Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Drawing Objection
	The drawings are objected to because drawings (Figs1 & 2) contain blank boxes and numbers. Applicant must supply a suitable legend. A proposed drawing correction or corrected drawings are required in reply to the Office action to avoid abandonment of the application. The objection to the drawings will not be held in abeyance. 
The following are direct quotations of 37 CFR 1.84(n), (o), repeated below:(n)     Symbols. Graphical drawing symbols may be used for conventional elements   
when appropriate. The elements for which such symbols and   labeled representations are used must be adequately identified in the specification. Known devices should be illustrated by symbols which have a universally recognized conventional meaning and are generally accepted in the art. Other symbols which are not universally recognized may be used, subject to approval by the Office, if they are not likely to be confused with existing conventional symbols, and if they are readily identifiable.
(o)      Legends. Suitable descriptive legends may be used subject to approval by the Office, or may be required by the examiner where necessary for understanding of the drawing. They should contain as few words as possible.

	Claim Rejections - 35 USC § 112
The following is a quotation of the first paragraph of 35 U.S.C. 112:
The specification shall contain a written description of the invention, and of the manner and process of making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it pertains, or with which it is most nearly connected, to make and use the same and shall set forth the best mode contemplated by the inventor of carrying out his invention.

Claim 26-38 are rejected under 35 U.S.C. 112, first paragraph, as failing to comply with the enablement requirement.  The claim(s) contains subject matter which was not described in the specification in such a way as to enable one skilled in the art to which it pertains, or with which it is most nearly connected, to make and/or use the invention. 
With claim 26 limitation “an onboarding tool device to: receive a request to be onboarded from the device, wherein the request includes a platform certificate of the device; compare elements in the platform certificate with elements from a corresponding approved product list; use the policy data store to determine whether the device is trusted for onboarding on the IoT network by determining whether the elements from the platform certificate match the corresponding elements in the corresponding approved product list; and onboard the device to the IoT network in response to a determination that the elements from the platform certificate correspond to the elements in the approved product list”, invoking 112, 6th paragraph, the claim recite a single means claim.  M.P.E.P 2164.08(a) states a single means claim, i.e., where a means recitation does not appear in combination with another recited element of means, is subject to an undue breadth rejection under 35 U.S.C. 112, first paragraph. In re Hyatt, 708 F.2d 712, 714-715, 218 USPQ 195, 197 (Fed. Cir. 1983) (A single means claim which covered every conceivable means for achieving the stated purpose was held nonenabling for the scope of the claim because the specification disclosed at most only those means known to the inventor.). When claims depend on a recited property, a fact situation comparable to Hyatt is possible, where the claim covers every conceivable structure (means) for achieving the stated property (result) while the specification discloses at most only those known to the inventor.
Dependent claims 27-38 are also rejected under 35 U.S.C. 112, first paragraph. due to their dependencies on claim 26.

	
Claim Rejections - 35 USC § 101
35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.

Claims 47-48 are rejected under 35 U.S.C. 101 because the claimed invention is directed to non-statutory subject matter. Claim 47 recites "a machine readable medium "- the machine (computer) readable medium broadly interpreted would suggest to one to one ordinary skill in the art signals or other forms of propagation and transmission media that fails to be statutory. Therefore, claim 47 is directed to non-statutory subject matter. Examiner respectfully suggests amending the claim to include "non-transitory medium" to make the claim statutory under 35 U.S.C. 101. 
Dependent claim 48 is also rejected under 35 U.S.C. 101 as being directed to non-statutory subject matter for the same reasons as set forth above

 Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains.  Patentability shall not be negated by the manner in which the invention was made.
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  

