DETAILED ACTION

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Status of Claims
	Claims 1-2, 5, 7, 10, 13, 17, 19, 21, 23-24, 27, 29-30, 46-49, 51-52 are pending.  Claims 3-4, 6, 8-9, 11-12, 14-16, 18, 20, 22, 25-26, 28, 31-45, 50 are cancelled.

Claim Rejections - 35 USC § 102
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –

(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale, or otherwise available to the public before the effective filing date of the claimed invention.


(a)(2) the claimed invention was described in a patent issued under section 151, or in an application for patent published or deemed published under section 122(b), in which the patent or application, as the case may be, names another inventor and was effectively filed before the effective filing date of the claimed invention.

Claim(s) 1-2 is/are rejected under 35 U.S.C. 102(a)(2) as being anticipated by Loladia et al (US 10,382,203).

Regarding Claim 1:
Loladia teaches a method for associating a device to a user of a service hosted at a remote location (abstract, three-way pairing handshake for internet-of-things (IoT) service, IoT device, and companion application on a mobile device), the method comprising: 
establishing a direct network connection between the device and a user computing device (col 3 line 40-65, companion application and IoT device set to pairing mode to establish short-range wireless communication link); 
generating a key on the user computing device and sending the key to the device (col 10 line 1-18, user supplies login data to companion app; companion app authenticates self to identity service; identity service returns service managed identifier (client ID) recognized by IoT service; col 10 line 19-41, once pairing session is active, companion app sends client ID received from identity service to IoT device over communication link established for pairing session); 
establishing a network connection between the service and the device, wherein the device provides the key to the service (col 10 line 19-41, the IoT device generates a token request message to send to the IoT service over a second communication link (e.g., using an MQTT or HTTP message sent over a wireless network connection); the request may include the client ID received over the first communication link and a device identifier (device ID) representing the IoT device; col 11 line 24-41, IoT device establishes independent connection with IoT service); and
sending a request to the service to associate with the device, and wherein the request includes the key to establish a network connection between the user computing device and the service, wherein the request includes the key (col 10 line 42-col 11 line 10, IoT service generates token which includes device ID and client ID received from IoT device; IoT service sends token to IoT device; IoT device sends token to companion app over first communication link; companion app sends token and client ID as part of pairing request to IoT service; col 4 line 41-53, mobile device connected to local network including Internet uplink, allowing mobile device to communicate with cloud computing platform including IoT service; col 16 line 43-67, link established between application (i.e. “companion app”) and IoT service); 
wherein the service is associated with the device in response to the request if the key provided by the user computing device matches the key provided by the device (col 10 line 55-col 11 line 10, IoT service validates token in pairing request, including extracting client ID and device ID received from IoT device from token and comparing to client ID and device ID in pairing request; if client IDs match, IoT device is associated with client ID and paired with companion app of mobile device).

Regarding Claim 2:
Loladia teaches the method of claim 1.  In addition, Loladia teaches the method further comprising placing the device into an enrollment mode (col 10 line 19-41, user initiates pairing mode on IoT device).

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 5, 13 is/are rejected under 35 U.S.C. 103 as being unpatentable over Loladia, and further in view of Tschofenig et al (PGPUB 2017/0359338).

Regarding Claim 5:
Loladia teaches the method of claim 1.  In addition, Loladia teaches wherein generating a key on the user computing device and sending the key to the device includes generating a message including the key, and sending the message to the device (col 10 line 19-41, once pairing session is active, companion app sends client ID received from identity service to IoT device over communication link established for pairing session).
Loladia does not explicitly teach generating a message including information for the device to connect to the service, and sending the message to the device.
However, Tschofenig teaches the concept of generating a message including information for a device to connect to a service, and sending the message to the device (abstract, authentication device used to create secure connection between Internet of Things device and service provider; paragraph 38, aim of the discovery step is to tell the IoT device what service provider it is required to establish a link with; the user provides information about the service provider via the authentication device to the IoT device; paragraph 61, 67, prior to the registration exchanges a discovery phase takes place; during this discovery phase the IoT device learns what service provider to establish a link with).
It would have been obvious to one or ordinary skill in the art before the effective filing date of the claimed invention to combine the information message teachings of Tschofenig with the Internet-of-things device association teachings of Loladia, in order to allow a user to specify which service to connect to using an IoT device, as well as provide a new device with the necessary information to connect to a service regardless of whether the service information is preloaded on the IoT device, thereby improving compatibility and user experience.

