5.  In some examples, a scalable and secure message delivery system is provided by initiating an encrypted publish-subscribe model upon a bridge device powering-on. In some examples, the initial communications are encrypted and sent directly between a bridge device and a server. Subsequently, a message broker may maintain secure channels for encrypted communications between those devices [internal client operating with publish-subscribe pattern messaging, wherein the internal client is associated with a message broker], ¶ 25). 
Zimny further discloses wherein the internal client has a local memory for storing tokens (i.e., Content may thus be submitted to the access portal 112, for example, in HTTP POST requests. The content of the communications may also be encrypted using a key associated with the device node receiving the communications [authentication tokens]. Encrypting communications between device nodes of a local network of interconnected devices is discussed in further detail below. The access portal 112 of the device management server 110 may thus act as a relay for communications between the gateway 102 and device nodes 106 and the remotely-located access device 104e. Various configurations and arrangements may be employed to implement the device management server 110. In some example implementations, the access portal 112 and data store 114 may reside at the same machine while in other example implementations an access portal and data store may reside at different machines that are in signal communication with each other [wherein the internal client has a local memory for storing], ¶ 65.  The access device may also store a key (e.g., as part of the mobile application), and use the key to decrypt the encrypted information [a token], ¶ 98). 
Zimny also discloses the computer program product comprising: one or more computer-readable tangible storage devices and program instructions stored on at least one of the one or more computer-readable tangible storage devices, the program instructions comprising: program instructions to establish a connection with the message broker by sending a connect message to the message broker (i.e., In some examples, a scalable and secure message delivery system is provided by initiating an encrypted publish-subscribe model upon a bridge device powering-on. In some examples, the initial communications are encrypted and sent directly between a bridge device and a server. Subsequently, a message broker may maintain secure channels for encrypted communications between those devices. Such communications enable secure provisioning of commands and authentication information with any number of users or devices, provided that the users or devices have access to encryption keys used to encrypt the communications. In some circumstances, third-party users or devices do not have access to the encryption keys used to encrypt the communications. In other circumstances, third-party users may be authorized and provided with the encryption keys to "listen in" on and/or publish their own messages on the secure channels, ¶ 25.  In particular, the control logic 430 for each type of multi-mode device node may include instructions for initializing the multi-mode device node upon startup, searching for and connecting to a local network of interconnected devices to join (e.g., a gateway device node or another device node), responding to polling commands (e.g., transmitted by a gateway device node), adding a new device node to the network, registering that new device node with a gateway device node, removing a device node from the network, establishing a master/slave relationship with another device node, and exchanging communications with an access device. The control logic 430 of the low-power controller 422 may also include instructions for toggling between a sleep mode and an awake mode during which the multi-mode device node 400 transmits announcements at periodic intervals (e.g., every 10-50 ms) for a predetermined time period (e.g., for 30-60 seconds). If the multi-mode device node 400 receives a pairing request while awake--e.g., from an access device or another device node--then the multi-mode device node may pair and communicate with that access device or device node, ¶ 108.  See ¶ 127 for the message broker 704.  A bridge computing device may publish an asynchronous event ("AsyncEvent") message to indicate an event initiated by a device node. A bridge computing device may publish a device assignment ("AutoAssignDevice") message to indicate that a bridge computing device has discovered and paired with a new device node. A bridge computing device may publish a status update ("UpdateDeviceStatus") message when a child device node connects and/or disconnects to the bridge computing device, ¶ 144). 
Zimny further discloses program instructions to subscribe with the message broker to receive messages relating to any desired topics (i.e., In some examples, a scalable and secure message delivery system is provided by initiating an encrypted publish-subscribe model upon a bridge device powering-on. In some examples, the initial communications are encrypted and sent directly between a bridge device and a server. Subsequently, a message broker may maintain secure channels for encrypted communications between those devices. Such communications enable secure provisioning of commands and authentication information with any number of users or devices, provided that the users or devices have access to encryption keys used to encrypt the communications. In some circumstances, third-party users or devices do not have access to the encryption keys used to encrypt the communications. In other circumstances, third-party users may be authorized and provided with the encryption keys to "listen in" on and/or publish their own messages on the secure channels, ¶ 25.  The server 706 further generates and provides provisioning responses, connects to the message broker 704, publishes and/or subscribes to message broker channels, authenticates third-party users and/or devices, receives device communication access requests, provides encryption keys, and/or communicates with device nodes through one or more bridge computing devices, ¶ 129). 
Zimny also discloses program instructions to subscribe with the message broker to receive messages relating to a default topic of the message broker (i.e., The message broker 704, in this example, provides multiple channels on which devices may publish and/or subscribe to in order to communicate with other devices in the environment 700. In some examples, a channel may be uniquely associated with a particular device in the environment or with a set of devices in the environment (e.g., some or all device nodes of a local network of interconnected devices). In other examples, a channel may be associated with a topic (e.g., device errors, device diagnostics, and the like). In some examples, a publish-subscribe messaging protocol may be employed to publish and receive messages. In some examples, the broker device 704 uses message queue telemetry transport (MQTT) publish -subscribe messaging protocol to facilitate communications between the bridge computing device 702 and the server 706. The broker device 704 may connect with some or all of the devices disclosed herein, ¶ 128.  In some examples, the bridge computing device 702 subscribes to the first channel or topic (e.g., "server channel") to which the server 706 will publish its messages (816). In some examples, the bridge computing device 702 subscribes to the server channel identified in the response prior to the server 706 publishing a message (818). However, in some examples, the bridge computing device 702 may subscribe to the server channel at any time such as, for example, before, at the same time, or after the server 706 publishes a message, ¶ 163).  
Zimny may not explicitly disclose wherein the default topic is used to transfer an internal state of the message broker comprising security context information in the form of JSON web tokens and provides control API functions.
However, Theebaprakasam discloses wherein the default topic is used to transfer an internal state of the message broker comprising security context information in the form of JSON web tokens and provides control API functions (i.e., The OpenID Connect platform service implements standard OpenID Connect Login/Logout flows. Interactive web-based and native applications leverage standard browser-based OpenID Connect flow to request user authentication, receiving standard identity tokens that are JavaScript Object Notation (" JSON") Web Tokens ("JWTs") conveying the user's authenticated identity [security context information in the form of JSON web tokens]. Internally, the runtime authentication model is stateless, maintaining the user's authentication/session state in the form of a host HTTP cookie (including the JWT identity token) [wherein the default topic is used to transfer an internal state of the message broker comprising security context information in the form of JSON web tokens]. The authentication interaction initiated via the OpenID Connect protocol is delegated to a trusted SSO service that implements the user login/logout ceremonies for local and federated logins. Further details of this functionality are disclosed below with reference to FIGS. 10 and 11. In one embodiment, OpenID Connect functionality is implemented according to, for example, OpenID Foundation standards, ¶ 84) in order to allow for identity management, and in particular, to identity management in a cloud system (¶ 1).
