DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
This communication is in response to the application filed on 12/17/2020. Claims 1-20 are currently pending.)
Suggestions on how to overcome any objection(s) and rejection(s) raised in this office action are found at the end of such sections. 
Information Disclosure Statement
The information disclosure statement (IDS) submitted on 12/17/2020 was filed before the mailing date of the office action on 06/22/2022.  The submission is in compliance with the provisions of 37 CFR 1.97.  Accordingly, the information disclosure statement is being considered by the examiner.

Claim Rejections - 35 USC § 102
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –

(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale, or otherwise available to the public before the effective filing date of the claimed invention.


Claims 1-2, 7-14, and 18-20 are rejected under 35 U.S.C. 102(a)(1) as being anticipated by U.S. PGPub. No. 20190289463 to GLOUCHE et al (hereinafter GLOUCHE).


Regarding claim 1, GLOUCHE discloses a method for managing authentication of an equipment (FIG. 2, “IoT device 150”) in a data communication system for the exchange of data between the equipment and an application server of the system (FIG. 2, ¶0041 “…a method of dual-network authentication is used in order to allow IoT device 150 to establish a connection for communicating with server 30…”), 
wherein the system comprises a first data communication network configured for using a first security function for securing data communication within the first network (FIG. 2 network 45,  ¶0041 “ Server 30 may send an SMS message including communication challenge 107 to IoT device 150 over a short message service (SMS) communication network, such as over cellular communication network 45 via cellular base station 40, which supports SMS messaging”) and (¶0073 “… server 30 may encrypt communication challenge 107 with the public key associated with IoT device 150…” wherein encryption with the public key is regarded as  the first security function),  
operatively coupled (¶0037 “Server 30 may also communicate with IoT devices 15 over a cellular network 45 via a cellular base station 40”) to a second data communication network (FIG. 2, “network 25”) configured for using a second security function for securing data communication within the second network (FIG. 2, “network 25”, and ¶0056 “IoT device 150 may send communication request 105 to server 30 over an Internet Protocol (IP) communication network (e.g., Internet 25). In some embodiments, the request may be sent over a secure HTTPS link” wherein network 25 is regarded as the second network and HTTPS is regarded as the second security function),
wherein the method comprises, in an authentication management unit of the system implemented in a node of the second communication network (FIG. 2, “server 30”): 
receiving an authentication request from the equipment according to the second security function for access to the application server (¶0056 “IoT device 150 may send communication request 105 to server 30 over an Internet Protocol (IP) communication network (e.g., Internet 25). In some embodiments, the request may be sent over a secure HTTPS link” wherein network 25 is regarded as the second network and HTTPS is regarded as the second security function); 
       determining whether an equipment identifier in the first communication network was received (¶0037 “IoT devices 15 may communicate over the cellular network 45 and may be registered in the cellular network with the IMSI numbers on SIM cards 20” wherein the IMSI is the equipment identifier and the cellular network 45 is the first communication network) further to receiving an authentication request from the equipment according to the first function (¶0076- (¶0077 “In operation 215, IoT device 150 may generate response 110 to communication challenge 107 based on one or more unique identifiers by computing for example:
response=Hash(IMEI+IMSI+Decrypt(challenge,privateKey)  (2)
where Hash is a hash function, which includes, for example, the IMEI number associated with IoT device 150, the IMSI number of SIM card 152, and a decryption of the challenge using the private key associated with IoT device 150 where. The Decryption function may be, for example:
Decrypt(challenge,privateKey)=randomNonce  (3)
 IoT device 150 may send response 110 to server 30 over Internet 25” wherein the response and decryption represent the first function);
and in case the equipment identifier was not received (¶0077-¶0078 “Processor 80 in server 30 authenticates the response by verifying for example that:response=Hash(IMEI+IMSI+randomNonce)  (4)
In operation 340, if response 110 is authenticated by processor 80, server 30 may establish data connection 115 with IoT device 150. In operation 335, if response 110 is not authenticated by processor 80, server 30 may refuse data connection 115 between server 30 and IoT device 150”- the response to the communication challenge is generated based on unique identifier refer to ¶0014 of GLOUCHE).
, generating an authentication failure response for the equipment (¶0071 “if server 30 did not authenticate the response, server 30 may refuse data communication 115 connection with the one of the plurality of communication devices. In some embodiments, server 30 may send an error message to report the failed authentication to the one of the plurality of communication devices…”)  
Regarding claim 2, GLOUCHE discloses the method according to claim 1, further comprising receiving an authentication request from the equipment according to the first security function on the first communication network, wherein the authentication request uses the equipment identifier (¶0037 “IoT devices 15 may communicate over the cellular network 45 and may be registered in the cellular network with the IMSI numbers on SIM cards 20” wherein the IMSI is the equipment identifier and the cellular network 45 is the first communication network).  
Regarding claim 7, GLOUCHE discloses the method according to claim 2 further comprising: initializing a timer to a preset duration upon receiving the authentication request from the equipment according to the first security function on the first communication network; and when no authentication request for the equipment according to the second security function on the second communication network is received before expiration of the timer, generating the authentication failure response for the equipment (¶0051 “… where the dual-network authentication fails, if the device response is received after a predetermined threshold time delay from when the challenge is sent…”).  