Regarding Claim 13:
Loladia teaches a method for associating a device to a user of a service hosted at a remote location (abstract, three-way pairing handshake for internet-of-things (IoT) service, IoT device, and companion application on a mobile device), the method for the device comprising: 
connecting to a user computing device via a direct network connection (col 3 line 40-65, companion application and IoT device set to pairing mode to establish short-range wireless communication link); 
receiving a message from the user computing device, wherein the message includes a generated key (col 10 line 1-18, user supplies login data to companion app; companion app authenticates self to identity service; identity service returns service managed identifier (client ID) recognized by IoT service; col 10 line 19-41, once pairing session is active, companion app sends client ID received from identity service to IoT device over communication link established for pairing session);
establishing a network connection to the service (col 10 line 19-41, the IoT device generates a token request message to send to the IoT service over a second communication link (e.g., using an MQTT or HTTP message sent over a wireless network connection); the request may include the client ID received over the first communication link and a device identifier (device ID) representing the IoT device; col 11 line 24-41, IoT device establishes independent connection with IoT service); and, 
providing the generated key to the service (col 10 line 19-41, the request may include the client ID received over the first communication link and a device identifier (device ID) representing the IoT device); 
wherein the device is associated with the user computing device in response to a determination by the service that the generated key provided by the device to the service via the network connection matches the key that the service receives from the user computing device (col 10 line 55-col 11 line 10, IoT service validates token in pairing request, including extracting client ID and device ID received from IoT device from token and comparing to client ID and device ID in pairing request; if client IDs match, IoT device is associated with client ID and paired with companion app of mobile device).
Loladia does not explicitly teach wherein the message includes information required for the device to connect to the service.
However, Tschofenig teaches the concept wherein a message includes information required for a device to connect to a service (abstract, authentication device used to create secure connection between Internet of Things device and service provider; paragraph 38, aim of the discovery step is to tell the IoT device what service provider it is required to establish a link with; the user provides information about the service provider via the authentication device to the IoT device; paragraph 61, 67, prior to the registration exchanges a discovery phase takes place; during this discovery phase the IoT device learns what service provider to establish a link with).
It would have been obvious to one or ordinary skill in the art before the effective filing date of the claimed invention to combine the information message teachings of Tschofenig with the Internet-of-things device association teachings of Loladia, in order to allow a user to specify which service to connect to using an IoT device, as well as provide a new device with the necessary information to connect to a service regardless of whether the service information is preloaded on the IoT device, thereby improving compatibility and user experience.

Claims 7, 19 is/are rejected under 35 U.S.C. 103 as being unpatentable over Loladia in view of Tschofenig, and further in view of Kim et al (PGPUB 2020/0275249)

Regarding Claim 7:
Loladia in view of Tschofenig teaches the method of claim 5.
Neither Loladia nor Tschofenig explicitly teaches the method further comprising: 
requesting the device for a public encryption key; 
encrypting the message by the user computing device prior to sending the message to the device; and, 
decrypting the message by the device using a private encryption key.
However, Kim teaches the concept of a method comprising: 
requesting a device for a public encryption key (paragraph 135-140, second device requests public key KPU of user of first device; first device transmits public key KPU to second device); 
encrypting a message by a user computing device prior to sending the message to the device (paragraph 135-140, in operation, second device encrypts data with public key KPU and transmits encrypted information to first device); and, 
decrypting the message by the device using a private encryption key (paragraph 135-140, first device decrypts encrypted information with private key KPR of user of first device).
It would have been obvious to one or ordinary skill in the art before the effective filing date of the claimed invention to combine the public key encryption teachings of Kim with the Internet-of-things device association teachings of Loladia in view of Tschofenig, in order to incorporate the well-known advantages of public-key encryption techniques, such as assuring integrity, identity, and confidentiality, while preventing exposure of secret key materials during key transfer.

Regarding Claim 19:
Loladia in view of Tschofenig teaches the method of claim 13.
Neither Loladia nor Tschofenig explicitly teaches the method further comprising: 
a. sending a public encryption key of the device to the user computing device upon request by the user computing device; and, 
b. decrypting the message using a private encryption key.
However, Kim teaches a method comprising: 
a. sending a public encryption key of a device to a user computing device upon request by the user computing device (paragraph 135-140, second device requests public key KPU of user of first device; first device transmits public key KPU to second device); and, 
b. decrypting a message using a private encryption key (paragraph 135-140, in operation, second device encrypts data with public key KPU and transmits encrypted information to first device; paragraph 135-140, first device decrypts encrypted information with private key KPR of user of first device).
It would have been obvious to one or ordinary skill in the art before the effective filing date of the claimed invention to combine the public key encryption teachings of Kim with the Internet-of-things device association teachings of Loladia in view of Tschofenig, in order to incorporate the well-known advantages of public-key encryption techniques, such as assuring integrity, identity, and confidentiality, while preventing exposure of secret key materials during key transfer.