Theebaprakasam further discloses program instructions to receive from the message broker, via the default topic, authentication tokens relating to external clients with established connections to the message broker, wherein the authentications tokens are JSON web tokens (i.e., One embodiment is a system that implements a number of microservices in a stateless middle tier environment to provide cloud-based multi-tenant identity and access management services. In one embodiment, each requested identity management service is broken into real-time and near-real-time tasks. The real-time tasks are handled by a microservice in the middle tier, while the near-real-time tasks are offloaded to a message queue. Embodiments implement access tokens that are consumed by a routing tier and a middle tier to enforce a security model for accessing the microservices. Accordingly, embodiments provide a cloud-scale Identity and Access Management ("IAM") platform based on a multi-tenant, microservices architecture, ¶ 23.  Embodiments implement tokens that are consumed by a routing tier to enforce a security model for accessing the microservices. Accordingly, embodiments provide a cloud-scale IAM platform based on a multi-tenant, microservices architecture [program instructions to receive from the message broker, via the default topic, authentication tokens relating to external clients with established connections to the message broker], ¶ 40.  The OpenID Connect platform service implements standard OpenID Connect Login/Logout flows. Interactive web-based and native applications leverage standard browser-based OpenID Connect flow to request user authentication, receiving standard identity tokens that are JavaScript Object Notation (" JSON") Web Tokens ("JWTs") conveying the user's authenticated identity. Internally, the runtime authentication model is stateless, maintaining the user's authentication/session state in the form of a host HTTP cookie (including the JWT identity token) [wherein the authentications tokens are JSON web tokens, and wherein the authentication tokens authorize defined topics]. The authentication interaction initiated via the OpenID Connect protocol is delegated to a trusted SSO service that implements the user login/logout ceremonies for local and federated logins. Further details of this functionality are disclosed below with reference to FIGS. 10 and 11. In one embodiment, OpenID Connect functionality is implemented according to, for example, OpenID Foundation standards, ¶ 84.  System 1300 includes a publisher 1301, a dynamic messaging queue 1303 and a messaging microservice 1302. Publisher 1301 in one embodiment is any of the microservices (or could be other components) implemented in the IDCS environment. Each of the producers/microservices 1301 produce messages by providing a topic/event-id, ¶ 211.  Because of the large number of events generated in each microservice in IDCS, embodiments classify all of the events to be published. Each event itself contains information about its target functionality and its topic. Based on the target and topic, the selector will decide whether to publish this event or not. For example, when an event has a target to be audited and its topic is admin, this is an event that needs to be delivered, and the AQPublisher will publish it to the AQDB. FIG. 15B illustrates an example event data structure 1525 in accordance with an embodiment of the invention, ¶ 226.  Embodiments define the list of topics that are to be published by defining all of the topic and queue configuration information about the messaging service in MessagingConfig, ¶ 227.  Thus, the topic allow for the authorization of users for published content via the use of JSON web tokens or JWTs). 
Theebaprakasam further discloses program instructions to receive from the message broker, via the default topic, authentication tokens relating to external clients with established connections to the message broker (i.e., One embodiment is a system that implements a number of microservices in a stateless middle tier environment to provide cloud-based multi-tenant identity and access management services. In one embodiment, each requested identity management service is broken into real-time and near-real-time tasks. The real-time tasks are handled by a microservice in the middle tier, while the near-real-time tasks are offloaded to a message queue. Embodiments implement access tokens that are consumed by a routing tier and a middle tier to enforce a security model for accessing the microservices [program instructions to receive from the message broker, via the default topic, authentication tokens relating to external clients with established connections to the message broker]. Accordingly, embodiments provide a cloud-scale Identity and Access Management ("IAM") platform based on a multi-tenant, microservices architecture, ¶ 23). 
Therefore, based on Zimny in view of Theebaprakasam, it would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to utilize the teaching of Theebaprakasam to the system of Zimny in order to allow for identity management, and in particular, to identity management in a cloud system.
Zimny and Theebaprakasam may not explicitly disclose wherein the authentication tokens authorize defined publish and subscribe topics for the external clients, and wherein each of the external clients has only one publish and subscribe topic reserved for it.
However, Loladia discloses wherein the authentication tokens authorize defined publish and subscribe topics for the external clients, and wherein each of the external clients has only one publish and subscribe topic reserved for it (i.e.,  In accordance with embodiments, the content management system 110 includes one or more servers for implementing services of a messaging broker 114, one or more host computing devices 116 for implementing virtual machine instances associated with client computing devices 102, and a token data store 112. As described in further detail below, the messaging broker 114 can receive registration request from client computing devices 102 and authentication service providers 104 for content items associated with particular topics [wherein each of the external clients has only one publish and subscribe topic reserved for it].  As such, in some aspects, the messaging broker 114 may receive content published by the authentication service providers 104 that include executable code or other instructions to be executed by the client devices 102. In other aspects, the messaging broker 114 can receive content published by the client computing devices 102 corresponding to a processing result, authentication request, token, or the like. The messaging broker 114 can then publish the received content [wherein the authentication tokens authorize defined publish and subscribe topics for the external clients], column 5 ¶ 2.  Accordingly, as messages are published by a transmitting client device and identified with a publication topic, the messaging broker matches the published message with the registered client devices and forwards the published message to all the registered devices [wherein each of the external clients has one or more publish and subscribe topic reserved for it], column 2 ¶ 7.  For example, the first authentication request may have contained a request for TLS handshake authentication, and the subsequent authentication request may contain the stored token for unilateral authentication by the messaging broker 114 or the authentication service provider 104 without utilizing a mutual authentication method [to receive, from an external client with an established connection, a publish message on a defined topic without an authentication token], column 10 ¶ 2.  It would be obvious to one of ordinary skill in the art that one of the users using the system could be, subscribed to/published to, only one topic) in order to allow for the utilization of authentication protocols to facilitate communication with client computing devices utilizing messaging protocols as messages are published by a transmitting client device and identified with a publication topic (column 2 ¶ 7).
