DETAILED ACTION
This action is in response to the amendment filed on April 5, 2022. Claims 1, 2-12, and 14-23 are pending. Of which, Claims 1, 4, 7, 11, 14, and 17 have been amended. Claims 21-23 are new. Claims 1, 4-6, and 21 represent a method, claims 7-12, and 22 represent a system, and claims 14-20, and 23 represent a non-transitory medium directed to cryptographically identifying a device.
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Response to Arguments
Applicant’s arguments, see page 8 filed on April 5, 2022, with respect to the rejection(s) of claim(s) 1-20  in view of Mangalvedkar et al. have been fully considered and are persuasive.  Therefore, the rejection has been withdrawn.  However, upon further consideration, a new ground(s) of rejection is made in view of Mangalvedkar et al. (US Publication 2020/0177589) and Peddada (US Publication 2019/0394042).
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1, 4-12, 14-23 are rejected under 35 U.S.C. 103 as being anticipated by Mangalvedkar et al. (US Publication 2020/0177589), hereinafter referred to as Mangalvedkar, in view of Peddada (US Publication 2019/0394042), hereinafter referred to as Peddada.
	Regarding Claim 1, Mangalvedkar discloses:
A method for cryptographically identifying a device to a cloud service (In ¶ 4 Mangalvedkar discloses “a computer-implemented method comprising the steps of receiving a registration request from an internet-of-things (IoT) device”), the method comprising: providing, to the cloud service, a cryptographically signed token, the token being embedded in the device (In ¶ 23, Mangalvedkar discloses “Embodiments of the IoT device 101 may transmit the provisioning request along with an initial set of credentials 150 stored by the IoT device 101 (i.e., in the form of a digital certificate, security token or signed objects) and a set of metadata 152 describing one or more parameters, attributes or identifying information about the IoT device”), the token including a serial number (In ¶ 72, Mangalvedkar discloses “The metadata 152 element of a “preregistration_ID” may describe the identifying name of the unregistered IoT device 101 visible to the systems of the network 160 when the IoT device 101 connects to the network 160, ….. For example, the pre_registrationID can be a …serial number”),  and a signature of the token (In ¶ 101, Mangalvedkar discloses “The credentials 150, which may be in the form of digital certificates, signed objects comprising a digital signature or security tokens in some embodiments”), determines a user based on the serial number and sends a request to enroll the device in the identified tenant (In ¶ 73, Mangalvedkar discloses “If the preregristration_ID of the device 101 seeking registration matches the approved list of preregistration_IDs, the provisioning service 109 may proceed with the registration process.”); receiving, from the cloud service, provisioning information customized for the user and including a client certificate for communicating with the cloud service (In ¶ 65, Mangalvedkar discloses “the provisioning service 109 can issue new credentials 150 by issuing a new digital certificate or security token to the IoT device 101 as part of the registration process.”). 
However, Mangalvedkar does not explicitly disclose the details of a multi-tenant cloud service.
Peddada discloses:
an identifier of a public key (In ¶ 14, Peddada discloses “the request may be based on the private key (e.g., signed by the private key, include information encrypted with the private key, etc.) and may include either the certificate or the key ID value”), wherein the cloud service verifies the token using the public key retrieved using the identifier (In ¶ 14, Peddada discloses “If the application server receives a key ID value, the application server may retrieve from memory the public key corresponding to the key ID value”), identifies a tenant of a multi-tenant cloud based on the user (In ¶ 32, Peddada discloses “In some cases, this key ID may be an example of a string (e.g., a fifteen-character ID) specific to a public-private key pair that maps to a specific tenant or user associated with a tenant.”)
One of ordinary skill in the art of cryptography would be motivated, before the effective filing date of the claimed invention to combine Mangalvedkar and Peddada’s approach of utilizing a multi-tenant cloud service as the motivation would be to allow of better scalability of servers to handle more traffic and the processing power can be distributed to efficiently utilize processing and memory resources (See Peddada ¶ 13).
	Regarding Claim 4, the combination of Mangalvedkar and Peddada disclose:
Wherein the signature for the token is generated and stored in the device when the device is manufactured (In ¶ 65, Mangalvedkar discloses “Credentials 150, maintained as digital certificates, security tokens and default user names/passwords may be pre-loaded onto an IoT device 101 by the manufacturer, distributor or administrator of the IoT device 101”).
	Regarding Claim 5, the combination of Mangalvedkar and Peddada disclose:
The method of claim 1 wherein the cryptographically signed token is valid for at least five years (In ¶ 110 Mangalvedkar discloses “The provisioning service in step 523 may apply the limited time period instruction of the rules statement by issuing a set of credentials 150 to the IoT device 101 that expire within the time period specified in the rule.”).
