Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

DETAILED ACTION
This is the initial office action has been issued in response to patent application, 16/968676, filed on 10 August 2020 with a foreign priority date of 13 February 2018.  Claims 1-4, 6, 11-15, 19-27, as preliminary amended, are currently pending and have been considered below.  

Information Disclosure Statements

The information disclosure statement filed 08/10/2020, 05/24/2021, 05/24/2021 complies with the provisions of 37 CFR 1.97, 1.98 and MPEP § 609 and the information referred to therein has been considered as to the merits.  

Specification
The amendment to the Specification filed 08/10/2020 has been reviewed and accepted.  



Claim Rejections - 35 USC § 102
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  

The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –

(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale or otherwise available to the public before the effective filing date of the claimed invention.



Claims 1-4, 6, 11-15, and 19-27 are rejected under 35 U.S.C. 102(a)(1) as being anticipated by Hussein et al. (US 2019/0268328 A1, file date 11/09/2017).

Claim 1:
With respect to claim 1, Hussein et al. discloses a method for requesting, by a client device, registration of identified data at a sensor reader (When the requesting object wishes to initiate this interaction, it sends a request 110 to a “master” object among the community objects 106, 0115) (“authorize opening the garage door by objects having as attributes the telephone number 06xxxxxxxx and a GPS position within a radius of 300 m of the house”). In this example, the requesting object will have the capability of authorizing opening the garage door if the rule “the telephone number is 06xxxxxxxx and the GPS position is within a radius of 300 m of the house” is satisfied, 0130), wherein the client device and the sensor reader have a security trusted relationship with a trusted server (the objects in a community have a special trust relationship, 0024) (A “certified attribute” is an attribute whose accuracy has been certified by a trusted third party, usually called a certification authority, 0028) the requesting object must address the master object, authentication token containing the capability (for example the internal object is a low power open-door sensor, 0041) (Figure 1b, requesting object 101, a certification authority 108, authentication server 107), the method comprising:
sending a request command, from the client device and to the sensor reader, the request command pertaining to a registration operation to be performed on identified data at the sensor reader (When the requesting object wishes to initiate this interaction, it sends a request 110 to a “master” object among the community objects 106, 0115) (the requesting object contacts a certification authority 108 (message 121) in order to send it an attribute or a plurality of attributes to be certified, 0147);
assigning, by the sensor reader, a security policy to the identified data (To determine a capability or a set of capabilities from attributes, the authentication server can verify the certification of the attributes and, based on a set of rules, determine which capability should be allocated according to the attributes. These capabilities may be predefined from predetermined and associated rules, 0033)
(based on attribute, database of security rules, 0130),
creating, by the sensor reader and based on the request command and the security policy, a first security protected object (certified the transmitted attribute (for example it has the public key of the certification authority), 0150) and a second security protected object of the identified data (signs the attribute, 0148);
sending, by the sensor reader, the second security protected object to the client device (certification authority signs the attribute and returns it to the requesting object 101 (message 122), 0148);
sending, by the sensor reader, the first security protected object towards the trusted server (the authentication server has a trust relationship with the certification authority that certified the transmitted attribute (for example it has the public key of the certification authority), 0150); and
verifying, by the trusted server and upon reception of the first security protected object, that the sensor reader that created the first security protected object has a security trusted relationship with the trusted server (the authentication server has a trust relationship with the certification authority that certified the transmitted attribute (for example it has the public key of the certification authority): the authentication server can thus verify that the attribute has indeed been signed by the certification authority indicated in the message 124, 0150).

Claim 2:
With respect to claim 2, Hussein et al. discloses further comprising: verifying, by the sensor reader, that the client device from which the request command is received from has a security trusted relationship with the sensor reader (the objects in a community have a special trust relationship, 0024).

Claim 3:
With respect to claim 3, Hussein et al. discloses further comprising: obtaining, by the sensor reader, the identified data (in order to send it an attribute or a plurality of attributes to be certified, signs the attribute and returns it to the requesting object 101, 0147-0148).

Claim 4:
With respect to claim 4, Hussein et al. discloses further comprising: performing, by the sensor reader, the registration operation on the identified data (When the requesting object wishes to initiate this interaction, it sends a request 110 to a “master” object among the community objects 106, 0115), resulting in a first data item and a second data item, wherein the first data item is included in the first security protected object (the authentication server has a trust relationship with the certification authority that certified the transmitted attribute (for example it has the public key of the certification authority), 0150) and the second data item is included in the second security protected object (certification authority signs the attribute and returns it to the requesting object 101 (message 122), 0148).



Claim 6:
With respect to claim 6, Hussein et al. discloses wherein which security policy to assign to the identified data is dependent on at least one of the registration operation and a default security policy of the sensor reader (To determine a capability or a set of capabilities from attributes, the authentication server can verify the certification of the attributes and, based on a set of rules, determine which capability should be allocated according to the attributes. These capabilities may be predefined from predetermined and associated rules, 0033) (Based on the received attribute, the authentication server can determine what the capability (or capabilities) of the requesting object is/are (i.e. the action or actions authorized for the requesting object) by comparing the attribute or list of attributes with a database of security rules, 0130).