Loladia also discloses program instructions to receive a message from the message broker without an authentication token (i.e., As such, in some aspects, the messaging broker 114 may receive content published by the authentication service providers 104 that include executable code or other instructions to be executed by the client devices 102. In other aspects, the messaging broker 114 can receive content published by the client computing devices 102 corresponding to a processing result, authentication request, token, or the like. The messaging broker 114 can then publish the received content [program instructions to receive a message from the message broker without an authentication token], column 5 ¶ 2.  For example, the first authentication request may have contained a request for TLS handshake authentication, and the subsequent authentication request may contain the stored token for unilateral authentication by the messaging broker 114 or the authentication service provider 104 without utilizing a mutual authentication method [program instructions to receive a message from the message broker without an authentication token], column 10 ¶ 2). 
Loladia further discloses program instructions to store the authentication tokens relating to external clients with established connections to the message broker in the local memory (i.e., The access token may be stored at the client computing device 102, column 10 first ¶.  With reference now to FIG. 5C, after receiving and storing the access token, at (4), the client computing device 102 connects to the messaging broker 114 and transmits a subsequent authentication request, including the token, to the messaging broker 114 through the network 120, column 10 ¶ 2). 
Loladia further discloses in response to receiving the message, program instructions to look up an associated authentication token within the authentication tokens relating to external clients with established connections to the message broker stored in the local memory, to authenticate the message (i.e., If the authentication process with the authentication service provider is successful and a token has been generated, the client device can utilize the token as part of subsequent connection exchanges between the client device and the messaging broker [in response to receiving the message, program instructions to look up an associated authentication token within the authentication tokens relating to external clients with established connections to the message broker stored in the local memory, to authenticate the message]. More specifically, the client device attempting to establish a communication link between the client device and the messaging broker will include the token as part of the initial handshaking communication request. In turn, the messaging broker can responsively validate that authentication token with the authentication service provider [in response to receiving the message, program instructions to look up an associated authentication token within the authentication tokens relating to external clients with established connections to the message broker stored in the local memory, to authenticate the message]. If validated, the client device can receive a communication link establishment confirmation. Additionally, the client device can be associated with various permissions/rights based on the authentication token provided or the authentication process utilized to obtain the processed token [authenticate the message], column 3 ¶ 1). 
Loladia further discloses program instructions to invalidate the one or more authentication tokens relating to external clients with established connections to the message broker in the local memory (i.e., In another embodiment, the additional credentials can further be based on additional criteria included in the request or contemporaneous with the request. For example, the messaging broker 114 may implement rules that incorporate additional information such as time of day, network, addressing information, network routing information, tokens (as illustrated above). In these embodiments, the type of additional credentials may vary based on the additional criteria. For example, the additional credentials may be associated with an expiration time based on the time of day, column 11 ¶ 4).
Therefore, based on Zimny in view of Theebaprakasam, and further in view of Loladia, it would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to utilize the teaching of Loladia to the system of Zimny and Theebaprakasam in order to allow for the utilization of authentication protocols to facilitate communication with client computing devices utilizing messaging protocols as messages are published by a transmitting client device and identified with a publication topic.
Zimny, Theebaprakasam and Loladia may not explicitly disclose wherein a publish and subscribe topic format includes a device identifier of an external client.
However, Smith discloses wherein a publish and subscribe topic format includes a device identifier of an external client (i.e., FIG. 255 is a schematic diagram of a subscriber obtaining a topic group key in accordance with some embodiments [a publish and subscribe topic], ¶ 263.  The device registrar 3704, or escrow agent, may reside either within the node acting as the explicit pass-through node, or externally as a common agent to a group of nodes [an external client]. The routing request 3702 includes the identification or keys associated with the requester [device id], which may be used by the device registrar 3704 to determine if the pass-through request should be granted or denied [format includes a device identifier of an external client], ¶ 495.  This type of model is also often use in publish/subscribe models, where devices send data via channels as a means of sending data. Further, most model use a central server from where end-points broadcast data from (push), or a content server where they pull from. The techniques described with respect to FIGS. 71 to 74 use a combination of push and pull to distribute content across networks [publish and subscribe topic formats], ¶ 623.  In the hierarchical policy management system 12100, the individual devices are directly addressable [format includes a device identifier], ¶ 882. At block 18010, a DNAP device may publish its attributes and features and request tokens that may be assigned to the DNAP device based on the attributes or identity of the device [format includes a device identifier of an external client]. A decision to assign tokens may be controlled by a network administrator through the use of policies or based on, for example, the device's network, address, identity, device type, device capabilities, device features, or based on an effectiveness measure of the policy on the device and the permissions guide, ¶ 1308.  At block 20306, a determination is made as to whether some or all external modules have been enumeration and details about the requirements of an external module. If not all external modules have been identified, at block 20308, the requirements for the external module are identified and the external module is enumerated. Enumerating external modules allows an IoT device to reference the external modules and access the requirements of an external module [a device identifier of an external client], ¶ 1428.  Process flow resumes at block 20306, where a determination is made if some or all external modules connected to the IoT device are identified and enumerated. Once the external modules have been identified and enumerated, external modules may then be mapped to resources [a device identifier of an external client], ¶ 1431.  The Pub-Sub model allows for a topic to be defined to which network devices may subscribe, publish, or both. Publishers may publish to multiple topics and subscribers may subscribe to multiple topics. Thus, a scalability concern may arise when routing the topic traffic. Topics may be expressed in a variety of data formats including strings, numbers, network (multicast) addresses, UUIDs and Object ID hierarchies [format includes a device identifier of an external client], ¶ 1697) in order to provide a decentralized system for authentication, authorization, and accounting (AAA) which further includes the ability to authorize, broker, arbitrate, and authenticate systems implemented across interconnected heterogeneous infrastructure (¶ 299).
Therefore, based on Zimny in view of Theebaprakasam and Loladia, and further in view of Smith, it would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to utilize the teaching of Smith to the system of Zimny, Theebaprakasam and Loladia in order to provide a decentralized system for authentication, authorization, and accounting (AAA) which further includes the ability to authorize, broker, arbitrate, and authenticate systems implemented across interconnected heterogeneous infrastructure.