	Regarding Claim 6, the combination of Mangalvedkar and Peddada disclose:
The method of claim 1 wherein the client certificate is a public key certificate (In ¶ 64 Mangalvedkar discloses “Credentials 150 may allow for computing systems, platforms, and networks to verify the authenticity of the IoT device 101, to ensure that unauthorized devices are not impersonating a legitimate IoT device 101. For example, digital certificates, may use public keys, private keys or digital signatures issued by a digital certificate manager responsible for maintaining the credentials 150 the IoT device”).
	Regarding Claim 7, Mangalvedkar discloses:
A system comprising (In ¶ 5 Mangalvedkar discloses “A second embodiment of the present disclosure provides a computer system comprising a processor; an internet-of-things (IoT) device placed in communication with the processor;”): a processor; a read-only memory (ROM) communicatively coupled to the processor, the ROM storing a cryptographically signed token (In ¶ 23, Mangalvedkar discloses “Embodiments of the IoT device 101 may transmit the provisioning request along with an initial set of credentials 150 stored by the IoT device 101 (i.e., in the form of a digital certificate, security token or signed objects) and a set of metadata 152 describing one or more parameters, attributes or identifying information about the IoT device”), the token including a serial number (In ¶ 72, Mangalvedkar discloses “The metadata 152 element of a “preregistration_ID” may describe the identifying name of the unregistered IoT device 101 visible to the systems of the network 160 when the IoT device 101 connects to the network 160, ….. For example, the pre_registrationID can be a …serial number”),  and a signature of the token (In ¶ 101, Mangalvedkar discloses “The credentials 150, which may be in the form of digital certificates, signed objects comprising a digital signature or security tokens in some embodiments”),  and a memory communicatively coupled to the processor, the memory storing instructions executable by the processor to: read the token from the ROM; provide the token to a cloud service, determines a user based on the serial number, and sends a request to enroll the device in the identified tenant(In ¶ 73, Mangalvedkar discloses “If the preregristration_ID of the device 101 seeking registration matches the approved list of preregistration_IDs, the provisioning service 109 may proceed with the registration process.”); and receive, from the cloud service, provisioning information, the provisioning information being customized for the user and including a client certificate for communicating with the cloud service (In ¶ 65, Mangalvedkar discloses “the provisioning service 109 can issue new credentials 150 by issuing a new digital certificate or security token to the IoT device 101 as part of the registration process.”).
However, Mangalvedkar does not explicitly disclose the details of a multi-tenant cloud service.
Peddada discloses:
an identifier of a public key (In ¶ 14, Peddada discloses “the request may be based on the private key (e.g., signed by the private key, include information encrypted with the private key, etc.) and may include either the certificate or the key ID value”), wherein the cloud service verifies the token using the public key retrieved using the identifier (In ¶ 14, Peddada discloses “If the application server receives a key ID value, the application server may retrieve from memory the public key corresponding to the key ID value”), identifies a tenant of a multi-tenant cloud based on the user (In ¶ 32, Peddada discloses “In some cases, this key ID may be an example of a string (e.g., a fifteen-character ID) specific to a public-private key pair that maps to a specific tenant or user associated with a tenant.”)
One of ordinary skill in the art of cryptography would be motivated, before the effective filing date of the claimed invention to combine Mangalvedkar and Peddada’s approach of utilizing a multi-tenant cloud service as the motivation would be to allow of better scalability of servers to handle more traffic and the processing power can be distributed to efficiently utilize processing and memory.
Regarding Claim 8, the combination of Mangalvedkar and Peddada disclose:
The system of claim 7 wherein the cryptographically signed token includes expiration information (In ¶ 110 Mangalvedkar discloses “The provisioning service in step 523 may apply the limited time period instruction of the rules statement by issuing a set of credentials 150 to the IoT device 101 that expire within the time period specified in the rule.”).
Regarding Claim 9, the combination of Mangalvedkar and Peddada disclose:
The system of claim 7 wherein cryptographically signed token is a JavaScript Object Notation (JSON) Web Token (JWT) (In ¶ 67 Mangalvedkar discloses “the metadata 152 may be implemented using JSON, XML, RuleML, JSONata, or Business Rules Management Markup Language.”).
Regarding Claim 10, the combination of Mangalvedkar and Peddada disclose:
The system of claim 7 wherein the ROM is at least one of an electrically erasable programmable read-only memory and a flash memory (In ¶ 116 Mangalvedkar discloses “persistent storage 106 can include one or more solid state hard drives, semiconductor storage devices, read-only memories (ROM), erasable programmable read-only memories (EPROM), flash memories, or any other computer-readable storage media that is capable of storing program instructions or digital information.”).
Regarding Claim 11, the combination of Mangalvedkar and Peddada disclose:
The system of claim 7 wherein the signature for the token is generated and programmed into the ROM when the system is manufactured (In ¶ 65 Mangalvedkar discloses “Credentials 150, maintained as digital certificates, security tokens and default user names/passwords may be pre-loaded onto an IoT device 101 by the manufacturer, distributor or administrator of the IoT device”)..
