Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Continued Examination Under 37 CFR 1.114
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection.  Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114.  Applicant's submission filed on 04/20/2022 has been entered.
Claims 1-19 are pending and are being considered.
Claims 1, 7, 13 and 15 have been amended.
 
Response to 103 
Applicants arguments filed on 04/20/2022 have been fully considered and are persuasive but are moot in view of new grounds of rejection. the arguments do not apply to the current art being used.

                                               Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The factual inquiries for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.

The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1,4, 5, 7 and 10-18 are rejected under 35 U.S.C. 103 as being unpatentable over Koh et al (hereinafter Koh) (US 20170323542) in view of Lim et al (hereinafter Lim) (US 20030126434) and further in view of Garnier et al (hereinafter Garnier) (US 20200287726).

Regarding claim 1 Koh teaches a method for security of an Internet of things (IoT) device, the method comprising (Koh on [0028] teaches a method of enhancing security of CCTV by using hardware security module);
transmitting, by a server, key information comprising a key value(Koh on [0031 and 0064] teaches a user terminal (i.e. user device) receives encryption key (i.e. key value) and authentication key (i.e. key ID in instant case) from server);
encrypting the generated information by using the extracted key value, and transmitting the encrypted information to the user device (Koh on [0046-0048] teaches the IP camera (i.e. IoT device) takes the moving picture and video data, encrypts it using encryption key and transmits the encrypted information to the user terminal device).
Although Koh teaches generating a key by the server and extracting the encryption key from the server, but fails to explicitly teach a key value determined based on a reliability level of a user device and a key identification (ID) of the key value and extracting, [[by the IoT device]], the key value corresponding to the key ID received from the user device from pre-stored key list information, decrypting the encrypted command by using the extracted key value, executing the decrypted command to generate information requested by the user, wherein access to the IoT device is granted to the user device and various features and controls of the IoT device are accessible to the user device based on the reliability level of the user device, wherein when the IoT device does not recognize the key value in a received message, the IoT device does not respond to the received message, however Lim from analogous art teaches Lim on [0011] generating an encryption key (i.e. key value) corresponding to the security class specified (i.e. level of reliability) in the key ID (i.e. key identification) in response to an encryption key (i.e. key value) generation request from a security manager. See on [0025] teaches the encryption key information (i.e. key value) stored in the meta-information structure includes a key ID (i.e. key ID), a current security class value (i.e. reliability level) of a file. See Fig 3 and text on [0037-0038] teaches generating of encryption keys for corresponding class 2-5 based on key ID 1 to n);
and extracting, [[by the IoT device]], the key value corresponding to the key ID received from the user device from pre-stored key list information (Lim on [0011] teaches extracting from the kernel memory an encryption key corresponding to a security class of a file that a user wants to read or store. See on [0030-0032] teaches the encryption keys are stored in a key file (i.e. key list information) which are then loaded into the kernel memory. See on [0042 and 0064] teaches the user wants to read a file stored, the encryption key can be found or tracked by the security class and key ID (i.e. indicating key value is extracted based on key ID));
decrypting the encrypted command by using the extracted key value (Lim on [0011] teaches decoding or encoding the file by using the extracted encryption key. See on [0034] teaches decodes the extracted encoded file by using an encryption key corresponding to the security class of the file; and provides the decoded file to the user 100. See on [0058] teaches the encryption file system 110 decodes/encodes the file that the user 100 wants to read/store by using the round keys stored in the kernel memory 140 and, then, transfers the decoded file to the terminal of the user 100);
executing the decrypted command to generate information requested by the user (Lim on [0034] teaches decodes the extracted encoded file by using an encryption key corresponding to the security class of the file; and provides the decoded file to the user 100 (i.e. decoded file as information requested by the user). See on [0058] teaches the encryption file system 110 decodes/encodes the file that the user 100 wants to read/store by using the round keys stored in the kernel memory 140 and, then, transfers the decoded file to the terminal of the user 100).
	 
Thus, it would have been obvious to one ordinary skill in the art before the effective filing date to implement the teaching of Lim into the teaching of Koh by determining a key based on a reliability level of a user device, extracting key value and decrypting a command based on the key value. One would be motivated to do so in order to prevent an illegal distribution and an unauthorized use of information by protecting the information based on key value associated with key ID derived from reliability level since the key can be verified based on key ID if it is included in the key list information and using the specific for performing specific task based on reliability level associated with the key (Lim on [0003-0005]).