Regarding claim 8, GLOUCHE discloses the method according to claim 1, wherein the system further comprises a database preconfigured with the correspondence between the identifier and the security element for the second security function for authentication requests from the equipment according to the second function addressed to the second network, the method further comprising (¶0064-¶0065, “In operation 305, server 30 may store a plurality of unique identifiers uniquely identifying a plurality of respective communication devices (e.g., IoT devices 15 as shown in FIG. 1), and a plurality of public and private keys associated with the plurality of communication devices 15. In operation 310, server 30 may receive communication request 105 from one of the plurality of communication devices 15 over an Internet protocol (IP) communication network (e.g., Internet 25”) and                                                                                                                (¶0030 “The use of digital certificates for authenticating each of the communication devices communicating with a server over the communication network typically requires the server to manage a large database of individual digital certificates for each of the communication devices”):  
sending to the database a request for recording the authentication failure of the equipment corresponding to the identifier and/or the security element (¶0071 “ if server 30 did not authenticate the response, server 30 may refuse data communication 115 connection with the one of the plurality of communication devices. In some embodiments, server 30 may send an error message to report the failed authentication to the one of the plurality of communication devices, a network administrator, or a designated system device”).  
Regarding claim 9, GLOUCHE discloses the method according to claim 1, wherein the equipment is provided with an initial security element for the second security function for authentication requests from the equipment according to the second function addressed to the second network, the method comprising (¶0019 wherein the public and private keys are the initial security elements and IP network is the second network): 
receiving an authentication request from the equipment according to the second security function on the second communication network (¶0019 “receiving a communication request from one of the plurality of communication devices over an internet protocol (IP) communication network”), wherein the authentication request uses the initial security element (¶0019 “and a plurality of public and private keys associated with the plurality of communication devices”); 
generating an authentication success response for the equipment in order to authorize access of the equipment to the application server (¶0019 “and establishing a connection with the one of the plurality of communication devices over the IP communication network upon authenticating the response”); 
upon receiving a message from the application server indicating that the equipment is recorded in the application server by using a secured connection between the equipment and the application server following authentication success of the equipment, obtaining an operator security element (¶0019 “…storing a plurality of unique identifiers uniquely identifying a plurality of respective communication devices, and a plurality of public and private keys associated with the plurality of communication devices…” wherein the unique identifiers represent operator security element); 
and sending the operator security element to the application server for sending to the equipment by using the secured connection (¶0031 “…The IMSI number is typically used to uniquely identify a subscriber on a mobile network. A server may use General Packet Radio Service (GPRS) connections using SIM cards to access IoT communication devices by using an SMS exchange and/or by using data exchange over the internet (e.g., TCP/IP communications”).  

Regarding claim 10. GLOUCHE discloses the method according to claim 9, wherein the system further comprises a database preconfigured with the correspondence between the identifier and an initial security element for the second security function for authentication requests from the equipment according to the second function addressed to the second network, the method further comprising (¶0064-¶0065, “In operation 305, server 30 may store a plurality of unique identifiers uniquely identifying a plurality of respective communication devices (e.g., IoT devices 15 as shown in FIG. 1), and a plurality of public and private keys associated with the plurality of communication devices 15. In operation 310, server 30 may receive communication request 105 from one of the plurality of communication devices 15 over an Internet protocol (IP) communication network (e.g., Internet 25”) and                                                                  (¶0030 “The use of digital certificates for authenticating each of the communication devices communicating with a server over the communication network typically requires the server to manage a large database of individual digital certificates for each of the communication devices”): 
sending to the database a request to update the initial security element with the operator security element (¶0028 “…The IoT device may also use, for example, web services that can return, insert, or modify entries in a database stored in the server”)   