Regarding Claim 12, the combination of Mangalvedkar and Peddada disclose:
The system of claim 7 wherein the provisioning information further includes an application selected by the user for installation on the system (In ¶ 78 Mangalvedkar discloses “Embodiments of an IoT platform 153 may also integrate IoT devices 101 with mobile computing devices, smartphone technologies and applications”).
Regarding Claim 14, Mangalvedkar discloses:
A non-transitory computer-readable storage medium having embodied thereon a program, the program being executable by a processor to perform a method for cryptographically identifying a device to a cloud service (In ¶ 6 Mangalvedkar discloses “A third embodiment of the present disclosure provides a computer program product”), the method comprising: providing, to a cloud service using an encrypted channel, a cryptographically signed token, the token being embedded in the device (In ¶ 23, Mangalvedkar discloses “Embodiments of the IoT device 101 may transmit the provisioning request along with an initial set of credentials 150 stored by the IoT device 101 (i.e., in the form of a digital certificate, security token or signed objects) and a set of metadata 152 describing one or more parameters, attributes or identifying information about the IoT device”), the token including a serial number (In ¶ 72, Mangalvedkar discloses “The metadata 152 element of a “preregistration_ID” may describe the identifying name of the unregistered IoT device 101 visible to the systems of the network 160 when the IoT device 101 connects to the network 160, ….. For example, the pre_registrationID can be a …serial number”),  and a signature of the token (In ¶ 101, Mangalvedkar discloses “The credentials 150, which may be in the form of digital certificates, signed objects comprising a digital signature or security tokens in some embodiments”), determines a user based on the serial number, and sends a request to enroll the device in the identified tenant (In ¶ 73, Mangalvedkar discloses “If the preregristration_ID of the device 101 seeking registration matches the approved list of preregistration_IDs, the provisioning service 109 may proceed with the registration process.”); and receiving, from the cloud service responsive to the providing, provisioning information, the provisioning information being customized for the user and including a client certificate for secure communications with the cloud service (In ¶ 65, Mangalvedkar discloses “the provisioning service 109 can issue new credentials 150 by issuing a new digital certificate or security token to the IoT device 101 as part of the registration process.”).
However, Mangalvedkar does not explicitly disclose the details of a multi-tenant cloud service.
Peddada discloses:
an identifier of a public key (In ¶ 14, Peddada discloses “the request may be based on the private key (e.g., signed by the private key, include information encrypted with the private key, etc.) and may include either the certificate or the key ID value”), wherein the cloud service verifies the token using the public key retrieved using the identifier (In ¶ 14, Peddada discloses “If the application server receives a key ID value, the application server may retrieve from memory the public key corresponding to the key ID value”), identifies a -4-Application No.: 17/018,983PATENT Response Dated: April 5, 2022tenant of a multi-tenant cloud based on the user (In ¶ 32, Peddada discloses “In some cases, this key ID may be an example of a string (e.g., a fifteen-character ID) specific to a public-private key pair that maps to a specific tenant or user associated with a tenant.”)
One of ordinary skill in the art of cryptography would be motivated, before the effective filing date of the claimed invention to combine Mangalvedkar and Peddada’s approach of utilizing a multi-tenant cloud service as the motivation would be to allow of better scalability of servers to handle more traffic and the processing power can be distributed to efficiently utilize processing and memory.
Regarding Claim 15, the combination of Mangalvedkar and Peddada disclose:
The non-transitory computer-readable storage medium of claim 14 wherein the cryptographically signed token includes human-readable text (In ¶ 67 Mangalvedkar discloses “Embodiments of the metadata 152 may store the IoT device 101 information in a readable format, markup language or schema.”).
Regarding Claim 16, the combination of Mangalvedkar and Peddada disclose:
The non-transitory computer-readable storage medium of claim 14 wherein the cryptographically signed token includes a date and time at which the cryptographically signed token becomes valid (In ¶ 70 Mangalvedkar discloses “The “created” element of the metadata 152 may describe the date and time the metadata 152 was first created”).
Regarding Claim 17, the combination of Mangalvedkar and Peddada disclose:
The non-transitory computer-readable storage medium of claim 14 wherein the user is associated with the first information in a sales system (In ¶ 71 Mangalvedkar discloses “Embodiments of the “typeID” of the metadata 152 may describe the type of IoT device 101 associated with the metadata 152. For example, the typeID may be described by the IoT device's 101 model name, product name, a generic descriptor of the device itself, a codename or a customized typeID that may be set by the manufacturer, user or administrator”).