Claim 10 is/are rejected under 35 U.S.C. 103 as being unpatentable over Loladia, and further in view of Tanner (PGPUB 2009/0006636).

Regarding Claim 10:
Loladia teaches the method of claim 1.  In addition, Loladia teaches wherein the service is an Internet-based service (col 4 line 41-53, mobile device connected to local network including Internet uplink, allowing mobile device to communicate with cloud computing platform including IoT service; IoT service accessed over Internet, and is therefore Internet based service).
Loladia does not explicitly teach wherein the key includes a randomly generated alphanumeric string.
However, Tanner teaches the concept wherein a key includes a randomly generated alphanumeric string (paragraph 20, registration keys defined to determine how to register a device; registration keys may be formulated according to any suitable unique identification method, e.g. randomly generated alphanumeric string).
It would have been obvious to one or ordinary skill in the art before the effective filing date of the claimed invention to combine the randomly generated alphanumeric string teachings of Tanner with the Internet-of-things device association teachings of Loladia.  It is well-known in the art to generate codes using alphanumeric strings; at a certain level of abstraction, every computer code implemented on a modern computer system, using binary, can be considered an alphanumeric string.  Therefore, it would at least be obvious to a person of ordinary skill in the art to rely on the default means of representing computer data.  Further, randomly generated strings provide the benefit of increasing the entropy of the code thereby making it more difficult for an attacker to impersonate or guess the code, and improving the security environment.

Claim 17 is/are rejected under 35 U.S.C. 103 as being unpatentable over Loladia in view of Tschofenig, and further in view of Queralt et al (PGPUB 2018/0097640).

Regarding Claim 17:
Loladia in view of Tschofenig teaches the method of claim 13.
Neither Loladia nor Tschofenig explicitly teaches the method further comprising opening a device-based service, wherein the device-based service is a web server that is configured to process the message from the user.
However, Queralt teaches the concept of a method comprising opening a device-based service, wherein the device-based service is a web server that is configured to process a message from a user (paragraph 70-71, user device including app for accessing service; app activated to transmit a request received by relying party web server; relying party web server then requests authentication from FIDO server).
It would have been obvious to one or ordinary skill in the art before the effective filing date of the claimed invention to combine the web server teachings of Queralt with the Internet-of-things device association teachings of Loladia in view of Tschofenig, in order to utilize common and well-understood structures for communicating over a network, such as web servers or services, to improve compatibility between various devices.

Claims 21, 24 is/are rejected under 35 U.S.C. 103 as being unpatentable over Loladia, and further in view of Yu (PGPUB 2020/0145372).

Regarding Claim 21:
Loladia teaches a device associated to a user of a service hosted at a remote location (abstract, three-way pairing handshake for internet-of-things (IoT) service, IoT device, and companion application on a mobile device), the device comprising: 
a network connection (paragraph 41, network connection);
a wiring device, the wiring device comprising a device-based service to (EXAMINER’S NOTE: Applicant’s specification does not give a definition of “wiring device”, but gives as examples elements 200, 210, 220, and 230 as shown in [0018] and Fig. 1; Applicant further describes elements 210, 220, and 230 as a “circuit breaker”, “receptacle”, and an “occupancy sensor” in [0029]; Examiner shall therefore interpret a “wiring device” as a similar device related to household electrical service; paragraph 2, “Internet-of-Things” devices include network-connected thermostats, light bulbs, power switches, etc.):
establish a first communication link to make a direct network connection to a user computing device (col 3 line 40-65, companion application and IoT device set to pairing mode to establish short-range wireless communication link), wherein a message is received from the user computing device after the user computing device joins the peer-to-peer network (col 10 line 19-41, once pairing session is active, companion app sends client ID received from identity service to IoT device over communication link established for pairing session); 
wherein the message includes a generated key (col 10 line 1-18, user supplies login data to companion app; companion app authenticates self to identity service; identity service returns service managed identifier (client ID) recognized by IoT service; col 10 line 19-41, once pairing session is active, companion app sends client ID received from identity service to IoT device over communication link established for pairing session); and, 
establish a second communication link to connect to the service, wherein the device provides the generated key to the service via the second communication link (col 10 line 19-41, the IoT device generates a token request message to send to the IoT service over a second communication link (e.g., using an MQTT or HTTP message sent over a wireless network connection); the request may include the client ID received over the first communication link and a device identifier (device ID) representing the IoT device; col 11 line 24-41, IoT device establishes independent connection with IoT service); 
wherein the device is associated with the user computing device in response to a determination by the service that the generated key provided by the device to the service via the second communication link matches the key that the service receives from the user computing device (col 10 line 55-col 11 line 10, IoT service validates token in pairing request, including extracting client ID and device ID received from IoT device from token and comparing to client ID and device ID in pairing request; if client IDs match, IoT device is associated with client ID and paired with companion app of mobile device).
Loladia does not explicitly teach the device-based service to: to start a peer-to-peer network.
However, Yu teaches the concept of a device-based service to: start a peer-to-peer network (paragraph 13-14, subscriber access device provides service set identifier in advertisement; multiple clients connect to subscriber access device connected through service set, i.e. first/second/third/etc. communication links); and
advertise the peer-to-peer network (paragraph 13-14, subscriber access device provides service set identifier in advertisement).
It would have been obvious to one or ordinary skill in the art before the effective filing date of the claimed invention to combine the communication link advertisement teachings of Yu with the Internet-of-things device association teachings of Loladia, in order to provide the means to automatically generate a peer-to-peer network, relying on ad hoc device advertisements to allow devices to determine the appropriate configuration without requiring user input, thereby allowing multiple clients to connect to a network independently.