	The combination fails to explicitly teach wherein access to the IoT device is granted to the user device and various features and controls of the IoT device are accessible to the user device based on the reliability level of the user device, wherein when the IoT device does not recognize the key value in a received message, the IoT device does not respond to the received message, however Garnier from analogous art teaches encrypting, by the user device, a command representing a service requested by a user by using the key value and transmitting the encrypted command and the key ID to the IoT device (Garnier on [0119-0120] teaches the gateway device 106 may be operable to encrypt a communication (i.e. representing service request) (such as message containing data related to a specific Internet of Things device) with the public key of the security credentials and transmitting the encrypted command with a private key to the server 102. See on [0161] teaches transmitting command to IoT devices);
wherein access to the IoT device is granted to the user device and various features and controls of the IoT device are accessible to the user device based on the reliability level of the user device (Garnier on [0029-0030] teaches first level of access allowing reboot of IoT device and second level of access allowing firmware update of IoT device. See on [0150-0155] teaches an access control list (ACL) signed by the root of trust may be sent to the gateway device 106 from the server arrangement 102. The ACL defines the scope permissions to the Internet of Things devices 118 and 120. That is, the ACL defines the scope of allowable actions (i.e. reliability level based on which the gateway device is allowed to control IoT device)  that the gateway device 106 is permitted to instruct the Internet of Things devices 118 and 120 to perform or execute. See on [0155] teaches different users may be given different levels of access to the Internet of Things devices);
wherein when the IoT device does not recognize the key value in a received message, the IoT device does not respond to the received message (Garnier on [0153-0154] teaches the IoT device receives bundle comprising a second token having a public key. The IoT device will only accept the second token containing the public key if the second token is signed using a private key associated with the root of trust (i.e. only accepting the token containing public key if the token is known by the device based on private key), the private key having a matching public key which is embedded in the Internet of Things devices 118 and 120 for performing action (i.e. recognizing the second token containing the public key based on private key)).
Thus, it would have been obvious to one ordinary skill in the art before the effective filing date to implement the teaching of Garnier into the combined teaching of Koh and Lim by allowing the IoT device to perform certain action requested by user device based on key known by the IoT device. One would be motivated to do so in order to establish secure communication channel between IoT device and Gateway device and perform certain operation based on permission level of the gateway device (Garnier on [0010]).
Regarding claim 4 the combination of Koh, Lim and Garnier teaches all the limitations of claim 1 above, Lim further teaches further comprising, before the transmitting of the key value and the key ID to the user device, transmitting, by the server, the key list information to the [[IoT ]]device (Lim on [0032 and 0041] teaches storing the key list information containing the key ID and key value (i.e. which in this case is encryption key and key ID 1 to n) in a memory and the file system 110 reads encryption keys corresponding to their respective key ID stored in the key file (i.e. indicating the key file is transmitted to the memory or disk before the encryption key is accessed by the system))
wherein the transmitting of the key list information further comprises periodically updating the key list information about where a plurality of key IDs are respectively connected to a plurality of key values (Lim Fig 3 and text on [0037-0038] teaches storing key list information comprising number of encryption keys along with their respective key ID and storing the newly generated keys in the list (i.e. updating the list information)).
Thus, it would have been obvious to one ordinary skill in the art before the effective filing date to implement the teaching of Lim into the teaching of Koh by receiving the list of key information before receiving key ID and key value and updating the key list information corresponding to key ID and key value. One would be motivated to do so in order to prevent an illegal distribution and an unauthorized use of information by protecting the information based on key value associated with key ID derived from reliability level since the key can be verified based on key ID if it is included in the key list information and using the specific for performing specific task based on reliability level associated with the key (Lim on [0003-0005]).

Regarding claim 5 the combination of Koh, Lim and Garnier teaches all the limitations of claim 4 above, Lim further teaches wherein the updating comprises correcting a connections between the plurality of key IDs and the plurality of key values (Lim Fig 3 and text on [0037-0038] teaches storing key list information comprising number of encryption keys along with their respective key ID and storing the newly generated keys in the list (i.e. updating the list information). Fig 3 further shows relationship between Class 2-5 encryption keys with key ID 1. See on [0030-0031 and 0047-0049] teaches the encryption file system 110 also generates an encryption key for the user 100 in response to a key generation request from the security manager, and records the generated encryption key in a key file and a newly assigned corresponding key ID in a key ID file (i.e. correcting/updating connection between key ID and key value)).
Thus, it would have been obvious to one ordinary skill in the art before the effective filing date to implement the teaching of Lim into the teaching of Koh by receiving the list of key information before receiving key ID and key value and updating the key list information corresponding to key ID and key value. One would be motivated to do so in order to prevent an illegal distribution and an unauthorized use of information by protecting the information based on key value associated with key ID derived from reliability level since the key can be verified based on key ID if it is included in the key list information and using the specific for performing specific task based on reliability level associated with the key (Lim on [0003-0005]).