Regarding claim 11, GLOUCHE discloses the method according to claim 1, wherein the system further comprises a database preconfigured with the correspondence between the identifier and the security element for the second security function for authentication requests from the equipment according to the second function addressed to the second network, the method further comprising (¶0064-¶0065, “In operation 305, server 30 may store a plurality of unique identifiers uniquely identifying a plurality of respective communication devices (e.g., IoT devices 15 as shown in FIG. 1), and a plurality of public and private keys associated with the plurality of communication devices 15. In operation 310, server 30 may receive communication request 105 from one of the plurality of communication devices 15 over an Internet protocol (IP) communication network (e.g., Internet 25”) and                                                                                                                (¶0030 “The use of digital certificates for authenticating each of the communication devices communicating with a server over the communication network typically requires the server to manage a large database of individual digital certificates for each of the communication devices”): 
sending to the database a request for recording the authentication failure of the equipment corresponding to the identifier and/or the security element (¶0071 “if server 30 did not authenticate the response, server 30 may refuse data communication 115 connection with the one of the plurality of communication devices. In some embodiments, server 30 may send an error message to report the failed authentication to the one of the plurality of communication devices, a network administrator, or a designated system device”).  

Regarding claim 12, GLOUCHE discloses an apparatus, wherein the apparatus is configured for managing authentication of an equipment (FIG. 2, “IoT device 150”) in a data communication system for the exchange of data between the equipment and an application server of the system (FIG. 2, ¶0041 “…a method of dual-network authentication is used in order to allow IoT device 150 to establish a connection for communicating with server 30…”), 
wherein the system comprises a first data communication network configured for using a first security function for securing data communication within the first network (FIG. 2 network 45,  ¶0041 “ Server 30 may send an SMS message including communication challenge 107 to IoT device 150 over a short message service (SMS) communication network, such as over cellular communication network 45 via cellular base station 40, which supports SMS messaging”) and (¶0073 “… server 30 may encrypt communication challenge 107 with the public key associated with IoT device 150…” wherein encryption with the public key is regarded as  the first security function),
operatively coupled (¶0037 “Server 30 may also communicate with IoT devices 15 over a cellular network 45 via a cellular base station 40”) to a second data communication network (FIG. 2, “network 25”) configured for using a second security function for securing data communication within the second network (FIG. 2, “network 25”, and ¶0056 “IoT device 150 may send communication request 105 to server 30 over an Internet Protocol (IP) communication network (e.g., Internet 25). In some embodiments, the request may be sent over a secure HTTPS link” wherein network 25 is regarded as the second network and HTTPS is regarded as the second security function),
 and the apparatus comprises a processor, a data communication interface and memory operatively coupled to the processor (¶0038 “Server 30 may include a processor 80, a memory 85, server circuitry 70 and an antenna 75. Server 30 may include a network interface 83 for communicating over Internet 25”), and the apparatus is implemented in a node of the second communication network (FIG. 2, “server 30”):  
wherein the processor is configured to: receive an authentication request from the equipment according to the second security function for access to the application server (¶0056 “IoT device 150 may send communication request 105 to server 30 over an Internet Protocol (IP) communication network (e.g., Internet 25). In some embodiments, the request may be sent over a secure HTTPS link” wherein network 25 is regarded as the second network and HTTPS is regarded as the second security function);  
determine whether an equipment identifier in the first communication network was received (¶0037 “IoT devices 15 may communicate over the cellular network 45 and may be registered in the cellular network with the IMSI numbers on SIM cards 20” wherein the IMSI is the equipment identifier and the cellular network 45 is the first communication network) further to receiving an authentication request from the equipment according to the first function (¶0076- (¶0077 “In operation 215, IoT device 150 may generate response 110 to communication challenge 107 based on one or more unique identifiers by computing for example:
response=Hash(IMEI+IMSI+Decrypt(challenge,privateKey)  (2)
where Hash is a hash function, which includes, for example, the IMEI number associated with IoT device 150, the IMSI number of SIM card 152, and a decryption of the challenge using the private key associated with IoT device 150 where. The Decryption function may be, for example:
Decrypt(challenge,privateKey)=randomNonce  (3)
 IoT device 150 may send response 110 to server 30 over Internet 25” wherein the response and decryption represent the first function); 
and in case the equipment identifier was not received (¶0077-¶0078 “Processor 80 in server 30 authenticates the response by verifying for example that:response=Hash(IMEI+IMSI+randomNonce)  (4)
In operation 340, if response 110 is authenticated by processor 80, server 30 may establish data connection 115 with IoT device 150. In operation 335, if response 110 is not authenticated by processor 80, server 30 may refuse data connection 115 between server 30 and IoT device 150”- the response to the communication challenge is generated based on unique identifier refer to ¶0014 of GLOUCHE). 
