DETAILED ACTION
	This Office Action is in response to the Amendment filed 05/23/2022.
	Authorization for this Examiner’s Amendment is given by the attorney of record Mr. Brett Belden on 06/07/2022.

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

				  EXAMINER’S AMENDMENTS
			         Amend claims 1, 5 and 9 as follow:
Claim 1: (Currently Amended) 
A computer program product tangibly stored on a computer readable hardware storage device, the computer program product configured to authenticate a constrained electronic device to a server on a network, the computer program product comprising instructions to cause a processor of a computing device to: 
receive, from the constrained electronic device, encrypted device identification data, wherein the device identification data is encrypted, by the constrained electronic device, using a pre-shared key of the constrained electronic device; 
generate a certificate request; 
send the certificate request and the encrypted device identification data to an authentication service on the server; 
receive, based on the certificate request, a first packet and a second packet, the first packet includes: 
a session key generated by the authentication service and certified certificates, wherein the session key and the certified certificates  included in the first packet are encrypted with the pre-shared key of the constrained electronic device, 
the second packet includes: 
the session key generated by the authentication service and the certified certificates, wherein the session key and the certified certificates included in the second packet are  encrypted with a pre-shared key of the computing device; 
decrypt the session key and the certified certificates encrypted with the pre-shared key of the computing device to obtain decrypted session key and decrypted certified certificates; 
 authenticate, based on the decrypted certified certificates, the constrained electronic device;  
upon authenticating the constrained electronic device successfully, transfer the first packet including the session key encrypted with the pre-shared key of the  constrained electronic device to the constrained electronic device ;
	establish a secure connection with the constrained electronic device using the decrypted session key.


Claim 5: (Currently Amended) 
A method for authenticating a constrained electronic device to a server on a network, the method comprising: 
receiving, by a computing device from the constrained electronic device, encrypted device identification data, wherein the device identification data is encrypted, by the constrained electronic device, using a pre-shared key of the constrained electronic device; 
generating, by the computing device, a certificate request; 
sending, by the computing device, the certificate request and the encrypted device identification data to an authentication service on the server; 
receiving, based on the certificate request, by the computing device, a first packet and a second packet, the first packet includes: 
a session key generated by the authentication service and certified certificates, wherein the session key and the certified certificates  included in the first packet are encrypted with the pre-shared key of the constrained electronic device, 
the second packet includes: 
the session key generated by the authentication service and the certified certificates, wherein the session key and the certified certificates included in the second packet are  encrypted with a pre-shared key of the computing device; 
decrypting, by the computing device, the session key and the certified certificates encrypted with the pre-shared key of the computing device to obtain decrypted session key and decrypted certified certificates; 
authenticating, based on the decrypted certified certificates, by the computing device, the constrained electronic device;  
upon authenticating the constrained electronic device successfully, transferring, by the computing device to the  constrained electronic device, the first packet including the session key encrypted with the pre-shared key of the  constrained electronic device;
	establishing a secure connection, by the computing device with the constrained electronic device using the decrypted session key.

Claim 9: (Currently Amended) 
A computing device comprising: 
a processor device; 
memory in communication with the processor device; 
a network interface device; and 
circuitry configured to authenticate a constrained electronic device to a server over a network, the circuity configured to: 
receive, from the constrained electronic device, encrypted device identification data, wherein the device identification data is encrypted, by the constrained electronic device, using a pre-shared key of the constrained electronic device; 
generate a certificate request; 
send the certificate request and the encrypted device identification data to an authentication service on the server; 
receive, based on the certificate request, a first packet and a second packet, the first packet includes: 
a session key generated by the authentication service and certified certificates, wherein the session key and the certified certificates  included in the first packet are encrypted with the pre-shared key of the constrained electronic device, 
the second packet includes: 
the session key generated by the authentication service and the certified certificates, wherein the session key and the certified certificates included in the second packet are  encrypted with a pre-shared key of the computing device; 
decrypt the session key and the certified certificates encrypted with the pre-shared key of the computing device to obtain decrypted session key and decrypted certified certificates; 
 authenticate, based on the decrypted certified certificates, the constrained electronic device;  
upon authenticating the constrained electronic device successfully, transfer the first packet including the session key encrypted with the pre-shared key of the  constrained electronic device to the constrained electronic device ;
	establish a secure connection with the constrained electronic device using the decrypted session key.
			       ALLOWABLE SUBJECT MATTER
		Claims 1-13 are allowed while claims 14-16 are cancelled.
	The present invention is directed to computer program product, method and computer device for authenticating a constrained electronic device to a server on a network.
The closest prior arts cited are generally directed to various aspects of authenticating a constrained electronic device. However, none of the cited prior arts found alone or in combination suggests or teaches the elements of the independent claims. For instance, no part of the cited prior arts teach or suggest in order to authenticate a constrained electronic device to a server on a network, the following steps will have to be performed by a computing device that is different from the constrained electronic device:  receiving from the constrained electronic device, encrypted device identification data, wherein the device identification data is encrypted, by the constrained electronic device, using a pre-shared key of the constrained electronic device; generating a certificate request; sending the certificate request and the encrypted device identification data to an authentication service on the server; 
receiving, based on the certificate request, a first packet and a second packet, the first packet includes: a session key generated by the authentication service and certified certificates, wherein the session key and the certified certificates included in the first packet are encrypted with the pre-shared key of the constrained electronic device, 
the second packet includes: the session key generated by the authentication service and the certified certificates, wherein the session key and the certified certificates included in the second packet are encrypted with a pre-shared key of the computing device; decrypting the session key and the certified certificates encrypted with the pre-shared key of the computing device to obtain decrypted session key and decrypted certified certificates; authenticating, based on the decrypted certified certificates, the constrained electronic device; upon authenticating the constrained electronic device successfully, transferring to the constrained electronic device, the first packet including the session key encrypted with the pre-shared key of the constrained electronic device; and establishing a secure connection with the constrained electronic device using the decrypted session key.
Therefore, the claims are allowed for the above reason.
	Any comments considered necessary by Applicant must be submitted no later
than the payment of the issue fee and, to avoid processing delays, should preferably
accompany the issue fee. Such submissions should be clearly labeled "Comments on
Statement for Reasons for Allowance."

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to PHY ANH TRAN VU whose telephone number is (571)270-7317. The examiner can normally be reached Monday-Friday 7 am-1 pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Taghi T Arani can be reached on (571) 272-3787. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/PHY ANH T VU/Primary Examiner, Art Unit 2438