Regarding claim 7 Koh teaches A server for security of an Internet of things (IoT) device, the server comprising: (Koh on [0060] teaches a managing server as computer for providing CCTV security connected with IP camera (i.e. IoT device));
and a transceiver configured to, based on control by the processor, transmit the key value and the key ID to the user device (Koh on [0031 and 0064] teaches a user terminal (i.e. user device) receives encryption key (i.e. key value) and authentication key (i.e. key ID in instant case) from server. See on [0087-0088] teaches key information manager 330 (i.e. for transmitting/ receiving key) for managing keys by the server).
Although Koh teaches generating a key by the server and extracting the encryption key used for encryption from server, but fails to explicitly teach a processor configured to generate key information comprising a key value determined based on a reliability level of a user device and a key identification (ID) of the key value, wherein the user device encrypts a command representing a service requested by a user by using the key value and the key ID each determined based on a reliability level thereof and transmits the encrypted command to the IoT device, wherein access to the IoT device is granted to the user device and various features and controls of the IoT device are accessible to the user device based on the reliability level of the user device, wherein when the IoT device does not recognize the key value in a received message, the IoT device does not respond to the received message, however Lim from analogous art teaches a processor configured to generate key information comprising a key value determined based on a reliability level of a user device and a key identification (ID) of the key value (Lim on [0011] generating an encryption key (i.e. key value) corresponding to the security class specified (i.e. level of reliability) in the key ID (i.e. key identification) in response to an encryption key (i.e. key value) generation request from a security manager. See on [0025] teaches the encryption key information (i.e. key value) stored in the meta-information structure includes a key ID (i.e. key ID), a current security class value (i.e. reliability level) of a file. See Fig 3 and text on [0037-0038] teaches generating of encryption keys for corresponding class 2-5 based on key ID 1 to n).
Thus, it would have been obvious to one ordinary skill in the art before the effective filing date to implement the teaching of Lim into the teaching of Koh by determining a key based on a reliability level of a user device, extracting key value and decrypting a command based on the key value. One would be motivated to do so in order to prevent an illegal distribution and an unauthorized use of information by protecting the information based on key value associated with key ID derived from reliability level since the key can be verified based on key ID if it is included in the key list information and using the specific for performing specific task based on reliability level associated with the key (Lim on [0003-0005]).

The combination fails to explicitly teach wherein the user device encrypts a command representing a service requested by a user by using the key value and the key ID each determined based on a reliability level thereof and transmits the encrypted command to the IoT device, wherein access to the IoT device is granted to the user device and various features and controls of the IoT device are accessible to the user device based on the reliability level of the user device, wherein when the IoT device does not recognize the key value in a received message, the IoT device does not respond to the received message, however Garnier from analogous art teaches  wherein the user device encrypts a command representing a service requested by a user by using the key value and the key ID [[each determined based on a reliability level thereof]] and transmits the encrypted command to the IoT device (Garnier on [0119-0120] teaches the gateway device 106 may be operable to encrypt a communication (i.e. representing service request) (such as message containing data related to a specific Internet of Things device) with the public key of the security credentials and transmitting the encrypted command with a private key to the server 102. See on [0161] teaches transmitting command to IoT devices);
wherein access to the IoT device is granted to the user device and various features and controls of the IoT device are accessible to the user device based on the reliability level of the user device (Garnier on [0029-0030] teaches first level of access allowing reboot of IoT device and second level of access allowing firmware update of IoT device. See on [0150-0155] teaches an access control list (ACL) signed by the root of trust may be sent to the gateway device 106 from the server arrangement 102. The ACL defines the scope permissions to the Internet of Things devices 118 and 120. That is, the ACL defines the scope of allowable actions (i.e. reliability level based on which the gateway device is allowed to control IoT device)  that the gateway device 106 is permitted to instruct the Internet of Things devices 118 and 120 to perform or execute. See on [0155] teaches different users may be given different levels of access to the Internet of Things devices);
wherein when the IoT device does not recognize the key value in a received message, the IoT device does not respond to the received message (Garnier on [0153-0154] teaches the IoT device receives bundle comprising a second token having a public key. The IoT device will only accept the second token containing the public key if the second token is signed using a private key associated with the root of trust (i.e. only accepting the token containing public key if the token is known by the device based on private key), the private key having a matching public key which is embedded in the Internet of Things devices 118 and 120 for performing action (i.e. recognizing the second token containing the public key based on private key)).
Thus, it would have been obvious to one ordinary skill in the art before the effective filing date to implement the teaching of Garnier into the combined teaching of Koh and Lim by allowing the IoT device to perform certain action requested by user device based on key known by the IoT device. One would be motivated to do so in order to establish secure communication channel between IoT device and Gateway device and perform certain operation based on permission level of the gateway device (Garnier on [0010]).