Claim 11:
With respect to claim 11, Hussein et al. discloses further comprising: extracting, by the client device, the second data item from the second security protected object; and 
storing, by the client device, the second data item (if the requesting object has already requested a certification authority to sign/certify one of its attributes (and this has not changed/the certification is still valid), there is no need to exchange messages 121 and 122, 0153).

Claim 12:
With respect to claim 12, Hussein et al. discloses further comprising:
storing, by the client device, the identifier of the identified data and the identifier of the sensor reader together with the second data item (if the requesting object has already requested a certification authority to sign/certify one of its attributes (and this has not changed/the certification is still valid), there is no need to exchange messages 121 and 122, 0153).

Claim 13:
With respect to claim 13, Hussein et al. discloses wherein the first security protected object is sent to the client device to be forwarded to the trusted server , the method further comprising: forwarding, by the client device, the first security protected object to the trusted server (Then the requesting object can send its request for interaction (message 123—corresponding to message 101 in the previous embodiment) to the master object, accompanied by the certified attribute, This request is then transferred (message 124) to the authentication server 107, 0149-0150) (Figure 1b, 123, 124).

Claim 14:
With respect to claim 14, Hussein et al. discloses wherein the trusted server has access to the security policy, the method further comprising:
extracting, by the trusted server, the first data item from the first security protected object; and storing, by the trusted server, the first data item together with the security policy (upon receipt of said community token by the master object, updating a database stored in the master object in order to add a new member to said community, 0046) (The capabilities and rules for a given community may be stored in advance, 0131) (the master object may update an internal database containing a list of objects in the community in order to add the requesting object as a new member of the community. In addition, it is possible to update a database (the same as before or a different database) to indicate the attributes of the new member, for future use, 0166).

Claim 15:
With respect to claim 15, Hussein et al. discloses further comprising:
storing, by the trusted server, the identifier of the identified data and the identifier of the sensor reader together with the first data item (upon receipt of said community token by the master object, updating a database stored in the master object in order to add a new member to said community, 0046) (The capabilities and rules for a given community may be stored in advance, 0131) (the master object may update an internal database containing a list of objects in the community in order to add the requesting object as a new member of the community. In addition, it is possible to update a database (the same as before or a different database) to indicate the attributes of the new member, for future use, 0166)

Claim 19:
With respect to claim 19, Hussein et al. discloses a method for requesting, by a client device, identified data to be provisioned to a sensor reader (When the requesting object wishes to initiate this interaction, it sends a request 110 to a “master” object among the community objects 106, 0115) (“authorize opening the garage door by objects having as attributes the telephone number 06xxxxxxxx and a GPS position within a radius of 300 m of the house”). In this example, the requesting object will have the capability of authorizing opening the garage door if the rule “the telephone number is 06xxxxxxxx and the GPS position is within a radius of 300 m of the house” is satisfied, 0130), wherein the client device and the sensor reader have a security trusted relationship with a trusted server (the objects in a community have a special trust relationship, 0024) (A “certified attribute” is an attribute whose accuracy has been certified by a trusted third party, usually called a certification authority, 0028) the requesting object must address the master object, authentication token containing the capability (for example the internal object is a low power open-door sensor, 0041) (Figure 1a, requesting object 101, authentication server 107), the method comprising:
sending a first request command, from the client device and to the trusted server, the first request command pertaining to identified data to be provided to the sensor reader and a first provisioning operation to be performed by the sensor reader on the identified data (When the requesting object wishes to initiate this interaction, it sends a request 110 to a “master” object among the community objects 106, 0115) (Once the request 110 is received by the master object 102, the latter can transfer (message 111) the request to an authentication server 107, 0118);
retrieving, by the trusted server, a first data item, wherein the first data item is related to the identified data (Once the message is received 111, the authentication server can provide a list of certification authorities that it accepts or which are recognized (message 112) to the master object 102. The master object then transfers (message 113) this message to the requesting object, 0119);
verifying, by the trusted server, that the first request command complies with a security policy for the identified data (To determine a capability or a set of capabilities from attributes, the authentication server can verify the certification of the attributes and, based on a set of rules, determine which capability should be allocated according to the attributes. These capabilities may be predefined from predetermined and associated rules, 0033) (based on attribute, database of security rules, 0130);
creating, by the trusted server and based on the security policy, a first security protected object of the first data item (Based on the knowledge of the chosen certification authority, the authentication server can send a certification request (message 116) to said certification authority 108 asking it to certify an attribute, 0126);
sending, from the trusted server and to the client device, the first security protected object (the authentication server can determine what the capability (or capabilities) of the requesting object is/are (i.e. the action or actions authorized for the requesting object) by comparing the attribute or list of attributes with a database of security rules, 0130)(The capabilities may be linked to one or more objects of the community or even to all objects of the community, 0131);
forwarding, by the client device, the first security protected object to the sensor reader; and extracting, by the sensor reader and from the first security protected object, the first data item (“authorize opening the garage door by objects having as attributes the telephone number 06xxxxxxxx and a GPS position within a radius of 300 m of the house”). In this example, the requesting object will have the capability of authorizing opening the garage door if the rule “the telephone number is 06xxxxxxxx and the GPS position is within a radius of 300 m of the house” is satisfied, 0130).