, generate an authentication failure response for the equipment (¶0071 “if server 30 did not authenticate the response, server 30 may refuse data communication 115 connection with the one of the plurality of communication devices. In some embodiments, server 30 may send an error message to report the failed authentication to the one of the plurality of communication devices…”).  
Regarding claim 13, GLOUCHE discloses a non-transitory computer-readable storage medium for a computer executable program, comprising a set of data representing one or more programs, wherein said one or more programs comprise instructions for, (¶0027 “other information non-transitory storage medium (e.g., a memory) that may store instructions to perform operations and/or processes”) during execution of said one or more programs by a computer comprising a processing unit operatively coupled with a memory and with an input/output interface module (¶0038 “Server 30 may include a processor 80, a memory 85, server circuitry 70 and an antenna 75. Server 30 may include a network interface 83 for communicating over Internet 25”), driving the computer to implement a method for managing authentication of an equipment (FIG. 2, “IoT device 150”) in a data communication system for the exchange of data between the equipment and an application server of the system (FIG. 2, ¶0041 “…a method of dual-network authentication is used in order to allow IoT device 150 to establish a connection for communicating with server 30…”), 
wherein the system comprises a first data communication network configured for using a first security function for securing data communication within the first network (FIG. 2 network 45,  ¶0041 “ Server 30 may send an SMS message including communication challenge 107 to IoT device 150 over a short message service (SMS) communication network, such as over cellular communication network 45 via cellular base station 40, which supports SMS messaging”) and (¶0073 “… server 30 may encrypt communication challenge 107 with the public key associated with IoT device 150…” wherein encryption with the public key is regarded as  the first security function), 
operatively coupled (¶0037 “Server 30 may also communicate with IoT devices 15 over a cellular network 45 via a cellular base station 40”) to a second data communication network (FIG. 2, “network 25”) configured for using a second security function for securing data communication within the second network (¶0056 “IoT device 150 may send communication request 105 to server 30 over an Internet Protocol (IP) communication network (e.g., Internet 25). In some embodiments, the request may be sent over a secure HTTPS link” wherein network 25 is regarded as the second network and HTTPS is regarded as the second security function), 
wherein the method comprises, in an authentication management unit of the system implemented in a node of the second communication network (FIG. 2, “server 30”): 
receiving an authentication request from the equipment according to the second security function for access to the application server (¶0056 “IoT device 150 may send communication request 105 to server 30 over an Internet Protocol (IP) communication network (e.g., Internet 25). In some embodiments, the request may be sent over a secure HTTPS link” wherein network 25 is regarded as the second network and HTTPS is regarded as the second security function); 3912810056US 
determining whether an equipment identifier in the first communication network was received (¶0037 “IoT devices 15 may communicate over the cellular network 45 and may be registered in the cellular network with the IMSI numbers on SIM cards 20” wherein the IMSI is the equipment identifier and the cellular network 45 is the first communication network) further to receiving an authentication request from the equipment according to the first function (¶0076- (¶0077 “In operation 215, IoT device 150 may generate response 110 to communication challenge 107 based on one or more unique identifiers by computing for example:
response=Hash(IMEI+IMSI+Decrypt(challenge,privateKey)  (2)
where Hash is a hash function, which includes, for example, the IMEI number associated with IoT device 150, the IMSI number of SIM card 152, and a decryption of the challenge using the private key associated with IoT device 150 where. The Decryption function may be, for example:
Decrypt(challenge,privateKey)=randomNonce  (3)
 IoT device 150 may send response 110 to server 30 over Internet 25” wherein the response and decryption represent the first function); 
and in case the equipment identifier was not received (¶0077-¶0078 “Processor 80 in server 30 authenticates the response by verifying for example that:response=Hash(IMEI+IMSI+randomNonce)  (4)
In operation 340, if response 110 is authenticated by processor 80, server 30 may establish data connection 115 with IoT device 150. In operation 335, if response 110 is not authenticated by processor 80, server 30 may refuse data connection 115 between server 30 and IoT device 150”- the response to the communication challenge is generated based on unique identifier in reference to ¶0014). 
 generating an authentication failure response for the equipment (¶0071 “if server 30 did not authenticate the response, server 30 may refuse data communication 115 connection with the one of the plurality of communication devices. In some embodiments, server 30 may send an error message to report the failed authentication to the one of the plurality of communication devices…”).  
Regarding claim 14, GLOUCHE discloses the apparatus according to claim 12, wherein the processor is further configured to receive an authentication request from the equipment according to the first security function on the first communication network, wherein the authentication request uses the equipment identifier (¶0037 “IoT devices 15 may communicate over the cellular network 45 and may be registered in the cellular network with the IMSI numbers on SIM cards 20” wherein the IMSI is the equipment identifier and the cellular network 45 is the first communication network).  