Regarding claim 10 the combination of Koh, Lim and Garnier teaches all the limitations of claim 7 above, Lim further teaches wherein the transceiver transmits, to the IoT device, key list information about where a plurality of key IDs are respectively connected to a plurality of key values, based on control by the processor (Lim Fig 3 and text on [0037-0038] teaches storing key list information comprising number of encryption keys along with their respective key ID and storing the newly generated keys in the list (i.e. updating the list information). See on [0032 and 0041] teaches storing the key list information containing the key ID and key value (i.e. which in this case is encryption key and key ID 1 to n) in a memory and the file system 110 reads encryption keys corresponding to their respective key ID stored in the key file (i.e. indicating the key file is transmitted to the memory or disk before the encryption key is accessed by the system)).
Thus, it would have been obvious to one ordinary skill in the art before the effective filing date to implement the teaching of Lim into the teaching of Koh by determining a key based on a reliability level of a user device, extracting key value and decrypting a command based on the key value. One would be motivated to do so in order to prevent an illegal distribution and an unauthorized use of information by protecting the information based on key value associated with key ID derived from reliability level since the key can be verified based on key ID if it is included in the key list information and using the specific for performing specific task based on reliability level associated with the key (Lim on [0003-0005]).
Regarding claim 11 the combination of Koh, Lim and Garnier teaches all the limitations of claim 7 above, Lim further teaches wherein the transceiver transmits periodically-updated key list information to the IoT device on the basis of control by the processor (Lim Fig 3 and text on [0037-0038] teaches storing key list information comprising number of encryption keys along with their respective key ID and storing the newly generated keys in the list (i.e. updating the list information). Fig 3 further shows relationship between Class 2-5 encryption keys with key ID 1. See on [0030-0031 and 0047-0049] teaches the encryption file system 110 also generates an encryption key for the user 100 in response to a key generation request from the security manager, and records the generated encryption key in a key file and a newly assigned corresponding key ID in a key ID file.).
Thus, it would have been obvious to one ordinary skill in the art before the effective filing date to implement the teaching of Lim into the teaching of Koh by determining a key based on a reliability level of a user device, extracting key value and decrypting a command based on the key value. One would be motivated to do so in order to prevent an illegal distribution and an unauthorized use of information by protecting the information based on key value associated with key ID derived from reliability level since the key can be verified based on key ID if it is included in the key list information and using the specific for performing specific task based on reliability level associated with the key (Lim on [0003-0005]).
Regarding claim 12 the combination of Koh, Lim and Garnier teaches all the limitations of claim 7 above, Lim further teaches wherein the processor corrects a connection between the plurality of key IDs and the plurality of key values to 28periodically update the key list information and transmits the updated key list information [[to the IoT device through the transceiver]] (Lim Fig 3 and text on [0037-0038] teaches storing key list information comprising number of encryption keys along with their respective key ID and storing the newly generated keys in the list (i.e. updating the list information). Fig 3 further shows relationship between Class 2-5 encryption keys with key ID 1. See on [0030-0031 and 0047-0049] teaches the encryption file system 110 also generates an encryption key for the user 100 in response to a key generation request from the security manager, and records the generated encryption key in a key file and a newly assigned corresponding key ID in a key ID file.).
Thus, it would have been obvious to one ordinary skill in the art before the effective filing date to implement the teaching of Lim into the teaching of Koh by determining a key based on a reliability level of a user device, extracting key value and decrypting a command based on the key value. One would be motivated to do so in order to prevent an illegal distribution and an unauthorized use of information by protecting the information based on key value associated with key ID derived from reliability level since the key can be verified based on key ID if it is included in the key list information and using the specific for performing specific task based on reliability level associated with the key (Lim on [0003-0005]).