Regarding Claim 24:
Loladia in view of Yu teaches the device of claim 21.  In addition, Loladia teaches wherein the device is placed into an enrollment mode (col 10 line 19-41, user initiates pairing mode on IoT device), and 
Yu teaches wherein the device advertises an identification of the peer-to-peer network so the user computing device can join the peer-to-peer network of the device (paragraph 13-14, advertisement of service set identifiers (SSID)).
The rationale to combine Loladia and Yu is the same as provided for claim 21 due to the overlapping subject matter between claims 21 and 24.

Claim 23 is/are rejected under 35 U.S.C. 103 as being unpatentable over Loladia in view of Yu, and further in view of Tschofenig.

Regarding Claim 23:
Loladia in view of Yu teaches the device of claim 21.  In addition, Lolatia teaches wherein the device is one of a load control device, a switch, a dimmer, a fan, a receptacle, a ground fault circuit interrupter, an arc fault circuit interrupter, ground fault protection equipment, a home automation device, a smart home device, an "Internet of Things" device (abstract, IoT device), an audio/video device, a security device, an occupancy sensor, a surge protective device, a Universal Serial Bus device, a circuit breaker, a circuit breaker controller, and a circuit breaker aggregator.
Neither Loladia nor Yu explicitly teaches wherein the message further includes information required for the device to connect to the service.
However, Tschofenig teaches the concept wherein a message includes information required for a device to connect to a service (abstract, authentication device used to create secure connection between Internet of Things device and service provider; paragraph 38, aim of the discovery step is to tell the IoT device what service provider it is required to establish a link with; the user provides information about the service provider via the authentication device to the IoT device; paragraph 61, 67, prior to the registration exchanges a discovery phase takes place; during this discovery phase the IoT device learns what service provider to establish a link with).
It would have been obvious to one or ordinary skill in the art before the effective filing date of the claimed invention to combine the information message teachings of Tschofenig with the Internet-of-things device association teachings of Loladia and Yu, in order to allow a user to specify which service to connect to using an IoT device, as well as provide a new device with the necessary information to connect to a service regardless of whether the service information is preloaded on the IoT device, thereby improving compatibility and user experience.

Claim 27 is/are rejected under 35 U.S.C. 103 as being unpatentable over Loladia in view of Yu, and further in view of Queralt.

Regarding Claim 27:
Loladia in view of Yu teaches the device of claim 21.
Neither Loladia nor Yu explicitly teaches wherein the device further comprises a device-based service, wherein the device-based service is a web server that is configured to start up on the peer-to-peer network and to process the message from the user computing device.
However, Queralt teaches wherein a device further comprises a device-based service, wherein the device-based service is a web server that is configured to start up on a peer-to-peer network and to process a message from a user computing device (paragraph 70-71, user device including app for accessing service; app activated to transmit a request received by relying party web server; relying party web server then requests authentication from FIDO server).
It would have been obvious to one or ordinary skill in the art before the effective filing date of the claimed invention to combine the web server teachings of Queralt with the Internet-of-things device association teachings of Loladia in view of Yu, in order to utilize common and well-understood structures for communicating over a network, such as web servers or services, to improve compatibility between various devices.