Regarding claim 18, GLOUCHE discloses the apparatus according to claim 12: wherein the processor is further configured to: upon receiving a response from the database indicating that there is no correspondence between the identifier and the received element, generate the authentication failure response for the equipment (¶0071 if server 30 did not authenticate the response, server 30 may refuse data communication 115 connection with the one of the plurality of communication devices. In some embodiments, server 30 may send an error message to report the failed authentication to the one of the plurality of communication devices, a network administrator, or a designated system device”).  

Regarding claim 19, GLOUCHE discloses the apparatus according to claim 12, wherein the processor is further configured to: initialize a timer to a preset duration upon receiving the authentication request from the equipment according to the first security function on the first communication network; and when no authentication request for the equipment according to the second security function on the second communication network is received before expiration of the timer, generate the authentication failure response for the equipment (¶0051 “… where the dual-network authentication fails, if the device response is received after a predetermined threshold time delay from when the challenge is sent…”).  

Regarding claim 20, GLOUCHE discloses the apparatus according to claim 12, wherein the system further comprises a database preconfigured with the correspondence between the identifier and the security element for the second security function for authentication requests from the equipment according to the second function addressed to the second network (¶0064-¶0065, “In operation 305, server 30 may store a plurality of unique identifiers uniquely identifying a plurality of respective communication devices (e.g., IoT devices 15 as shown in FIG. 1), and a plurality of public and private keys associated with the plurality of communication devices 15. In operation 310, server 30 may receive communication request 105 from one of the plurality of communication devices 15 over an Internet protocol (IP) communication network (e.g., Internet 25”) and                                                                                                                (¶0030 “The use of digital certificates for authenticating each of the communication devices communicating with a server over the communication network typically requires the server to manage a large database of individual digital certificates for each of the communication devices”): 
wherein the processor is further configured to send to the database a request for recording the authentication failure of the equipment corresponding to the identifier and/or the security element (¶0071 “ if server 30 did not authenticate the response, server 30 may refuse data communication 115 connection with the one of the plurality of communication devices. In some embodiments, server 30 may send an error message to report the failed authentication to the one of the plurality of communication devices, a network administrator, or a designated system device”).  

 Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

The factual inquiries for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.
Claims 3-6, 15-17 are rejected under 35 U.S.C. 103 as being unpatentable over U.S.PGPub. No. 20190289463 to GLOUCHE et al (hereinafter GLOUCHE) in view of U.S.PGPub. No. 20180338242 to Li et al (hereinafter Li)