Regarding claim 13 Koh teaches An Internet of things (IoT) device comprising: (Koh on [0015] teaches IP camera (i.e. IoT) equipped with hardware security module);
encrypt the generated information by using the extracted key value, and transmit the encrypted information to the user device through the transceiver (Koh on [0046-0048] teaches encrypting the moving picture (i.e. generated information) the IP camera using encryption key and transmits the encrypted videos data to the user terminal).
Koh fails to explicitly teach a transceiver configured to receive a command, encrypted by using a key value determined based on a reliability level of a user device, and a key identification (ID) of the key value from the user device; a storage medium configured to store key list information about where a plurality of key IDs are respectively connected to a plurality of key values;  and a processor configured to extract the key value, connected to the key ID received through the transceiver, from the key list information, decrypt the encrypted command by using the extracted key value, execute the decrypted command to generate information, encrypt the 6P11812_A02 generated information by using the extracted key value,  and transmit the encrypted information to the user device through the transceiver, wherein access to the IoT device is granted to the user device and various features and controls of the IoT device are accessible to the user device based on the reliability level of the user device, wherein when the IoT device does not recognize the key value in a received message, the IoT device does not respond to the received message, however Lim from analogous art teaches Lim on [0011] generating an encryption key (i.e. key value) corresponding to the security class specified (i.e. level of reliability) in the key ID (i.e. key identification) in response to an encryption key (i.e. key value) generation request from a security manager. See on [0025] teaches the encryption key information (i.e. key value) stored in the meta-information structure includes a key ID (i.e. key ID), a current security class value (i.e. reliability level) of a file. See Fig 3 and text on [0037-0038] teaches generating of encryption keys for corresponding class 2-5 based on key ID 1 to n);
a storage medium configured to store key list information about where a plurality of key IDs are respectively connected to a plurality of key values (Lim Fig 3 and text on [0032 and 0037] teaches generated encryption keys are stored in the key file, and the key file is stored in the disk 130. The encryption keys in the key file are loaded into the kernel memory. FIG. 3 shows the key file in which the encryption keys having key IDs are successively stored);
and a processor configured to extract the key value, connected to the key ID received through the transceiver, from the key list information (Lim on [0011] teaches extracting from the kernel memory an encryption key corresponding to a security class of a file that a user wants to read or store. See on [0030-0032] teaches the encryption keys are stored in a key file (i.e. key list information) which are then loaded into the kernel memory. See on [0038] teaches four encryption keys are generated at one time by the key generation command from the security manager, and the generated encryption keys are successively stored in the key file);
decrypt the encrypted command by using the extracted key value (Lim on [0011] teaches decoding or encoding the file by using the extracted encryption key. See on [0034] teaches decodes the extracted encoded file by using an encryption key corresponding to the security class of the file; and provides the decoded file to the user 100. See on [0058] teaches the encryption file system 110 decodes/encodes the file that the user 100 wants to read/store by using the round keys stored in the kernel memory 140 and, then, transfers the decoded file to the terminal of the user 100).
execute the decrypted command to generate information (Lim on [0034] teaches decodes the extracted encoded file by using an encryption key corresponding to the security class of the file; and provides the decoded file to the user 100 (i.e. decoded file as information requested by the user). See on [0058] teaches the encryption file system 110 decodes/encodes the file that the user 100 wants to read/store by using the round keys stored in the kernel memory 140 and, then, transfers the decoded file to the terminal of the user 100).
Thus, it would have been obvious to one ordinary skill in the art before the effective filing date to implement the teaching of Lim into the teaching of Koh by determining a key based on a reliability level of a user device, extracting key value and decrypting a command based on the key value. One would be motivated to do so in order to prevent an illegal distribution and an unauthorized use of information by protecting the information based on key value associated with key ID derived from reliability level since the key can be verified based on key ID if it is included in the key list information and using the specific for performing specific task based on reliability level associated with the key (Lim on [0003-0005]).

