Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Claim Rejections - 35 USC § 102
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –

(a)(2) the claimed invention was described in a patent issued under section 151, or in an application for patent published or deemed published under section 122(b), in which the patent or application, as the case may be, names another inventor and was effectively filed before the effective filing date of the claimed invention.

Claims 1-9, 14-20 are rejected under 35 U.S.C. 102(a)(2) as being anticipated by Pochuev et al (US 2020/0145409) (hereinafter Pochuev).
 	Regarding claim 1, Pochuev discloses a method comprising: 
 	receiving, by a processor, information related to a device of an internet of thing service provider (see Pochuev, Fig. 7, p. [0079], e.g., the provisioning policy server 116 sends a first redirect 1203 (Redirect1) back to the IoT device 110, and p. [0037]);
generating, by the processor, a secure attestation package based on the information (see Pochuev, Fig. 7, p. [0079], e.g., the authentication request 1205 includes the provisioning data, as well as attestation data, and authorization data. The attestation data may be values transferred to a cryptographic core (e.g., CM core) of the IoT device 110 by the application, which needs to be signed (MAC'ed) by the cryptographic core); 
 	transmitting, by the processor, the secure attestation package to the internet of thing service provider (see Pochuev, Fig. 7, p. [0079], e.g., the IoT device 110 sends an authentication request 1205 (Follow Redirect1) to the authentication policy server 112); 
 	receiving, by the processor, a request to access a wireless network of the processor from the device of the internet of thing service provider (see Pochuev, Fig. 7, p. [0079], e.g., the authentication policy server 112 sends a second redirect 1207 (Redirect2) back to the IoT device 110. The second redirect 1207 includes a token and attestation data); and 
 	authorizing, by the processor, the device to access the wireless network based on the secure attestation package (see Pochuev, Fig. 7, p. [0079], e.g., the IoT device 110 sends a request 1209 (Follow Redirect2) to the provisioning policy server 116. The request 1209 includes the token and the attestation data. The provisioning policy server 116 checks the token and the attestation data. The provisioning policy server 116 sends a HTTP response 1213, including provisioned data (e.g., device's application certificate and other application related data), back to the IoT device 110. Once authenticated and authorized by the device provisioning service 106 and the RoT authentication service 104, the IoT device can communicate with the IoT application services 108, such as using a secure connection over TLS/DTLS (MQTT, HTTPs, or the like)).
 	Regarding claim 2, Pochuev discloses the method of claim 1, further comprising: monitoring, by the processor, an activity of the device on the wireless network in accordance with the secure attestation package (see Pochuev, p. [0126], e.g., The processing logic sends a redirect response to the IoT device to re-direct the IoT device to the RoT authentication service to authenticate and authorize the IoT device (block 2108). The redirect response may include an encrypted policy identifier used to authenticate the IoT device. The processing logic subsequently receives a provisioning request that includes a token issued by the RoT authentication service (block 2110)).

 	Regarding claim 3, Pochuev discloses the method of claim 2, further comprising: generating, by the processor, a notification when the activity of the device violates a rule associated with the secure attestation package (see Pochuev, p. [0126], e.g., If the provisioning request, token, or both are not validated at block 2112) ; and transmitting, by the processor, the notification to the internet of thing service provider (see Pochuev, p. [0126], e.g., the processing logic sends an error message (or not) (block 2116)).
 	Regarding claim 4, Pochuev discloses the method of claim 2, further comprising: transmitting, by the processor, an update to the device based on the monitoring (see Pochuev, p. [0126], e.g., the processing logic validates the provisioning request and the token (block 2112). When the provisioning request and token are validated at block 2112, the processing logic sends provisioning information to the IoT device (block 2114)).
 	Regarding claim 5, Pochuev discloses the method of claim 1, wherein the information comprises a device capability of the device that is used on the wireless network (see Pochuev, p. [0041], e.g., access tokens can contain information about the RoT. The information can be considered metadata about the IoT device 110, a kernel of the IoT device 110, an operating system (OS), or the like).
 	Regarding claim 6, Pochuev discloses the method of claim 1, wherein the information comprises a type of operating system used to execute an application on the wireless network (see Pochuev, p. [0041], e.g., access tokens can contain information about the RoT. The information can be considered metadata about the IoT device 110, a kernel of the IoT device 110, an operating system (OS), or the like).
 	Regarding claim 7, Pochuev discloses the method of claim 1, wherein the information comprises a communication protocol of the device on the wireless network (see Pochuev, p. [0028-0029], e.g., The IoT device 110 can communicate with the authentication service 104 using a front-end protocol 101 (labeled AuthN and AuthZ protocol for authentication and authorization) that is flexible).