Claim 29 is/are rejected under 35 U.S.C. 103 as being unpatentable over Loladia in view of Yu and Queralt, and further in view of Vandenheste (PGPUB 2019/0021133).

Regarding Claim 29:
Loladia in view of Yu and Queralt teaches the device of claim 27.
Neither Loladia nor Yu nor Queralt explicitly teaches wherein the peer-to-peer network is disconnected after the device receives the message from the user computing device, and wherein the device-based service shuts down when peer-to-peer network is disconnected.
However, Vandenheste teaches the concept wherein a peer-to-peer network is disconnected after a device receives a message from a user computing device, and wherein a device-based service shuts down when the peer-to-peer network is disconnected (paragraph 26, method for controlling wireless communication between a mobile device and a IoT device; comprising maintaining a wireless connection for a period of time, and terminating the wireless connection in response to the elapse of the period of time; the period of time is determined dynamically based on the operation status associated with the mobile device and/or the IoT device; the operation status includes one or more of: a power level of the mobile device, a power level of the electronic device, an operating state of the mobile device, an operating state of the electronic device, a time or period of connection or disconnection between the mobile device and the electronic device, an application running actively on the mobile device or in a background of the mobile device; paragraph 39, upon enabling wireless connection, information is transferred between mobile device and electronic device; paragraph 41, wireless connection is terminated in response to a timeout event).
It would have been obvious to one or ordinary skill in the art before the effective filing date of the claimed invention to combine the connection termination teachings of Vandenheste with the Internet-of-things device association teachings of Loladia in view of Yu and Queralt, in order to conserve device power and resources by termination a connection once said connection was no longer in use, which would be beneficial in an environment comprising mobile devices and Internet of Things devices, many of which rely on battery power to function.

Claim 30 is/are rejected under 35 U.S.C. 103 as being unpatentable over Loladia in view of Yu, and further in view of Kim.

Regarding Claim 30:
Loladia in view of Yu teaches the device of claim 21.
Neither Loladia nor Yu explicitly teaches the device further comprising a private encryption key and a public encryption key of the device, wherein the device sends the public encryption key to the user computing device to receive the message, and wherein the device uses the private encryption key to decrypt the message.
However, Kim teaches a device further comprising a private encryption key and a public encryption key of the device (paragraph 135-140, first device public key KPU and private key KPR), wherein the device sends the public encryption key to a user computing device to receive a message (paragraph 135-140, second device requests public key KPU of user of first device; first device transmits public key KPU to second device), and wherein the device uses the private encryption key to decrypt the message (paragraph 135-140, first device decrypts encrypted information with private key KPR of user of first device).
It would have been obvious to one or ordinary skill in the art before the effective filing date of the claimed invention to combine the public key encryption teachings of Kim with the Internet-of-things device association teachings of Loladia in view of Yu, in order to incorporate the well-known advantages of public-key encryption techniques, such as assuring integrity, identity, and confidentiality, while preventing exposure of secret key materials during key transfer.

Claims 46, 48-49, 51 is/are rejected under 35 U.S.C. 103 as being unpatentable over Loladia, and further in view of Chu et al (US 9,002,750).