The combination fails to explicitly teach wherein the user device encrypts a command representing a service requested by a user by using the key value and the key ID each determined based on a reliability level thereof and transmits the encrypted command to the IoT device, wherein access to the IoT device is granted to the user device and various features and controls of the IoT device are accessible to the user device based on the reliability level of the user device, wherein when the IoT device does not recognize the key value in a received message, the IoT device does not respond to the received message, however Garnier from analogous art teaches  a transceiver configured to receive a command, encrypted by using a key value (Garnier on [0119-0120] teaches the gateway device 106 may be operable to encrypt a communication (i.e. command) (such as message containing data related to a specific Internet of Things device) with the public key of the security credentials and transmitting the encrypted command with a private key to the server 102. See on [0161] teaches transmitting command to IoT devices);
wherein access to the IoT device is granted to the user device and various features and controls of the IoT device are accessible to the user device based on the reliability level of the user device (Garnier on [0029-0030] teaches first level of access allowing reboot of IoT device and second level of access allowing firmware update of IoT device. See on [0150-0155] teaches an access control list (ACL) signed by the root of trust may be sent to the gateway device 106 from the server arrangement 102. The ACL defines the scope permissions to the Internet of Things devices 118 and 120. That is, the ACL defines the scope of allowable actions (i.e. reliability level based on which the gateway device is allowed to control IoT device)  that the gateway device 106 is permitted to instruct the Internet of Things devices 118 and 120 to perform or execute. See on [0155] teaches different users may be given different levels of access to the Internet of Things devices);
wherein when the IoT device does not recognize the key value in a received message, the IoT device does not respond to the received message (Garnier on [0153-0154] teaches the IoT device receives bundle comprising a second token having a public key. The IoT device will only accept the second token containing the public key if the second token is signed using a private key associated with the root of trust (i.e. only accepting the token containing public key if the token is known by the device based on private key), the private key having a matching public key which is embedded in the Internet of Things devices 118 and 120 for performing action (i.e. recognizing the second token containing the public key based on private key)).
Thus, it would have been obvious to one ordinary skill in the art before the effective filing date to implement the teaching of Garnier into the combined teaching of Koh and Lim by allowing the IoT device to perform certain action requested by user device based on key known by the IoT device. One would be motivated to do so in order to establish secure communication channel between IoT device and Gateway device and perform certain operation based on permission level of the gateway device (Garnier on [0010]).
Regarding claim 14 the combination of Koh, Lim and Garnier teaches all the limitations of claim 13 above, Lim further teaches wherein the processor receives the key list information [[from a server]] through the transceiver and stores the received key list information in the storage medium (Lim Fig 3 and text on [0032 and 0037] teaches generated encryption keys are stored in the key file, and the key file is stored in the disk 130. The encryption keys in the key file are loaded into the kernel memory. FIG. 3 shows the key file in which the encryption keys having key IDs are successively stored and accessed by the file system).
Thus, it would have been obvious to one ordinary skill in the art before the effective filing date to implement the teaching of Lim into the teaching of Koh by determining a key based on a reliability level of a user device, extracting key value and decrypting a command based on the key value. One would be motivated to do so in order to prevent an illegal distribution and an unauthorized use of information by protecting the information based on key value associated with key ID derived from reliability level since the key can be verified based on key ID if it is included in the key list information and using the specific for performing specific task based on reliability level associated with the key (Lim on [0003-0005]).

Regarding claim 15 the combination of Koh, Lim and Garnier teaches all the limitations of claim 14 above, Koh further teaches wherein the processor periodically receives key list information (Koh on [0081] teaches the encryption key stored in hardware security module (230) is discarded and replaced with newly created encryption key at every predetermined cycle through the control of managing server (300). That is, it is highly possible to prevent encryption key from being leaked to others since encryption key is periodically discarded and generated by managing server (i.e. server generates multiple keys and transmit it to hardware security module of IP camera for storage)).
Lim teaches obtained by correcting a connections between a plurality of key IDs and a plurality of key values, from the server through the transceiver and updates the key list information, stored in the storage medium, to key list information about where the connection relationship is corrected (Lim Fig 3 and text on [0037-0038] teaches storing key list information comprising number of encryption keys along with their respective key ID and storing the newly generated keys in the list (i.e. updating the list information). Fig 3 further shows relationship between Class 2-5 encryption keys with key ID 1. See on [0030-0031 and 0047-0049] teaches the encryption file system 110 also generates an encryption key for the user 100 in response to a key generation request from the security manager, and records the generated encryption key in a key file and a newly assigned corresponding key ID in a key ID file).
Thus, it would have been obvious to one ordinary skill in the art before the effective filing date to implement the teaching of Lim into the teaching of Koh by determining a key based on a reliability level of a user device, extracting key value and decrypting a command based on the key value. One would be motivated to do so in order to prevent an illegal distribution and an unauthorized use of information by protecting the information based on key value associated with key ID derived from reliability level since the key can be verified based on key ID if it is included in the key list information and using the specific for performing specific task based on reliability level associated with the key (Lim on [0003-0005]).
Regarding claim 16 the combination of Koh, Lim and Garnier teaches all the limitations of claim 13 above, Lim further teaches wherein the command decrypted by the processor is a kind of a user request service limited based on the reliability level of the user device (Lim on [0011] teaches decoding or encoding the file by using the extracted encryption key. See on [0034] teaches decodes the extracted encoded file by using an encryption key corresponding to the security class of the file; and provides the decoded file to the user 100. See on [0058] teaches the encryption file system 110 decodes/encodes the file that the user 100 wants to read/store (i.e. user request service ) by using the round keys stored in the kernel memory 140 and, then, transfers the decoded file to the terminal of the user 100).
Regarding claim 17 the combination of Koh, Lim and Garnier teaches all the limitations of claim 13 above, Koh further teaches further comprising a camera, wherein the processor encrypts a real-time camera image captured by the camera by using the extracted key value (Koh on [0045-0046] teaches an IP camera (i.e. IoT device) takes moving picture (i.e. upon a request from user) and encrypts the moving picture based on encryption key. For example, the IP camera encrypts raw images photographed video data by using the encryption key (i.e. generating information) stored in the hardware security module in the processes of video compression with predetermined units of encoding levels).
Regarding claim 18 the combination of Koh, Lim and Garnier teaches all the limitations of claim 17 above, Koh further teaches wherein the processor encrypts the real-time camera image captured for a limited time or encrypts the real-time camera image captured without time being limited, based on the reliability level of the user device (Koh on [0045-0046] teaches an IP camera (i.e. IoT device) takes moving picture (i.e. upon a request from user) and encrypts the moving picture based on encryption key. For example, the IP camera encrypts raw images photographed video data by using the encryption key (i.e. generating information) stored in the hardware security module in the processes of video compression with predetermined units of encoding levels. See on [0057] teaches when IP camera (200) encrypts the photographed video data, it is desirable for the IP camera (200) encrypts raw images of photographed video data by using the encryption key stored in the hardware security module in the processes of compressing the raw images of the photographed video data with predetermined units of encoding levels).