With respect to claim 9, Zimny discloses program instructions to forward messages without associated authentication tokens directly to other internal clients not via the message broker (i.e., In some examples, the initial communications are encrypted and sent directly between a bridge device and a server, ¶ 25.  Since the bridge device and server are technically internal clients this direct communication reads on the limitation.  An access device as used herein refers to a user-operated device node that is configured to interact with other device nodes in the local network of interconnected devices. Examples of access devices include computing devices (e.g., mobile cellular telephones, palmtop computing devices, tablet computing devices, laptop computing devices, desktop computing devices, video game machines, network-enabled televisions, and the like), miniature remotes (e.g., keyfobs), and other types of devices having at least one communication interface configured for communicating with one or more types of devices nodes of a local network of interconnected devices either directly or indirectly via one or more device nodes and/or via local and/or remote computing devices. As described in further detail below, access devices include instructions that, when executed at the access device, cause the access device to wirelessly communicate with device nodes of a local network of interconnected devices, ¶ 60). 

With respect to claim 10, the limitations of claim 10 are rejected in the analysis of claim 1 above, and the claim is rejected on that basis.

With respect to claim 17, Zimny discloses program instructions to validate the token (i.e., In some examples, the server 706 may validate the identity of the third-party computing device 728 to determine whether the third-party computing device 728 is authorized to receive such information. Such validation may include determining whether the server 706 and/or the bridge computing device 702 have previously communicated with the third-party computing device 728, whether the third-party computing device 728 is on an authorized device list, whether the third-party computing device 728 has authorization credentials, or any combination thereof [to validate the token], ¶ 135). 
Zimny further discloses wherein validating the token comprises: program instructions to check that an expiration time of the authentication token has not expired (i.e., For example, as an additional layer of security, the first and/or second channel may be utilized by the server 706 and/or the bridge computing device 702 for publication/subscription only for a limited time (e.g., utilization of the first and/or second channel may expire) [program instructions to check that an expiration time of the authentication token has not expired], thereby decreasing the window in which an unauthorized party could access the first and/or second channel. In some such examples, upon expiration of the first and/or second channels, the bridge computing device 702 may send a second provisioning request and the server 706 may send a second provisioning response identifying new channels to which the bridge computing device 702 and the server 706 to may publish/subscribe. The bridge computing device 702 may transmit the subsequent provisioning request in response to a determining that the first and/or second channels are no longer available, e.g., after the timeframe for using them has expired [program instructions to check that an expiration time of the authentication token has not expired], ¶ 159). 
Zimny also discloses program instructions to extract a unique device identifier of the external client (i.e., In some examples, a scalable and secure message delivery system is provided by initiating an encrypted publish-subscribe model upon a bridge device powering-on. In some examples, the initial communications are encrypted and sent directly between a bridge device and a server. Subsequently, a message broker may maintain secure channels for encrypted communications between those devices. Such communications enable secure provisioning of commands and authentication information with any number of users or devices, provided that the users or devices have access to encryption keys used to encrypt the communications. In some circumstances, third-party users or devices do not have access to the encryption keys used to encrypt the communications. In other circumstances, third-party users may be authorized and provided with the encryption keys to "listen in" on and/or publish their own messages on the secure channels. For example, third-parties may be authorized to perform diagnostic monitoring, analyze sensor data, initiate one or more commands, etc. In some examples, new device nodes are introduced into a mesh network including the bridge device. However, the mesh network may need reconfiguring or load balancing to continue to perform as disclosed herein. In some examples, one or more secondary bridge devices may exist in the mesh network to provide back-up capabilities, ¶ 25.  The security logic 340 stored at the memory of the low-power controller 322 may include one or more keys associated with the gateway device node 300 used to encrypt the content (i.e., the payload) and communications transmitted to the access devices as well as decrypt the content and communications received from access devices, the device management server, and other device nodes of the network, ¶ 89.  The access device may also store a key (e.g., as part of the mobile application), and use the key to decrypt the encrypted information, ¶ 98). 
Zimny may not explicitly disclose a list of publish and subscribe topics.
However, Theebaprakasam discloses a list of publish and subscribe topics (i.e., Embodiments define the list of topics that are to be published by defining all of the topic and queue configuration information about the messaging service in MessagingConfig (i.e., message configuration database 1403 of FIG. 14). FIG. 16A illustrates an example messaging configuration in accordance with one embodiment. In one embodiment, the messaging service supports the publishing of 12 topics: admin, job, oauth, saml, caching, subscription, sso, notification, sm, storage, idbridge and authz, ¶ 227.  From the topics list in MessagingConfig file, in addition to defining the topics that are of interest, such as "oauth" at 1601, a list of queues are also defined at 1602 ("QA1","QA2","QA3","QA4"). These are the names for the actual queues that are created in AQDB 1303. When events are being published, they are being written to the AQDB, and more specifically, they are written to the ("QA1","QA2","QA3","QA4") queues in AQDB 1303 specified in messaging config, ¶ 228) in order to allow for identity management, and in particular, to identity management in a cloud system (¶ 1).