 	Regarding claim 8, Pochuev discloses the method of claim 1, wherein the information comprises physical security associated with the device while active on the wireless network (see Pochuev, p. [0038], e.g., the IoT application server 122 can be configured to only allow IoT devices 110 with valid certificates to connect to an IoT application. The IoT application server 122 can support message queuing telemetry transport (MQTT) over Transport Layer Security (TLS)).
 	Regarding claim 9, Pochuev discloses the method of claim 1, wherein the information comprises a type of access network used by the device to access the wireless network (see Pochuev, p. [0041], e.g., the information can be considered metadata about the IoT device 110, a kernel of the IoT device 110, an operating system (OS), or the like).
 	Regarding claim 14,  Pochuev discloses the method of claim 1, wherein the secure attestation package is attached to the device before the device sends the request to access the wireless network (see Pochuev, p. [0079], e.g., the authentication request 1205 includes the provisioning data, as well as attestation data, and authorization data. The attestation data may be values transferred to a cryptographic core (e.g., CM core) of the IoT device 110 by the application).
 	Regarding claim 15, Pochuev discloses the method of claim 1, wherein a ruleset associated with the device based on the information that was received is stored in a partition of the secure attestation package (see Pochuev, p. [0041], e.g., Access tokens can contain information about the RoT. The information can be considered metadata about the IoT device 110, a kernel of the IoT device 110, an operating system (OS), or the like, and p. [0079], e.g., the IoT device 110 sends an authentication request 1205 (Follow Redirect1) to the authentication policy server 112. The authentication request 1205 includes the provisioning data, as well as attestation data, and authorization data. The attestation data may be values transferred to a cryptographic core (e.g., CM core) of the IoT device 110 by the application, which needs to be signed (MAC'ed) by the cryptographic core).
 	Regarding claim 16, Pochuev discloses the method of claim 15, wherein the ruleset is used to configure the device for monitoring after the device is authorized to access the wireless network (see Pochuev, p. [0041], [0079] and [0110], e.g., RoT identity server 114 can provide unique identities to the devices that are valid only within the context of a particular IoT application. This is useful when the devices need to be tracked, while preserving privacy of the device/user by not allowing the device to use the same ID across multiple services).
 	Regarding claim 17, Pochuev discloses a non-transitory computer-readable medium storing instructions which, when executed by a processing system including at least one processor, cause the processing system to perform operations, the operations comprising: 
receiving information related to a device of an internet of thing service provider (see Pochuev, Fig. 7, p. [0079], e.g., the provisioning policy server 116 sends a first redirect 1203 (Redirect1) back to the IoT device 110);
 	generating a secure attestation package based on the information (see Pochuev, Fig. 7, p. [0079], e.g., the authentication request 1205 includes the provisioning data, as well as attestation data, and authorization data. The attestation data may be values transferred to a cryptographic core (e.g., CM core) of the IoT device 110 by the application, which needs to be signed (MAC'ed) by the cryptographic core); 
 	transmitting the secure attestation package to the internet of thing service provider(see Pochuev, Fig. 7, p. [0079], e.g., the IoT device 110 sends an authentication request 1205 (Follow Redirect1) to the authentication policy server 112);  
 	receiving a request to access a wireless network of the processing system from the device of the internet of thing service provider (see Pochuev, Fig. 7, p. [0079], e.g., the authentication policy server 112 sends a second redirect 1207 (Redirect2) back to the IoT device 110. The second redirect 1207 includes a token and attestation data); and 
authorizing the device to access the wireless network based on the secure attestation package (see Pochuev, Fig. 7, p. [0079], e.g., the IoT device 110 sends a request 1209 (Follow Redirect2) to the provisioning policy server 116. The request 1209 includes the token and the attestation data. The provisioning policy server 116 checks the token and the attestation data. The provisioning policy server 116 sends a HTTP response 1213, including provisioned data (e.g., device's application certificate and other application related data), back to the IoT device 110. Once authenticated and authorized by the device provisioning service 106 and the RoT authentication service 104, the IoT device can communicate with the IoT application services 108, such as using a secure connection over TLS/DTLS (MQTT, HTTPs, or the like)).
 	Regarding claim 18, Pochuev discloses the non-transitory computer-readable medium of claim 17, the operations further comprising: monitoring an activity of the device on the wireless network in accordance with the secure attestation package (see Pochuev, p. [0126], e.g., The processing logic sends a redirect response to the IoT device to re-direct the IoT device to the RoT authentication service to authenticate and authorize the IoT device (block 2108). The redirect response may include an encrypted policy identifier used to authenticate the IoT device. The processing logic subsequently receives a provisioning request that includes a token issued by the RoT authentication service (block 2110)).