Claims 2-3 and 8-9 are rejected under 35 U.S.C. 103 as being unpatentable over Koh et al (hereinafter Koh) (US 20170323542) in view of Lim et al (hereinafter Lim) (US 20030126434), in view of Garnier et al (hereinafter Garnier) (US 20200287726) and further in view of Sah et al (hereinafter Sah) (US 20070261047).

Regarding claim 2 the combination of Koh, Lim and Garnier teaches all the limitations of claim 1 above, Koh further teaches wherein the transmitting of the key 3P11812_A02 information comprises: transmitting the key information, including the key value [[corresponding to the determined reliability level and the key ID of the key value]], to the user device (Koh on [0031 and 0064] teaches a user terminal (i.e. user device) receives encryption key (i.e. key value) and authentication key (i.e. key ID) from server).
determining the reliability level on the basis of the security state information (Lim on [0028] teaches a user is assigned with security class (i.e. reliability level) defined by the encryption file system);
Lim on [0011] generating an encryption key (i.e. key value) corresponding to the security class specified (i.e. level of reliability) in the key ID (i.e. key identification) in response to an encryption key (i.e. key value) generation request from a security manager. See on [0025] teaches the encryption key information (i.e. key value) stored in the meta-information structure includes a key ID (i.e. key ID), a current security class value (i.e. reliability level) of a file. See Fig 3 and text on [0037-0038] teaches generating of encryption keys for corresponding class 2-5 based on key ID 1 to n);

Thus, it would have been obvious to one ordinary skill in the art before the effective filing date to implement the teaching of Lim into the teaching of Koh by determining a key based on a reliability level of a user device, extracting key value and decrypting a command based on the key value. One would be motivated to do so in order to prevent an illegal distribution and an unauthorized use of information by protecting the information based on key value associated with key ID derived from reliability level since the key can be verified based on key ID if it is included in the key list information and using the specific for performing specific task based on reliability level associated with the key (Lim on [0003-0005]).
The combination fails to explicitly teach receiving security state information from the user device, however Sah from analogous art teaches receiving security state information from the user device (Sah on [0039] teaches determining level of trust based on security patch information of operating system).
Thus, it would have been obvious to one ordinary skill in the art before the effective filing date to implement the teaching of Sah into the combined teaching of Koh, Lim and Garnier by determining reliability level based on security patch information of operating system. One would be motivated to do so in order to securely perform data protection and authentication function based on trust level generated based on patch information of the operating system (Sah on [0013]).

Regarding claim 3 the combination of Koh, Lim, Garnier and Sah teaches all the limitations of claim 2 above, Sah further teaches wherein the security state information about the user device comprises at least one of version information about an operating system installed in the user device and version information about a security patch installed in the user device (Sah on [0039] teaches determining level of trust based on security patch information of operating system).
Thus, it would have been obvious to one ordinary skill in the art before the effective filing date to implement the teaching of Sah into the combined teaching of Koh, Lim and Garnier by determining reliability level based on security patch information of operating system. One would be motivated to do so in order to securely perform data protection and authentication function based on trust level generated based on patch information of the operating system (Sah on [0013]).

Regarding claim 8 the combination of Koh, Lim and Garnier teaches all the limitations of claim 7 above, Although Lim teaches key determined based on trust level but fails to explicitly teach wherein the processor determines the reliability level of the user device on the basis of security state information received from the user device through the transceiver, however Sah from analogous art teaches wherein the processor determines the reliability level of the user device on the basis of security state information received from the user device through the transceiver (Sah on [0039] teaches determining level of trust based on security patch information of operating system).
Thus, it would have been obvious to one ordinary skill in the art before the effective filing date to implement the teaching of Sah into the combined teaching of Koh, Lim and Garnier by determining reliability level based on security patch information of operating system. One would be motivated to do so in order to securely perform data protection and authentication function based on trust level generated based on patch information of the operating system (Sah on [0013]).