Therefore, based on Zimny in view of Theebaprakasam, it would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to utilize the teaching of Theebaprakasam to the system of Zimny in order to allow for identity management, and in particular, to identity management in a cloud system.
Zimny and Theebaprakasam program instructions to build a list of permitted topics for the external client.
However, Loladia discloses program instructions to build a list of permitted topics for the external client (i.e., Additionally, the client device can be associated with various permissions/rights based on the authentication token provided or the authentication process utilized to obtain the processed token, column 3 ¶ 1). 
Therefore, based on Zimny in view of Theebaprakasam, and further in view of Loladia, it would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to utilize the teaching of Loladia to the system of Zimny and Theebaprakasam in order to allow for the utilization of authentication protocols to facilitate communication with client computing devices utilizing messaging protocols as messages are published by a transmitting client device and identified with a publication topic.
Zimny, Theebaprakasam and Loladia may not explicitly disclose program instructions to build a list of allowed publish and subscribe topics for the external client.
However, Smith discloses program instructions to build a list of allowed publish and subscribe topics for the external client (i.e., In an example, the ad-hoc permissions guide 16502 may include a data plane function 16536. The data plane function 16536 may allow parties to the permissions guide to agree how the data or service will be supplied and consumed. The data plane function 16536 may specify that data may be shared in an off-chain mechanism, and the data plane function 16536 may specify specific endpoints and endpoint technologies to which data can be made available. In one example, the data can be made available through a function subscribing the endpoint to a source or through a function that publishes data for consumption [program instructions to build a list of allowed publish and subscribe topics for the external client]. In an example, the means of data consumption and service consumption by parties participating in the permissions guide 16502 may include authentication and authorization information. Parties to the ad-hoc permissions guide 16502 may supply a service or data and may specify how the parties may make consumption preferences available. Parties consuming data and services may also specify preferences on how the consuming parties may consume authentication and authorization, ¶ 1207.  A content locator 24812 may be included to locate and provide content associated with the topic. For example, content may be provided by other publishers or routers and saved by the content locator 24812 to allow a determination as to whether the content is in the white list 24806 or the blacklist 24808 prior to providing the content to other devices in the fog 812 or the cloud 302 [program instructions to build a list of allowed publish and subscribe topics for the external client], ¶ 1718.  In example 1231, the method includes calculating a white list intercept of the subscriber bloom filter with a white list mask including a plurality of hash codes of allowed topics [program instructions to build a list of allowed publish and subscribe topics for the external client], ¶ 3112) in order to provide a decentralized system for authentication, authorization, and accounting (AAA) which further includes the ability to authorize, broker, arbitrate, and authenticate systems implemented across interconnected heterogeneous infrastructure (¶ 299).
Smith further discloses program instructions to persist security context information of the external client in memory (i.e., In the techniques described herein, IoT nodes in a network may not need to receive or dispatch a full private key, for example, with each message. Instead, they may dispatch and receive fractional parts of the key. In addition to improving the efficiency of communications, this may reduce the attack surface for a secure IoT network, as no individual node needs to store the full key sequences in persistent storage [program instructions to persist security context information of the external client in memory], ¶ 994). 
Smith also discloses program instructions to validate the publish message on the defined topic based on the list of allowed publish and subscribe topics and the authentication token (i.e., In an example, the means of data consumption and service consumption by parties participating in the permissions guide 16502 may include authentication and authorization information. Parties to the ad-hoc permissions guide 16502 may supply a service or data and may specify how the parties may make consumption preferences available [to validate the publish message on the defined topic based on the list of allowed publish and subscribe topics]. Parties consuming data and services may also specify preferences on how the consuming parties may consume authentication and authorization [to validate the publish message on the defined topic based on the list of allowed publish and subscribe topics and the authentication token], ¶ 1207.  Routing nodes 25804 apply the security policy semantics by recognizing the security level topic then applying the appropriate security model behavior constraint. For example, if constraint I is followed, then a router may allow a subscriber S0 authorized to operate at a level L0 to receive a notification from a publisher authorized to operate at a level L1. Similarly, if a subscriber S2 is authorized to operate at level L2 the notification from the L1 publisher would be blocked [to validate the publish message on the defined topic based on the list of allowed publish and subscribe topics and the authentication token], ¶ 1768). 
Therefore, based on Zimny in view of Theebaprakasam and Loladia, and further in view of Smith, it would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to utilize the teaching of Smith to the system of Zimny, Theebaprakasam and Loladia in order to provide a decentralized system for authentication, authorization, and accounting (AAA) which further includes the ability to authorize, broker, arbitrate, and authenticate systems implemented across interconnected heterogeneous infrastructure.