Claims 26, 30, 33, 39, 43 & 46-47 are rejected under 35 USC 103 as being unpatentable over Schmidt (US20150237502) in view of  Barritz (WO0179970A2 – original in English has been attached) and Ameling (US20160308861).
Regarding claim 26. Schmidt teaches:
 a system for using platform certificates to verify compliance and compatibility of a device when onboarding the device into an internet of things (IoT) network, (please see paragraph 0133)
 the system comprising:  a policy data store; (please see paragraph 0111)
 and an onboarding tool device, (please see paragraph 0071)
  receive a request to be onboarded from the device, wherein the request includes a platform certificate of the device; 
use the policy data store to determine whether the device is trusted for onboarding on the network by determining whether the elements from the device match the corresponding elements in the corresponding white list;  (please see paragraphs 0243 & 0249)
onboard the device to the  network in response to a determination that the elements from the device  correspond to the elements in the white list.  (please see paragraphs 0243 & 0249)
Although Schmidt teaches onboarding  remote devices, he does not teach expclitly, however, Barritz teaches:
compare elements in the platform certificate with elements from a corresponding approved product list; (please see pages 19 & 20, lines 25-30 & 1-10 respectively)
determination that the elements from the device  platform certificate correspond to the elements in the approved product list. (please see pages 19 & 20, lines 25-30 & 
1-10 respectively)
Before the effective filing date of the claimed invention, it would have been obvious to one with ordinary skill in the art to combine the teachings of Schmidt with the disclosure of Barritz. The motivation or suggestion would have been to implement a system that will provide efficient techniques for dynamically managing various types of changes in certificates. (pages 3 && 4, lines 20-30 &  1-15 respectively, Barritz)  
Although Schmidt and Barritz teach onboarding remote device , they do not teach expclitly, however, Ameling teaches onboarding iot device.(please see paragraph 0035)
Before the effective filing date of the claimed invention, it would have been obvious to one with ordinary skill in the art to combine the teachings of Schmidt and Barritz with the disclosure of Ameling. The motivation or suggestion would have been to implement a system that will provide efficient techniques for  maintaining and onboarding an IoT device., (para 0001-003, Ameling)  
Regarding claims 30 & 43, Schmidt teaches wherein the onboarding tool is further to verify that the approved product list applies to the device using a local management console, a blockchain, or a blacklist.  (please paragraphs 0243 & 0249)
Regarding claims 33 & 46, Schmidt, Barritz & Ameling teach wherein to verify that the approved product list applies to the device, and  the onboarding tool as illustrated above in claim 26 and additionally, Schmidt teaches to verify a manufacturing key that was embedded, by a platform vendor, in secure hardware of the device. (please e para 0075)
Regarding claims 39 & 47, these claims are interpreted to be same as claim 1 and rejected for the same reasons as set forth for claim 1.

Claims 27, 40 & 48 are rejected under 35 USC 103 as being unpatentable over Schmidt  in view of  Barritz, Ameling and Proudler ( WO 0048063 A1).     
Regarding claim 27, although Schmidt, Barritz and Ameling teach platform certificate, they do not teach, however, Proudler teaches wherein the elements in the platform certificate comprise platform attributes, container attributes, device attributes, conformance status, or security profile attributes.  (please see paragraphs 0142-0143)
Before the effective filing date of the claimed invention, it would have been obvious to one with ordinary skill in the art to combine the teachings of Schmidt, Barritz and Ameling with the disclosure of Proudler. The motivation or suggestion would have been to implement a system that will provide efficient techniques for increasing the level of trust in platforms to enables greater user confidence that the platform and operating system environment behave in a known manner.(para 0001-0006, Proudler)  
Regarding claims 40 & 48, although Schmidt, Barritz and Ameling teach platform certificate, they do not teach, however, Proudler teaches wherein the elements in the platform certificate comprise platform attributes, container attributes, device attributes, conformance status, or security profile attributes, wherein the platform certificate is arranged according to a specification of a Trusted Computing Group (TCG) standards family.  (please see paragraphs 0142-0143)
Before the effective filing date of the claimed invention, it would have been obvious to one with ordinary skill in the art to combine the teachings of Schmidt, Barritz and Ameling with the disclosure of Proudler. The motivation or suggestion would have been to implement a system that will provide efficient techniques for increasing the level of trust in platforms to enables greater user confidence that the platform and operating system environment behave in a known manner.(para 0001-0006, Proudler)  

Claims 31 & 44 are rejected under 35 USC 103 as being unpatentable over Schmidt  in view of  Barritz, Ameling and Zheng (WO2012040393A2-translation and original is attached)
Regarding claims 31 & 44, although Schmidt, Barritz and Ameling teach to verify that the approved product list applies to the device, they do not teach explicitly, however, Zheng teaches the tool is further configured to verify a digital signature of the product list. (please see paragraph 0016)
Before the effective filing date of the claimed invention, it would have been obvious to one with ordinary skill in the art to combine the teachings of Schmidt, Barritz and Ameling with the disclosure of Zheng. The motivation or suggestion would have been to implement a system that will provide efficient techniques for generation and verification of digital signature..(para 0089-0091, Zheng)  

Claims 32 & 45 are rejected under 35 USC 103 as being unpatentable over Schmidt  in view of  Barritz, Ameling and Baldwin (US 20100082991)
Regarding claims 32 & 45, although Schmidt, Barritz and Ameling teach to verify that the approved product list applies to the device, they do not teach explicitly, however, Baldwin teaches tool to use a hash-tree structure; (please see paragraphs 0073 & 0129).  
Before the effective filing date of the claimed invention, it would have been obvious to one with ordinary skill in the art to combine the teachings of Schmidt, Barritz and Ameling with the disclosure of  Baldwin. The motivation or suggestion would have been to implement a system that will provide efficient techniques for protecting data against internal and external attacks as well as accidental leaks.(para 0001-0003, Baldwin)  
	