Regarding Claim 46:
Loladia teaches a method for associating a device to a user of a service hosted at a remote location (abstract, three-way pairing handshake for internet-of-things (IoT) service, IoT device, and companion application on a mobile device), the method for the service comprising: 
connecting to the device via a first communication link (col 10 line 19-41, the IoT device generates a token request message to send to the IoT service over a second communication link (e.g., using an MQTT or HTTP message sent over a wireless network connection); the request may include the client ID received over the first communication link and a device identifier (device ID) representing the IoT device; col 11 line 24-41, IoT device establishes independent connection with IoT service); 
receiving a first key from the device via the first communication link (col 10 line 19-41, the request may include the client ID received over the first communication link and a device identifier (device ID) representing the IoT device); 
connecting to the user computing device via a second communication link (col 10 line 42-col 11 line 10, IoT service generates token which includes device ID and client ID received from IoT device; IoT service sends token to IoT device; IoT device sends token to companion app over first communication link; companion app sends token and client ID as part of pairing request to IoT service; col 4 line 41-53, mobile device connected to local network including Internet uplink, allowing mobile device to communicate with cloud computing platform including IoT service; col 16 line 43-67, link established between application (i.e. “companion app”) and IoT service); 
receiving, from a user computing device, a request for the user to associate with the device, wherein the request includes a second key (col 10 line 42-col 11 line 10, IoT service generates token which includes device ID and client ID received from IoT device; IoT service sends token to IoT device; IoT device sends token to companion app over first communication link; companion app sends token and client ID as part of pairing request to IoT service); and, 
comparing the first key received from the device via the first communication link and the second key received from the user computing device via the second communication link, wherein the service makes an association between the device and the user if the first and second keys are the same (col 10 line 55-col 11 line 10, IoT service validates token in pairing request, including extracting client ID and device ID received from IoT device from token and comparing to client ID and device ID in pairing request; if client IDs match, IoT device is associated with client ID and paired with companion app of mobile device).
Loladia does not explicitly teach the first key, randomly generated by the user computing device.
However, Chu teaches the concept of a first key, randomly generated by a user computing device (abstract, secure authentication using one-time password application pre-stored on a device; col 16 line 20-51, Fig. 3, web site verifier function of the one-time password application is pre-stored on the first computing device, such as the user's handheld email device, PDA, or mobile phone 14, for generating a valid random challenge code on the first computing device responsive to receiving entry of the valid PIN value on the first computing device; at S12, a web site verifier function of the shared secret for the user is pre-stored on the back-end server 16 for generating a valid response code responsive to receiving entry of a valid challenge code from a second computing device, such as the user's PC 12; at S13, entry of a purported PIN value and a selection by the user 10 of the web site verifier function are received on the first computing device 14, in response to which, at S14, a random challenge code for mutual authentication of a web site for the user 10 is generated by the challenge web site function on the first computing device 14 of the user; at S15, entry of the challenge code is received and validated by the back-end server 16 from the second computing device 12, responsive to which, at S16, the back-end server 16 cryptographically calculates a response code based on the challenge code and displays the calculated response code on the second computing device 12; at S16, entry of the displayed response code is received on the first computing device 14, in response to which, at S17, an affirmative indicator is displayed on the first computing device 14, if the entered response code corresponds to the generated challenge code by the web-site verifier function on the first computing device 14; otherwise, a negative indicator is displayed on the first computing device 14 if the entered response code fails to correspond to the generated challenge code).
It would have been obvious to one or ordinary skill in the art before the effective filing date of the claimed invention to combine the randomly generated user device password teachings of Chu with the Internet-of-things device association teachings of Loladia.  Randomly generated strings provide the benefit of increasing the entropy of the code thereby making it more difficult for an attacker to impersonate or guess the code, and improving the security environment

Regarding Claim 48:
Loladia in view of Chu teaches the method of claim 46.  In addition, Loladia teaches wherein the service is an Internet based service (col 4 line 41-53, mobile device connected to local network including Internet uplink, allowing mobile device to communicate with cloud computing platform including IoT service; IoT service accessed over Internet, and is therefore Internet based service).

Regarding Claim 49:
Loladia in view of Chu teaches the method of claim 46.  In addition, Loladia teaches wherein the first communication link connects the device to the service via a premise network (col 4 line 41-53, IoT device connected to local network including Internet uplink, allowing IoT device to communicate with cloud computing platform), wherein the second communication link connects the user computing device to the service via the premise network (col 4 line 41-53, mobile device connected to local network including Internet uplink, allowing mobile device to communicate with cloud computing platform), and wherein the premise network is one of a wireless network, a cellular network, and a hardwired network (col 4 line 41-53, local network, e.g. wireless network).

Regarding Claim 51:
Loladia in view of Chu teaches the method of claim 46.  In addition, Loladia teaches wherein the first and second keys are the same key (col 10 line 55-col 11 line 10, IoT service validates token in pairing request, including extracting client ID and device ID received from IoT device from token and comparing to client ID and device ID in pairing request; if client IDs match, IoT device is associated with client ID and paired with companion app of mobile device); and
Chu teaches wherein the key is a randomly generated key (col 16 line 20-51, Fig. 3).
The rationale to combine Loladia and Chu is the same as provided for claim 46 due to the overlapping subject matter between claims 46 and 51.

Claim 52 is/are rejected under 35 U.S.C. 103 as being unpatentable over Loladia in view of Chu, and further in view of Tanner.