Regarding claim 9 the combination of Koh, Lim, Garnier and Sah teaches all the limitations of claim 8 above, Sah further teaches wherein the security state information comprises version information about an operating system installed in the user device and version information about a security patch installed in the user device (Sah on [0039] teaches determining level of trust based on security patch information of operating system).
Thus, it would have been obvious to one ordinary skill in the art before the effective filing date to implement the teaching of Sah into the combined teaching of Koh, Lim and Garnier by determining reliability level based on security patch information of operating system. One would be motivated to do so in order to securely perform data protection and authentication function based on trust level generated based on patch information of the operating system (Sah on [0013]).
 
Claim 6 is/are rejected under 35 U.S.C. 103 as being unpatentable over Koh et al (hereinafter Koh) (US 20170323542) in view of Lim et al (hereinafter Lim) (US 20030126434), in view of Garnier et al (hereinafter Garnier) (US 20200287726) and further in view of Kumhyr et al (hereinafter Kumhyr) (US 20180309739).


Regarding claim 6 the combination of Koh, Lim and Garnier teaches all the limitations of claim 1 above, although the combination teaches a key associated with different class, but fails to explicitly teach wherein the encrypted command comprises a command encrypted based on different key values determined based on first to third reliability levels, however Kumhyr from analogous art teaches wherein the encrypted command comprises a command encrypted based on different key values determined based on first to third reliability levels (Kumhyr on [0023, 0031, 0034 and 0049] teaches The network device may then create multilevel encryption keys based on the varied level of trust. The multilevel security program may create different levels of encryption keys amongst parties sharing data with a trusted party when the encryption levels 1-3 are based on the trust between the parties. For example, when data is exchanged within a secured zone, lower levels of encryption may be needed. If data is being exchanged within an unsecured zone, higher levels of encryption between parties may be optimal. Encryption keys are based on the perceived threat of security risk and the encryption keys may include multiple levels of encryption).
Thus, it would have been obvious to one ordinary skill in the art before the effective filing date to implement the teaching of Kumhyr into the combined teaching of Koh, Lim and Garnier by encrypting the command based on different key value determined based on different reliability level. One would be motivated to do so in order to secure communication between device by protecting the data with multilevel encryption keys determined based on the trust level (Kumhyr on [0002]).

Claim 19 is/are rejected under 35 U.S.C. 103 as being unpatentable over Koh et al (hereinafter Koh) (US 20170323542) in view of Lim et al (hereinafter Lim) (US 20030126434), in view of Garnier et al (hereinafter Garnier) (US 20200287726) and further in view of Lu et al (hereinafter Lu) (US 20140022400).

Regarding claim 19 the combination of Koh, Lim and Garnier teaches all the limitations of claim 13 above, the combination fails to explicitly teach wherein, when the reliability level of the user device is optimal, the processor executes the decrypted command to control zoom-in, zoom-out, and rotation of the camera, however Lu from analogous art teaches wherein, when the reliability level of the user device is optimal, the processor executes the decrypted command to control zoom-in, zoom-out, and rotation of the camera (Lu on [0015] teaches IP camera control system 20 includes a computerized code stored in the storage device 22, and when executed by the control device 21, to control the plurality of IP cameras 3 to rotate or zoom in/out. See on [0025-0027] teaches the control module 204 controls the IP camera 3 to rotate according to the movement vector. For example, when the direction of the movement track of the touch point is left, the speed is 1 cm/s, and the distance is 2 cm, the IP camera is controlled to rotate left 2 cm, at the speed of 1 cm/s. In other embodiment, the IP camera 3 is controlled to rotate according to a rate of the movement vector).
Thus, it would have been obvious to one ordinary skill in the art before the effective filing date to implement the teaching of Lu into the combined teaching of Koh, Lim and Garnier by controlling zoom in/out and rotation of camera based on reliability level of the user. One would be motivated to do so in order to control IP camera based on users request and further based on the reliability level being optimal (Lu on [0002]).

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. 
Pulliam (US 20160321887) is directed towards an alert system includes a computer system and several transmitting devices wirelessly connected to the computer system such that operation of a switch on any one of the transmitting devices transmits a signal to the computer system. There is at least one video camera coupled to the computer system. Software running on the computer system initiates capture of video from at least one of the video cameras responsive to detecting receipt of the signal from the any one of the transmitting devices.

Any inquiry concerning this communication or earlier communications from the examiner should be directed to MOEEN KHAN whose telephone number is (571)272-3522. The examiner can normally be reached 7AM-5PM EST M-TH Alternate Fridays.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Shewaye Gelagay can be reached on (571)272-4219. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.



/MOEEN KHAN/Examiner, Art Unit 2436