Claims 37-38 are rejected under 35 USC 103 as being unpatentable over Schmidt  in view of  Barritz, Ameling and Doliwa (US 20190052464)
Regarding claim 37, although Schmidt, Barritz and Ameling teach approved product list as illustrated in claim 26, they do not teach expclitly, however, Doliwa teaches wherein the list is maintained by an IoT device certifying entity.  (please see paragraph 0028)
Before the effective filing date of the claimed invention, it would have been obvious to one with ordinary skill in the art to combine the teachings of Schmidt, Barritz and Ameling with the disclosure of  Doliwa. The motivation or suggestion would have been to implement a system that will provide efficient techniques for a secure approach to provision ICs for IoT devices that use un-customized “off-the-shelf” ICs to allow provisioning of an IoT device in an unsecure environment by untrusted third parties, as well as distribution over standard distribution channels.(para 0001-0011, Doliwa)  
Regarding claim 38, although Schmidt, Barritz and Ameling teach the platform certificate as illustrated in claim 26, they do not teach expclitly, however, Doliwa teaches wherein a configuration is maintained by a vendor that assembled components of the device.  (please see paragraph 0028)
Before the effective filing date of the claimed invention, it would have been obvious to one with ordinary skill in the art to combine the teachings of Schmidt, Barritz and Ameling with the disclosure of  Doliwa. The motivation or suggestion would have been to implement a system that will provide efficient techniques for a secure approach to provision ICs for IoT devices that use un-customized “off-the-shelf” ICs to allow provisioning of an IoT device in an unsecure environment by untrusted third parties, as well as distribution over standard distribution channels.(para 0001-0011, Doliwa)  

Allowable Subject Matter
	Claims 28-29 & 34-36, are objected to but would be allowable if incorporated with their base claim including any intervening claims or claims and  if the Applicant revises independent claim 26 (without broadening the scope and without introducing new matter) to overcome issuance of rejection 112b for claims 26-36, based on invocation of 112f (single means) as illustrated above in this office action.
	Claims 41-42 are objected to but would be allowable if incorporated with their base claim including any intervening claims or claims, and if the Applicant revises the independent claim 39 (without broadening the scope and without introducing new matter) to overcome rejection 101 issued as illustrated above in this office action.
Relevant arts cited in pto-892 but not used in the instant office action are as follows:
1.  Tellado (US10284684) discloses technology generally directed to device certification in an IoT environment. For example, such technology is usable in managing relationships between IoT devices and an IoT Hub. In one example of the technology, an IoT Hub receives a registration request. Next, the IoT Hub sends a registration verification to the IoT device. Next, the IoT Hub receives a ping from the IoT device. Next, the IoT Hub sends a response to the ping to the IoT device. Next, the IoT Hub receives verification of a validation of a log file output by a device based on running a plurality of unit tests on a device with a software development kit. Next, the IoT Hub automatically sends code to the IoT device.
2. Loladia (US10447683) describes techniques for provisioning device-specific credentials to an Internet of Things device that accesses a cloud-based IoT service. The IoT service receives, from the IoT device, a request for device-specific credentials. The request comprises a provisioning certificate including information identifying a group of devices associated with the IoT device. The provisioning certificate is authenticated by evaluating the information with expected information. The device-specific credentials are generated based, at least in part, on the information provided in the provisioning certificate. The device-specific credentials are sent to the IoT device, and the IoT device installs and activates the device-specific credentials. The device-specific credentials are associated with the IoT device in a registry of the IoT service.
3.  Schultz (US20160337127) discloses that a device may receive a connection request including a digital certificate from an endpoint for establishing a secure connection for a communication, the digital certificate including a digital certificate chain identifying one or more certificate authorities associated with the digital certificate. The device may determine whether the digital certificate is valid based on the digital certificate chain identifying one or more certificate authorities trusted by the device. The device may determine whether the connection request includes a valid token. The device may generate a token based on the digital certificate being valid and an absence of a valid token included in the connection request. The device may associate the token with the digital certificate. The device may distribute the token to the endpoint. The device may establish the secure connection with the endpoint using the token associated with the digital certificate.
Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to SHER KHAN whose telephone number is (571)272-8574.  The examiner can normally be reached on Monday-Friday-8:00am - 5:00pm (EST).If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Eleni Shiferaw can be reached on 571-272-3867.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system. Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000

/SHER A KHAN/Primary Examiner, Art Unit 2497