 	Regarding claim 19, Pochuev discloses the non-transitory computer-readable medium of claim 18, the operations further comprising: generating a notification when the activity of the device violates a rule associated with the secure attestation package (see Pochuev, p. [0126], e.g., If the provisioning request, token, or both are not validated at block 2112); and transmitting the notification to the internet of thing service provider (see Pochuev, p. [0126], e.g., the processing logic sends an error message (or not) (block 2116)).
	Regarding claim 20, Pochuev discloses an apparatus comprising: a processor; and a non-transitory computer readable medium storing instructions which, when executed by the processor, cause the processor to perform operations, the operations comprising: 
 	receiving information related to a device of an internet of thing service provider (see Pochuev, Fig. 7, p. [0079], e.g., the provisioning policy server 116 sends a first redirect 1203 (Redirect1) back to the IoT device 110);
 	generating a secure attestation package based on the information; transmitting the secure attestation package to the internet of thing service provider (see Pochuev, Fig. 7, p. [0079], e.g., the authentication request 1205 includes the provisioning data, as well as attestation data, and authorization data. The attestation data may be values transferred to a cryptographic core (e.g., CM core) of the IoT device 110 by the application, which needs to be signed (MAC'ed) by the cryptographic core); 
 	transmitting the secure attestation package to the internet of thing service provider (see Pochuev, Fig. 7, p. [0079], e.g., the IoT device 110 sends an authentication request 1205 (Follow Redirect1) to the authentication policy server 112);
receiving a request to access a wireless network of the processor from the device of the internet of thing service provider (see Pochuev, Fig. 7, p. [0079], e.g., the authentication policy server 112 sends a second redirect 1207 (Redirect2) back to the IoT device 110. The second redirect 1207 includes a token and attestation data); and 
 	authorizing the device to access the wireless network based on the secure attestation package(see Pochuev, Fig. 7, p. [0079], e.g., the IoT device 110 sends a request 1209 (Follow Redirect2) to the provisioning policy server 116. The request 1209 includes the token and the attestation data. The provisioning policy server 116 checks the token and the attestation data. The provisioning policy server 116 sends a HTTP response 1213, including provisioned data (e.g., device's application certificate and other application related data), back to the IoT device 110. Once authenticated and authorized by the device provisioning service 106 and the RoT authentication service 104, the IoT device can communicate with the IoT application services 108, such as using a secure connection over TLS/DTLS (MQTT, HTTPs, or the like)).
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 10-13 are rejected under 35 U.S.C. 103 as being unpatentable over Pochuev in view of Fallah et al (US 2019/0319808) (hereinafter Fallah).
 	Regarding claim 10, Pochuev disclose at paragraph [0041], e.g., the information can be considered metadata.  However, Pochuev does not expressly disclose the method of claim 9, wherein the secure attestation package comprises an authorized international mobile equipment identity number of the device for cellular network access.
 	Fallah discloses the above recited limitations (see Fallah, p. [0139], e.g., Fallah discloses metadata, and p. [0144], e.g., communication network provider-assigned data such as a WAN IP address or IMSI).
 	It would have been obvious to a person of ordinary skilled in the art before the effective filing date of the claimed invention to incorporate Fallah’s teachings into Pochuev.  The suggestion/motivation would have been to provide an attestation or identity score of a user of a communication device employs metadata stored in a plurality of client devices in order to attest to a user's purported identity as suggested by Fallah.
 	Regarding claim 11, the combined teachings of Pochuev and Fallah disclose the method of claim 9, wherein the secure attestation package comprises an identification number associated with a subscriber identification module card provided to the internet of thing service provider for the device (see Fallah, p. [0139-0144]).
 	Regarding claim 12, the combined teachings of Pochuev and Fallah disclose the method of claim 9, wherein the secure attestation package comprises an authorized unique identification number of the device for wi-fi network access (see Fallah, p. [0139-0144]).
 	Regarding claim 13, the combined teachings of Pochuev and Fallah disclose the method of claim 9, wherein the secure attestation package comprises a bluetooth identification number of the device for bluetooth network access (see Fallah, p.[0139-0144], [0185]).
 	
Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to MINH TRANG T NGUYEN whose telephone number is (571)270-5248. The examiner can normally be reached M-F 8:30am-6:00pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Gregory B. Sefcheck can be reached on 571-272-3098. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/MINH TRANG T NGUYEN/Primary Examiner, Art Unit 2477