Regarding Claim 18, the combination of Mangalvedkar and Peddada disclose:
The non-transitory computer-readable storage medium of claim 14 wherein the provisioning information includes a software update for the device, the software update being at least one of a software distribution and a software version selected by the customer (In ¶ 74 Mangalvedkar discloses “the IoT device 101 may use the callback URL to send an IoT device 101 status, confirm registration, report IoT device 101 registration denial, perform IoT device 101 updates, etc.”).
Regarding Claim 19, the combination of Mangalvedkar and Peddada disclose:
The non-transitory computer-readable storage medium of claim 14 wherein the encrypted channel uses Hypertext Transfer Protocol Secure (HTTPS) (In ¶ 36 Mangalvedkar discloses “Communication unit 111 may further allow for a full network protocol stack, enabling communication over network 160 to the group of computer systems or other computing hardware devices linked together through communication channels.”).
Regarding Claim 20, the combination of Mangalvedkar and Peddada disclose:
The non-transitory computer-readable storage medium of claim 14 wherein the client certificate is an x509 public key certificate (In ¶ 64 Mangalvedkar discloses “The most common format for a public key certificate that may be used may be a digital certificate issued in the X.509 format.”).
Regarding Claim 21, the combination of Mangalvedkar and Peddada disclose:
data of each tenant of the plurality of tenants is isolated from other tenants of the plurality of tenants (In ¶ 19, Mangalvedkar discloses “A cloud client 105 may have access to certain applications, data, and database information within cloud platform 115 based on the associated security or permission level, and may not have access to others.”)
However, Mangalvedkar does not explicitly disclose the details of a multi-tenant cloud service.
Peddada discloses:
Wherein the multi-tenant cloud comprises computing resources shared by a plurality of tenants (In ¶ 12, Peddada discloses “Multiple users associated with multiple tenants (e.g., organizations) may store, access, and modify data using the cloud-based CRM applications.”) 
One of ordinary skill in the art of cryptography would be motivated, before the effective filing date of the claimed invention to combine Mangalvedkar and Peddada’s approach of utilizing a multi-tenant cloud service as the motivation would be to allow of better scalability of servers to handle more traffic and the processing power can be distributed to efficiently utilize processing and memory.
Regarding Claim 22, the combination of Mangalvedkar and Peddada disclose:
data of each tenant of the plurality of tenants is isolated from other tenants of the plurality of tenants (In ¶ 19, Mangalvedkar discloses “A cloud client 105 may have access to certain applications, data, and database information within cloud platform 115 based on the associated security or permission level, and may not have access to others.”)
However, Mangalvedkar does not explicitly disclose the details of a multi-tenant cloud service.
Peddada discloses:
Wherein the multi-tenant cloud comprises computing resources shared by a plurality of tenants (In ¶ 12, Peddada discloses “Multiple users associated with multiple tenants (e.g., organizations) may store, access, and modify data using the cloud-based CRM applications.”) 
One of ordinary skill in the art of cryptography would be motivated, before the effective filing date of the claimed invention to combine Mangalvedkar and Peddada’s approach of utilizing a multi-tenant cloud service as the motivation would be to allow of better scalability of servers to handle more traffic and the processing power can be distributed to efficiently utilize processing and memory.
Regarding Claim 23 the combination of Mangalvedkar and Peddada disclose:
data of each tenant of the plurality of tenants is isolated from other tenants of the plurality of tenants (In ¶ 19, Mangalvedkar discloses “A cloud client 105 may have access to certain applications, data, and database information within cloud platform 115 based on the associated security or permission level, and may not have access to others.”)
However, Mangalvedkar does not explicitly disclose the details of a multi-tenant cloud service.
Peddada discloses:
Wherein the multi-tenant cloud comprises computing resources shared by a plurality of tenants (In ¶ 12, Peddada discloses “Multiple users associated with multiple tenants (e.g., organizations) may store, access, and modify data using the cloud-based CRM applications.”) 
One of ordinary skill in the art of cryptography would be motivated, before the effective filing date of the claimed invention to combine Mangalvedkar and Peddada’s approach of utilizing a multi-tenant cloud service as the motivation would be to allow of better scalability of servers to handle more traffic and the processing power can be distributed to efficiently utilize processing and memory.
Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. 
Sharaga et al, US Publication Number 2019/0306673, discloses automated activation and onboarding of connected devices. 
Soriano, US Publication Number 2021/0099288, discloses key-based security for cloud services. 
Gupta et al. US Publication Number 2020/0059881, discloses a secure enrollment of devices with cloud platforms. 
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 


Any inquiry concerning this communication or earlier communications from the examiner should be directed to SHADI H KOBROSLI whose telephone number is (571)272-1952. The examiner can normally be reached M-F 9am-5pm ET.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Saleh Najjar can be reached on 571-272-4006. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/SHADI H KOBROSLI/               Examiner, Art Unit 2492                                                                                                                                                                                         

/SALEH NAJJAR/               Supervisory Patent Examiner, Art Unit 2492