DETAILED ACTION
This Notice of Allowability is in response to amendment filed on May 03, 2022. Claims 1-18 are pending of which claims 1, 7 and 13 are independent claims. 

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Response to Arguments
Rejections have been withdrawn in view of amended claims.

Examiner’s Amendment
An examiner’s amendment to the record appears below. Should the changes and/or additions be unacceptable to applicant, an amendment may be filed as provided by 37 CFR 1.312. To ensure consideration of such an amendment, it MUST be submitted no later than the payment of the issue fee.
Authorization for this examiner’s amendment was given in a telephone interview with David H. Judson (Reg. No. 30,467) on 05/19/2022.
The application has been amended as follows:
1.	(currently amended)  A method for authentication implemented in a key management server computing entity, comprising:
extending a key management protocol to provide a credential type that enables a client-defined credential to be created dynamically; 
receiving a request to create a credential from a first client, the first client together with a second client being members of a device group, the request being configured using the credential type; 
in response to receiving the request and authenticating the first client, dynamically-creating a credential and provisioning key material for the device group; 
receiving a subsequent request to authenticate against the credential ; and
in response to receiving the subsequent request and authenticating against the credential, enabling the second client to access and use the key material dynamically provisioned for the device group.

7.	(currently amended) An apparatus configured as a key management server, comprising:
	a processor; 
computer memory holding computer program instructions executed by the processor the computer program instructions including program code configured to:
extend a key management protocol to provide a credential type that enables a client-defined credential to be created dynamically; 
receive a request to create a credential from a first client, the first client together with a second client being members of a device group, the request being configured using the credential type; 
in response to receiving the request and authenticating the first client, dynamically create a credential and provision key material for the device group; 
receive a subsequent request to authenticate against the credential ; and
in response to receiving the subsequent request and authenticating against the credential, enable the second client to access and use the key material dynamically provisioned for the device group.

13.	 (currently amended) A computer program product in a non-transitory computer readable medium for use in a data processing system configured as a key management server, the computer program product holding computer program instructions that, when executed by the data processing system, are configured to:
extend a key management protocol to provide a credential type that enables a client-defined credential to be created dynamically; 
receive a request to create a credential from a first client, the first client together with a second client being members of a device group, the request being configured using the credential type; 
in response to receiving the request and authenticating the first client, dynamically create a credential and provision key material for the device group; 
receive a subsequent request to authenticate against the credential ; and
in response to receiving the subsequent request and authenticating against the credential, enable the second client to access and use the key material dynamically provisioned for the device group.

Allowable Subject Matter
Claims 1-18 are allowed.
The following is an examiner’s statement of reasons for allowance: 
The closest references of record are Rich et al. (US 2013/0044882), McCoy et al. (US 8,295,490) and Rich et al. (US 2013/0044878).
Rich et al. teaches A key management protocol (such as Key Management Interoperability Protocol (KMIP)) is extended via set of one or more custom attributes to provide a mechanism by which clients pass additional metadata to facilitate enhanced key provisioning operations by a key management server. The protocol comprises objects, operations, and attributes. Objects are the cryptographic material (e.g., symmetric keys, asymmetric keys, digital certificates and so on) upon which operations are performed. Operations are the actions taken with respect to the objects, such as getting an object from a key management server, modifying attributes of an object and the like. Attributes are the properties of the object, such as the kind of object it is, the unique identifier for the object, and the like. According to this disclosure, a first custom server attribute has a value that specifies a keygroup name that can be used by the key management server to locate (e.g., during a Locate operation) key material associated with a named keygroup. A second custom server attribute has a value that specifies a keygroup name into which key material should be registered (e.g., during a Register operation) by the server. A third custom server attribute has a value that specifies a default keygroup that the server should use for the device passing a request that include the attribute. Using these one or more custom server attributes, the client taps into and consumes/contributes to the key management server's provisioning machinery. 
McCoy et al. teaches Systems, methods, and machine-readable media for providing an encryption key to a user are provided. The system may include a key storage module, an interface module, and an authentication module. The key storage module may be configured to store an encryption key for a user on an encryption key server, wherein the encryption key is used with user data on a data storage server. The interface module may be configured to receive a request for the encryption key from a client machine associated with the user. The authentication module may be configured to authenticate the user, wherein the interface module may further be configured to transmit the encryption key to the client machine in response to authenticating the user.
Rich et al. teaches A key management protocol (such as KMIP) is extended to provide an extended credential type to pass information from clients to the server to enable the server to deduce pre-provisioned cryptographic materials for the individual clients. Preferably, KMIP client code communicates device information to a key management server in a value in the headers of KMIP requests that flow to the server. In this manner, KMIP requests are associated with pre-provisioned cryptographic materials for particular devices or device groups.
Rich et al. (US 2013/0044882), McCoy et al. (US 8,295,490) and Rich et al. (US 2013/0044878), either taken by itself or in any combination, fail to disclose or suggest limitation “in response to receiving the request and authenticating the first client, dynamically-creating a credential and provisioning key material for the device group; and receiving a subsequent request to authenticate against the credential from the second client; and in response to receiving the subsequent request and authenticating against the credential, enabling the second client to access and use the key material dynamically provisioned for the device group” in combination with other limitations as recited by independent claim 1. 
Other independent claims recite features similar to those recited in independent claim 1, and are therefore allowable for reasons similar to those given above. Dependent claims are allowed by virtue of their dependencies.
None of the prior art of record either taken by itself or in any combination, would have anticipated or made obvious the invention of the present application at or before the time it was filed.
Any comments considered necessary by applicant must be submitted no later than the payment of the issue fee and, to avoid processing delays, should preferably accompany the issue fee.  Such submissions should be clearly labeled “Comments on Statement of Reasons for Allowance.”

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to KHANG DO whose telephone number is (571)270-7837. The examiner can normally be reached Monday-Friday 8:00 - 5:00 EST.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, SALEH NAJJAR can be reached on (571)272-4006. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/KHANG DO/Primary Examiner, Art Unit 2492