Regarding Claim 52:
Loladia in view of Chu teaches the method of claim 46.
Neither Loladia nor Chu explicitly teaches wherein the first and second keys include an alphanumeric string.
However, Tanner teaches the concept wherein first and second keys include an alphanumeric string (paragraph 20, registration keys defined to determine how to register a device; registration keys may be formulated according to any suitable unique identification method, e.g. randomly generated alphanumeric string).
It would have been obvious to one or ordinary skill in the art before the effective filing date of the claimed invention to combine the randomly generated alphanumeric string teachings of Tanner with the Internet-of-things device association teachings of Loladia in view of Chu.  It is well-known in the art to generate codes using alphanumeric strings; at a certain level of abstraction, every computer code implemented on a modern computer system, using binary, can be considered an alphanumeric string.  Therefore, it would at least be obvious to a person of ordinary skill in the art to rely on the default means of representing computer data.

Response to Arguments
Applicant's arguments filed 2/10/2022 have been fully considered but they are not persuasive.

Regarding the rejection of claims under 35 USC 101:
Applicant’s amendments have overcome the prior 35 USC 101 rejection.  Therefore, the rejection is withdrawn.

Regarding the rejection of claims under 35 USC 102:
Applicant’s arguments: The Office action equates, for the purposes of the rejection, the IoT device of Loladia with the device in claim 1, the companion app of Loladia with the user computing device in claim 1, and the IoT service of Loladia with the service in claim 1. Loladia describes a key generated by the service but not a key generated by the companion app. 
For anticipation, the identical invention must be shown in as complete detail as is contained in the claim. Thus, Loladia fails to anticipate amended independent claims 1. For similar reasons, Loladia fails to anticipate claims dependent on amended independent claims 1.

Examiner’s response: Loladia shows the Client ID (herein seen as the claimed “key”) being produced by an identity service at the request of the companion app (e.g. col 10 line 1-18).  As applicant has placed no defining limitations on what comprises “generated” in claim 1, a user device comprising an application which accesses a component module (remotely or otherwise) to produce a key can be seen as “generated” by the application.  Loladia, in describing the pairing workflow of Fig. 5 (e.g. col 10 line 1-41), does not disclose whether the particular identity service 510 is a part of the IoT service 520.  As a result, the identity service can be seen as part of a user device system.  Therefore, Loladia does teach a key “generated” by the companion app.

Applicant’s arguments: With regards to amended independent claim 46, the Office action fails to establish a prima facie case of anticipation for the independent claims because Loladia fails to describe, either expressly or inherently, "each and every element as set forth in the claim". In particular, Loladia fails to describe receiving a first key, randomly generated by the user computing device, from the device via the first communication link and comparing the first key received from the device via the first communication link and the second key received from the user computing device via the second communication link. 
The Office action equates, for the purposes of the rejection, the IoT device of Loladia with the device in claim 46, the companion app of Loladia with the user computing device in claim 46, and the IoT service of Loladia with the service in claim 46. Loladia describes companion app receiving the client ID from a third-party service, the companion app providing the client ID to the IoT device, and a token generated by the IoT service provided to the IoT device. The IoT device provides the token and to the companion app and the companion app, in a request sent to the IoT service, provides the token along with a client ID and a device ID. In Loladia, the IoT service can compare the client ID and the device ID to the content of the token for authentication, both of which are received in the request from the companion app. 
Loladia fails to receive the first key, randomly generated by the user computing device, from the device via the first communication link and fails to describe comparing the first key received from the device via the first communication link and the second key received from the user computing device via the second communication link
For anticipation, the identical invention must be shown in as complete detail as is contained in the claim.5 Thus, Loladia fails to anticipate amended independent claims 46. For similar reasons, Loladia fails to anticipate claims dependent on amended independent claims 46.
Applicant argues that the rejection of claim 47 is moot based on the cancelation of the claim 47 in the above amendments.

Examiner’s response: However, Loladia does teach receiving the first key from the device via the first communication link (e.g. col 10 line 19-41) and comparing the first key to the second key received from the user computing device via the second communication link (col 10 line 55-col 11 line 10).  The only element missing from Loladia is that the first key is randomly generated by the user computing device.  However, a new ground(s) for rejection is provided above which does teach this feature, as added by amendment.