With respect to claim 18, the limitations of claim 18 are rejected in the analysis of claim 17 above, and the claim is rejected on that basis.

Claims 2-4 and 11-16 is/are rejected under 35 U.S.C. 103 as being unpatentable over Zimny et al. (U.S. Publication No. 2019/0205541 A1) in view of Theebaprakasam et al. (U.S. Patent No. 2019/0089809 A1), Loladia et al. (U.S. Patent No. 10,678,906 B1), and Smith et al. (U.S. Publication No. 2019/0349426 A1), and in further view of Roche et al. (U.S. Patent No. 10,270,815 B1).
With respect to claim 2, Zimny discloses wherein authentication tokens relating to established connections are stored in the memory with an association to their respective external clients (i.e., The security logic 340 stored at the memory of the low-power controller 322 may include one or more keys associated with the gateway device node 300 used to encrypt the content (i.e., the payload) and communications transmitted to the access devices as well as decrypt the content and communications received from access devices, the device management server, and other device nodes of the network, ¶ 89.  The server 706 may associate an identifier of a bridge computing device (e.g., a serial number) with a stored encryption key so that the server 706 can distinguish between the different encryption keys. In some examples, the bridge computing device 702 transmits an identifier to the server 706, and the server 706 identifies the respective encryption key associated with the bridge computing device 702 based on the transmitted identifier, ¶ 156.  FIG. 10 illustrates example implementations of the server 706 and the third-party computing device 728 of FIG. 7. The server 706, in this particular example, includes a data store 1002 storing multiple user profiles 1004, multiple device profiles 1006, and multiple device-specific encryption keys 1008. The user profiles 1004 and the device profiles 1006, in this example, are included in a list identifying user/device profiles authorized for communications with the server 706 and/or the bridge computing device 702. The server 706 stores the device-specific encryption keys 1008 in association with respective identifiers of the device nodes of a local network of interconnected devices, ¶ 179). 
Zimny also discloses wherein the programming instructions further comprise instructions to look up an associated authentication token stored in the memory, in response to receiving the publish message (i.e., The access device database 344, in this example, stores records of the access devices that are authorized to exchange communications with device nodes of the local network of interconnected devices. The low-power controller 322 may create a new record for an access device when the gateway 300 successfully bonds with that access device during a pairing and bonding procedure. The gateway device node 300 may bond with an access device by employing the procedures used to establish a communication session as described in commonly-owned U.S. Pat. No. 9,407,624. In this way, the low-power controller 322 may engage in subsequent low-power communication sessions with that access device without repeating the pairing and bonding process [wherein the programming instructions further comprise instructions to look up an associated authentication token stored in the memory, in response to receiving the publish message]. An access device record includes a set of information associated with an access device including information used to secure communications between the gateway 300 and the access device. An access device record may include, for example, a unique identifier for the access device (e.g., a MAC address) and one or more keys exchanged between the gateway 300 and the access device during a bonding procedure (e.g., LTK, EDIV, and Rand keys). The keys exchanged may include, e.g., a key to secure communications exchanged between the gateway 300 and the access device during a communication session as well as a key associated with the access device that is used to verify digital signatures received from the access device and sign content transmitted to the access device. An access device record may also include an invitation code generated for an invited access device that has been authorized to communicate with the gateway 300. The short-range controller 324 may also include an access device database similar to the access device database 344 of the low-power controller 322. In this way, the short-range controller 324 may likewise store records of access devices that have bonded with the gateway 300 which the short-range controller may utilize for subsequent short-range communication sessions with the access device, ¶ 91). 
Zimny also discloses add the associated authentication token to the publish message before making the publish message available to any one of the internal clients who subscribe to messages of the defined topic (i.e., In response to publication of a message by the third computing device to a channel provided by the message broker, the first computing device decrypts, using the device-specific encryption key, at least a portion of the message that the third computing device has encrypted using the device-specific encryption key, ¶ 33.  In some examples, the first computing device encrypts at least a portion of a first message of the one or more first messages using a device-specific encryption key associated with the first computing device in order to obtain an encrypted message, which the first computing device then publishes to the first channel, ¶ 34.  Authorized access devices may also be provided with the keys associated with a device node and also utilize those keys to encrypt and decrypt portions of the communications exchanged with the device node, ¶ 78.  The server 706 further generates and provides provisioning responses, connects to the message broker 704, publishes and/or subscribes to message broker channels, authenticates third-party users and/or devices, receives device communication access requests, provides encryption keys, and/or communicates with device nodes through one or more bridge computing devices, ¶ 129). 
Zimny, Theebaprakasam, Loladia and Smith may not explicitly disclose wherein the default topic provides control API functions.
However, Roche discloses wherein the default topic provides control API functions (i.e., If the user of controlling device 102 desires to create a communications session with the network-connected device 106 through use of the network-connected device servicer 104, the user may transmit a request to the network-connected device service to initiate a communications session with the network-connected device 106. For instance, the user may utilize the controlling device 102 to transmit one or more application programming interface (API) calls to the network-connected device service 104, such as a "StartSession" API call, to initiate the communications session. In response to the one or more API calls from the controlling device 102, the network-connected device service 104 may evaluate the one or more configuration rules provided by the user of the controlling device 102. The one or more configuration rules may specify the actions to be performed in response to receiving the one or more API calls from the controlling device 102. In some embodiments, a user may be required to provide a set of credentials to the network-connected device service 104 for authentication of the user and to determine whether the user is authorized to initiate the communications session, column 4 last ¶ - column 5 first ¶) in order to enable an operator to publish various commands for the network-connected device to a message topic established by the network-connected device service and accessible by a software container instance (column 3 ¶ 2).
Therefore, based on Zimny in view of Theebaprakasam in view of Loladia and Smith, and further in view of Roche, it would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to utilize the teaching of Roche to the system of Zimny, Theebaprakasam, Loladia and Smith in order to enable an operator to publish various commands for the network-connected device to a message topic established by the network-connected device service and accessible by a software container instance.