Claim 20:
With respect to claim 20, Hussein et al. discloses further comprising:
verifying, by the trusted server, that the first request command is from a legitimate client device of the sensor reader (To determine a capability or a set of capabilities from attributes, the authentication server can verify the certification of the attributes and, based on a set of rules, determine which capability should be allocated according to the attributes. These capabilities may be predefined from predetermined and associated rules, 0033) (based on attribute, database of security rules, 0130) (“authorize opening the garage door by objects having as attributes the telephone number 06xxxxxxxx and a GPS position within a radius of 300 m of the house”). In this example, the requesting object will have the capability of authorizing opening the garage door if the rule “the telephone number is 06xxxxxxxx and the GPS position is within a radius of 300 m of the house” is satisfied, 0130).

Claim 21:
With respect to claim 21, Hussein et al. disclose wherein the security policy for the identified data is revised based on the first provisioning operation (This updating may also involve updating a database of attributes that lists the attributes of the objects of the community, 0048) (the master object may update an internal database containing a list of objects in the community in order to add the requesting object as a new member of the community. In addition, it is possible to update a database (the same as before or a different database) to indicate the attributes of the new member, for future use, 0166).

Claim 22:
With respect to claim 22, Hussein et al. disclose further comprising:
retrieving, by the client device, a second data item, wherein the second data item is related to the identified data (certification authority signs the attribute and returns it to the requesting object 101 (message 122), 0148) ; and
creating, by the client device, a second security protected object of the second data item; and wherein the second security protected object is sent together with the first security protected object from the client device to the sensor reader (Then the requesting object can send its request for interaction (message 123—corresponding to message 101 in the previous embodiment) to the master object, accompanied by the certified attribute.  This request is then transferred (message 124) to the authentication server 107. the authentication server can thus verify that the attribute has indeed been signed by the certification authority, 0149-0150).


Claim 23:
With respect to claim 23, Hussein et al. disclose further comprising:
extracting, by the sensor reader and from the second security protected object , the second data item (“authorize opening the garage door by objects having as attributes the telephone number 06xxxxxxxx and a GPS position within a radius of 300 m of the house”). In this example, the requesting object will have the capability of authorizing opening the garage door if the rule “the telephone number is 06xxxxxxxx and the GPS position is within a radius of 300 m of the house” is satisfied, 0130).

Claim 24:
With respect to claim 24, Hussein et al. disclose wherein a second request command pertaining to a second provisioning operation to be performed on the identified data at the sensor reader is sent together with the first security protected object (Once the capability is verified, the master object may indicate to the requesting object the address of the internal object 103 which is the subject of a request for interaction, 0173)(Figure 2b) (the requesting object connects directly (message 223) to the internal object 103, as it wishes to interact with the service of the internal object. In message 223, the requesting object attaches the object token (describing its capability transmitted in message 222), 0177) (Figure 2c).



Claim 25:
With respect to claim 25, Hussein et al. disclose further comprising: performing, by the sensor reader, the second provisioning operation, as constrained by the security policy,  on the first data item (The requesting object can thus connect (message 215) to the internal object 103 by using the password or the authentication token and can thus obtain the requested information (message 216), 0174) (the internal object can ask the master object to do the verification for it (message 224). Once verified, the result of this verification is sent to the internal object (message 225), which then decides whether the requested interaction is to be carried out (message 226), 0178).

Claim 26:
With respect to claim 26, Hussein et al. disclose further comprising:
performing, by the sensor reader, the second provisioning operation, as constrained by the security policy, on the second data item (which then decides whether the requested interaction is to be carried out (message 226), 0178).

Claim 27:
With respect to claim 27, Hussein et al. disclose further comprising:
sending, by the sensor reader and to the client device, a confirmation message of the second provisioning operation having been performed (the internal object can ask the master object to do the verification for it (message 224). Once verified, the result of this verification is sent to the internal object (message 225), which then decides whether the requested interaction is to be carried out (message 226), 0178).


Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure, (see PTO Form 892).

Any inquiry concerning this communication or earlier communications from the examiner should be directed to Helai Salehi whose telephone number is 571-270-7468.  The examiner can normally be reached on Monday - Friday from 9 am to 5 pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, Applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.  

If attempts to reach the examiner by telephone are unsuccessful, the examiner's supervisor, Jeff Pwu, can be reached on 571-272-6798.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/HELAI SALEHI/           Examiner, Art Unit 2433               

/JEFFREY C PWU/           Supervisory Patent Examiner, Art Unit 2433