Regarding the rejection of claims under 35 USC 102:
Applicant’s arguments: With regard to amended independent claim 13, the combination of Loladia and further in view of Tschofenig fails to establish a prima facie case of obviousness because the combination fails to teach or suggest all of Applicant's claim limitations. In particular, the combination fails to teach or suggest wherein the device is associated with the user computing device in response to a determination by the service that the generated key provided by the device to the service via the network connection matches the key that the service receives from the user computing device. 
The Office action equates, for the purposes of the rejection, the IoT device of Loladia with the device in claim 46, the companion app of Loladia with the user computing device in claim 46, and the IoT service of Loladia with the service in claim 46. Loladia describes companion app receiving the client ID from a third-party service, the companion app providing the client ID to the IoT device, and a token generated by the IoT service provided to the IoT device. The IoT device provides the token and to the companion app and the companion app, in a request sent to the IoT service, provides the token along with a client ID and a device ID.
In Loladia, the IoT service can compare the client ID and the device ID to the content of the token for authentication, both of which are received in the request from the companion app. 
The Office action cites Tschofenig to teach the concept wherein a message includes information required for a device to connect to a service. 
The combination of Loladia and further in view of Tschofenig teaches comparison by the IoT service in Loladia of the token with he client ID and device ID, all of which are received from the companion app via the communication link of the companion app. The amended independent claim, however, describes provision of the generated key via a network connection directly between the device and the service and states that the device is associated with the user computing device in response to a determination by the service that the generated key provided by the device to the service via the network connection matches the key that the service receives from the user computing device. The combination of Loladia and further in view of Tschofenig fails to teach or suggest that the device is associated with the user computing device in response to a determination by the service that the generated key provided by the device to the service via the network connection matches the key that the service receives from the user computing device.

Examiner’s response: As discussed with regard to claim 1, above, Loladia teaches a generated key (i.e. the “Client ID”).  Further, Loladia does teach that the device is associated with the user computing device in response to a determination by the service that the generated key provided by the device to the service via the network connection matches the key that the service receives from the user computing device.  Loladia (e.g. col 10 line 19-col 11 line 10) teaches that the companion app sends the client ID to the IoT device.  The IoT device then generates a token request message to the IoT service over a second communication link including the client ID (i.e. “the generated key provided by the device to the service via the network connection”).  The IoT service generates a token including the client ID, sends it to the IoT device, which sends it to the companion app.  The companion app sends the token and includes an additional client ID as part of a pairing request to the IoT service; the additional client ID can be seen as “the key that the service receives from the user computing device”.  Loladia explicitly states that “provided the key successfully decrypts the token, the IoT service compares the client ID and device ID recovered from the encrypted token with the client ID and device ID included with the pairing request” (col 10 line 65-col 11 line 2).  Therefore, Loladia teaches wherein the device is associated with the user computing device in response to a determination by the service that the generated key provided by the device to the service via the network connection matches the key that the service receives from the user computing device.
The Office action equates, for the purposes of the rejection, the IoT device of Loladia with the device in claim 46, the companion app of Loladia with the user computing device in claim 46, and the IoT service of Loladia with the service in claim 46. Loladia describes companion app receiving the client ID from a third-party service, the companion app providing the client ID to the IoT device, and a token generated by the IoT service provided to the IoT device. The IoT device provides the token and to the companion app and the companion app, in a request sent to the IoT service, provides the token along with a client ID and a device ID. In Loladia, the IoT service can compare the client ID and the device ID to the content of the token for authentication, both of which are received in the request from the companion app. 
The Office action cites Yu to teach the concept of a first communication link to start a peer-to-peer network. 
The combination of Loladia and further in view of Yu teaches comparison by the IoT service in Loladia of the token with the client ID and device ID, all of which are received from the companion app via the communication link of the companion app. The amended independent claim, however, describes provision of the generated key via the second communication link directly between the device and the service and states that the device is associated with the user computing device in response to a determination by the service that the generated key provided by the device to the service via the second communication link matches the key that the service receives from the user computing device. The combination of Loladia and further in view of Yu fails to teach or suggest that the device is associated with the user computing device in response to a determination by the service that the generated key provided by the device to the service via the second communication link matches the key that the service receives from the user computing device. 
For obviousness, the modification or combination must teach or suggest all of Applicants' claim limitations.9 Thus, the combination of Loladia and further in view of Yu fails to establish a prima facie case of obviousness for amended independent claim 21. For similar reasons, the combination fails to establish a prima facie case of obviousness for claims dependent on amended independent claim 21. 
Applicant’s arguments with regard to claim 21 are similar to those regarding claim 13, and are therefore responded to in a similar way.
	Applicant further argues that the dependent claims are allowable due to depending on an allowable independent claim.  However, as shown above, the independent claims are not allowable.

Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to FORREST L CAREY whose telephone number is (571)270-7814. The examiner can normally be reached 9:00AM-5:30PM M-F.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Ashok Patel can be reached on 5712723972. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/FORREST L CAREY/Examiner, Art Unit 2491                                                                                                                                                                                                        

/ALEXANDER LAGOR/Primary Examiner, Art Unit 2491