With respect to claim 3, Zimny discloses wherein the memory is internal to the message broker (i.e., The bridge transitioning process begins, in this example, with the bridge computing device 702 (e.g., primary bridge device) connecting to the server 1114. In some examples, the bridge computing device 702 may connect to the server 1114 via example network 1116. In some examples, the bridge computing device 702 may connect to a message broker (e.g., message broker 704 in FIG. 7), in order to send and receive messages as described above. Accordingly, the remote server may be a device management server (e.g., device management server 110 in FIG. 1) or a message broker (e.g., message broker 704 in FIG. 7) as described above, ¶ 193.  Thus, the message broker and device management server are interchangeable and therefore, the message broker could have internal storage for storing the associated token just as the device management server does). 

With respect to claim 4, Zimny discloses wherein the memory is in a third-party entity accessible by the message broker (i.e., The third-party computing device 728 may request different types of access to communications provided via the message broker 704. For example, the third-party computing device 728 may generally request, from the server 706, access to all communications. The third-party computing device 728 may also request access to communications from a particular device by providing, for example, an identifier of the particular device. In addition, the server 706 may provide, to the third-party computing device 728, access to communications without a request from the third-party computing device 728, ¶ 175). 

With respect to claim 11, the limitations of claim 11 are rejected in the analysis of claim 2 above, and the claim is rejected on that basis.

With respect to claim 12, the limitations of claim 12 are rejected in the analysis of claim 3 above, and the claim is rejected on that basis.

With respect to claim 13, wherein the authentication tokens relating to established connections are stored in a third-party entity under control of the message broker (i.e., In some example implementations, the access portal 112 and data store 114 may reside at the same machine while in other example implementations an access portal and data store may reside at different machines that are in signal communication with each other, ¶ 65.  Thus, the keys/token can be stored in many different places including the third-party entities in control/communication with the message broker). 

With respect to claim 14, Zimny discloses wherein, further comprising: following establishment of the connection to the external client, forwarding the authentication token extracted from the connect message to the internal clients for storage in respective local memories (i.e., FIG. 10 illustrates example implementations of the server 706 and the third-party computing device 728 of FIG. 7. The server 706, in this particular example, includes a data store 1002 storing multiple user profiles 1004, multiple device profiles 1006, and multiple device-specific encryption keys 1008. The user profiles 1004 and the device profiles 1006, in this example, are included in a list identifying user/device profiles authorized for communications with the server 706 and/or the bridge computing device 702. The server 706 stores the device-specific encryption keys 1008 in association with respective identifiers of the device nodes of a local network of interconnected devices, ¶ 179.  Thus, the keys are forwarded for use/storage in relation to communication with external and internal clients like those shown in figure 2.  The low-power controller, in these example implementations, may thus be in signal communication with the local memory of the gateway device node to access the device node database and access node database [storage in respective local memories], ¶ 92). 
Zimny, Theebaprakasam, Loladia and Smith may not explicitly disclose wherein the default topic provides control API functions.
However, Roche discloses wherein the default topic provides control API functions (i.e., If the user of controlling device 102 desires to create a communications session with the network-connected device 106 through use of the network-connected device servicer 104, the user may transmit a request to the network-connected device service to initiate a communications session with the network-connected device 106. For instance, the user may utilize the controlling device 102 to transmit one or more application programming interface (API) calls to the network-connected device service 104, such as a "StartSession" API call, to initiate the communications session. In response to the one or more API calls from the controlling device 102, the network-connected device service 104 may evaluate the one or more configuration rules provided by the user of the controlling device 102. The one or more configuration rules may specify the actions to be performed in response to receiving the one or more API calls from the controlling device 102. In some embodiments, a user may be required to provide a set of credentials to the network-connected device service 104 for authentication of the user and to determine whether the user is authorized to initiate the communications session, column 4 last ¶ - column 5 first ¶) in order to enable an operator to publish various commands for the network-connected device to a message topic established by the network-connected device service and accessible by a software container instance (column 3 ¶ 2).
Therefore, based on Zimny in view of Theebaprakasam in view of Loladia and Smith, and further in view of Roche, it would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to utilize the teaching of Roche to the system of Zimny, Theebaprakasam, Loladia and Smith in order to enable an operator to publish various commands for the network-connected device to a message topic established by the network-connected device service and accessible by a software container instance.

With respect to claim 15, Zimny discloses wherein a given authentication token is forwarded by the message broker to the internal clients by a system publish message using a topic to which internal clients have privileged subscription rights not available to external clients (i.e., In some examples, a scalable and secure message delivery system is provided by initiating an encrypted publish-subscribe model upon a bridge device powering-on. In some examples, the initial communications are encrypted and sent directly between a bridge device and a server. Subsequently, a message broker may maintain secure channels for encrypted communications between those devices. Such communications enable secure provisioning of commands and authentication information with any number of users or devices, provided that the users or devices have access to encryption keys used to encrypt the communications. In some circumstances, third-party users or devices do not have access to the encryption keys used to encrypt the communications, ¶ 25.  In some examples, a channel may be uniquely associated with a particular device in the environment or with a set of devices in the environment (e.g., some or all device nodes of a local network of interconnected devices). In other examples, a channel may be associated with a topic (e.g., device errors, device diagnostics, and the like). In some examples, a publish-subscribe messaging protocol may be employed to publish and receive messages. In some examples, the broker device 704 uses message queue telemetry transport (MQTT) publish-subscribe messaging protocol to facilitate communications between the bridge computing device 702 and the server 706. The broker device 704 may connect with some or all of the devices disclosed herein, ¶ 128.  In some examples, the bridge computing device 702 subscribes to the first channel or topic (e.g., "server channel") to which the server 706 will publish its messages (816). In some examples, the bridge computing device 702 subscribes to the server channel identified in the response prior to the server 706 publishing a message (818). However, in some examples, the bridge computing device 702 may subscribe to the server channel at any time such as, for example, before, at the same time, or after the server 706 publishes a message, ¶ 163). 

With respect to claim 16, Zimny discloses communicating to internal clients that the authentication token associated with the established connection is no longer valid based on the established connection disconnecting (i.e., In some examples, the server 706 may validate the identity of the third-party computing device 728 to determine whether the third-party computing device 728 is authorized to receive such information. Such validation may include determining whether the server 706 and/or the bridge computing device 702 have previously communicated with the third-party computing device 728, whether the third-party computing device 728 is on an authorized device list, whether the third-party computing device 728 has authorization credentials, or any combination thereof, ¶ 135.  A bridge computing device may publish a message ("LastWillAndTestament") when the bridge computing device establishes a connection with the message broker. In the event the bridge computing device loses its connection with the message broker, the message broker may send the LastWillAndTestament message to the server to inform the server that the connection between the message broker and the bridge computing device has been lost. In this way, the server may determine that the bridge computing device has disconnected from the message broker, ¶ 147.  In response to receiving and/or decrypting the provisioning request, the server 706 prepares a provisioning response. In some examples, the provisioning response includes information such as an address of the message broker 704, an identification of a first channel to which the server 706 will publish its messages, an identification of a second channel to which the bridge computing device 702 should publish its messages, and/or a timeframe for which the first channel and the second channel is or will be available for publication or subscription (e.g., between 1:00 AM and 2:00 AM). For example, as an additional layer of security, the first and/or second channel may be utilized by the server 706 and/or the bridge computing device 702 for publication/subscription only for a limited time (e.g., utilization of the first and/or second channel may expire) [communicate to internal clients that the authentication token associated with the established connection is no longer valid based on the established connection disconnecting], thereby decreasing the window in which an unauthorized party could access the first and/or second channel. In some such examples, upon expiration of the first and/or second channels, the bridge computing device 702 may send a second provisioning request and the server 706 may send a second provisioning response identifying new channels to which the bridge computing device 702 and the server 706 to may publish/subscribe. The bridge computing device 702 may transmit the subsequent provisioning request in response to a determining that the first and/or second channels are no longer available, e.g., after the timeframe for using them has expired [communicate to internal clients that the authentication token associated with the established connection is no longer valid based on the established connection disconnecting], ¶ 159). 
Zimny may not explicitly disclose an authentication token.
However, Theebaprakasam discloses an authentication token (i.e., In the embodiment of FIG. 9, other than the data tier 918 which communicates based on Structured Query Language ("SQL") and the ID store tier 920 that communicates based on LDAP, OAuth protocol is used to protect the communication among IDCS components (e.g., microservices) within IDCS, and the same tokens that are used for securing access from the outside of IDCS are also used for security within IDCS [an authentication token], ¶ 159) in order to allow for identity management, and in particular, to identity management in a cloud system (¶ 1).
Therefore, based on Zimny in view of Theebaprakasam, it would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to utilize the teaching of Theebaprakasam to the system of Zimny in order to allow for identity management, and in particular, to identity management in a cloud system.



Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP § 706.07(a). Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a). 
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisoryaction is not mailed until after the end of the THREE-MONTH shortened statutoryperiod, then the shortened statutory period will expire on the date the advisoryaction is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will becalculated from the mailing date of the advisory action. In no event, however, willthe statutory period for reply expire later than SIX MONTHS from the date of thisfinal action.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to JAREN M MEANS whose telephone number is (571)270-7202.  The examiner can normally be reached on 12pm-6pm ET.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Joon Hwang can be reached on 571-272-4036.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free).





Jaren M. Means
/J.M.M./
Patent Examiner
Art Unit 2447	
5/24/2022

/JOON H HWANG/Supervisory Patent Examiner, Art Unit 2447