Regarding claim 3, GLOUCHE discloses the method according to claim 2, wherein the system further comprises a database preconfigured with a correspondence between the identifier and the security element for the second security function for authentication requests from the equipment according to the second function addressed to the second network (¶0064-¶0065, “In operation 305, server 30 may store a plurality of unique identifiers uniquely identifying a plurality of respective communication devices (e.g., IoT devices 15 as shown in FIG. 1), and a plurality of public and private keys associated with the plurality of communication devices 15. In operation 310, server 30 may receive communication request 105 from one of the plurality of communication devices 15 over an Internet protocol (IP) communication network (e.g., Internet 25”) and                                                                                                              (¶0030 “The use of digital certificates for authenticating each of the communication devices communicating with a server over the communication network typically requires the server to manage a large database of individual digital certificates for each of the communication devices”):                                                                                                                                              
However, GLOUCHE does not explicitly disclose the following limitation taught by Li:                the method further comprising sending to the database a request for verification of recording the received identifier in the database, wherein the request comprises the received identifier.  
 	Li discloses searching IoT profile data to determine whether the hardware identifier matches a record in (¶0044 “…For example, referring back to FIG. 4, authenticator 155 may use the hardware identifier included in the request as a basis to search IoT profile data, and determine whether the hardware identifier matches a record (e.g., IoT identifier field 405)”). 
Thus, one of ordinary skill in the art would have found it obvious before the effective filing date of the applicant’s claimed invention to modify the method of GLOUCHE in claim 2 to include the teaching of requesting for verification of recording of received IoT identifier in a database as disclosed by Li and be motivated in doing so because it makes the system to detect a security breach before any amount of data would be communicated by or to the IoT device via the attached network-Li ¶0014 
Regarding claim 4, GLOUCHE in view of Li discloses the method according to claim 3. GLOUCHE further discloses generating the authentication failure response for the equipment (¶0071 “if server 30 did not authenticate the response, server 30 may refuse data communication 115 connection with the one of the plurality of communication devices. In some embodiments, server 30 may send an error message to report the failed authentication to the one of the plurality of communication devices…”).   
However, GLOUCHE does not explicitly disclose the following limitation taught by Li: further comprising: upon receiving a response of absence of a record for the received identifier in the database, or a response indicating an anomaly relative to one or more previous authentication requests for the equipment according to the first security function in the first communication network and/or 3612810056US according to the second security function in the second communication network 
Li discloses when the hardware identifier does not match the records, the response may indicate that the hardware identifier has not been successfully verified (¶0046 “when the hardware identifier does not match any of records 440, the response may indicate that the hardware identifier has not been successfully verified. Also, authenticator 155 may generate and transmit a message to a network device in core network 115 that causes the default bearer to be torn down. For example, authenticator 155 may generate and transmit a delete session request to MME 130. Subsequently, in response to receiving the delete session request, MME 130 may initiate a PDN teardown procedure of the default bearer (e.g., the EPS bearer) and the external bearer established with PGW 125. In this way, IoT device 180 may not establish a session, or transmit and/or receive data from a network device residing in network 150),
Thus, one of ordinary skill in the art would have found it obvious before the effective filing date of the applicant’s claimed invention to modify the method of GLOUCHE and Li in claim 3 to include the teaching of response to hardware identifier not matching records in the database as disclosed by Li and be motivated in doing so because it prevents data from being transmitted to or received from a network device residing in the network in order to avoid any security risk-Li ¶0046 in part.
Regarding claim 5, GLOUCHE discloses the method according to claim 2, wherein the system further comprises a database preconfigured with the correspondence between the identifier and the security element for the second security function for authentication requests from the equipment according to the second function addressed to the second network (¶0064-¶0065, “In operation 305, server 30 may store a plurality of unique identifiers uniquely identifying a plurality of respective communication devices (e.g., IoT devices 15 as shown in FIG. 1), and a plurality of public and private keys associated with the plurality of communication devices 15. In operation 310, server 30 may receive communication request 105 from one of the plurality of communication devices 15 over an Internet protocol (IP) communication network (e.g., Internet 25”) and                                                                                                              (¶0030 “The use of digital certificates for authenticating each of the communication devices communicating with a server over the communication network typically requires the server to manage a large database of individual digital certificates for each of the communication devices”):                                                                                                                                               
the method further comprising: receiving an authentication request from the equipment according to the second security function on the second communication network, wherein the authentication request uses the security element (FIG. 2, “network 25”, and ¶0056 “IoT device 150 may send communication request 105 to server 30 over an Internet Protocol (IP) communication network (e.g., Internet 25). In some embodiments, the request may be sent over a secure HTTPS link”) and (¶0076 “IoT device 150 may generate response 110 to communication challenge 107 based on one or more unique identifiers by computing for example:
response=Hash(IMEI+IMSI+Decrypt(challenge,privateKey)…”) ; 
However, GLOUCHE does not explicitly disclose the following limitation taught by Li:  4012810056US
sending to the database a request for verification of recording the received identifier corresponding to the received security element in the database, wherein the request comprises the received identifier and the received security element.  
	Li discloses searching IoT profile data to determine whether the hardware identifier matches a record in (¶0044 “…For example, referring back to FIG. 4, authenticator 155 may use the hardware identifier included in the request as a basis to search IoT profile data, and determine whether the hardware identifier matches a record (e.g., IoT identifier field 405)”). 
Thus, one of ordinary skill in the art would have found it obvious before the effective filing date of the applicant’s claimed invention to modify the method of GLOUCHE in claim 2 to include the teaching of requesting for verification of recording of received IoT identifier in a database as disclosed by Li and be motivated in doing so because it makes the system to detect a security breach before any amount of data would be communicated by or to the IoT device via the attached network-Li ¶0014.  
Regarding claim 6, GLOUCHE in view of Li discloses the method according to claim 5. GLOUCHE further discloses further comprising: upon receiving a response from the database indicating that there is no correspondence between the identifier and the received element, generating the authentication failure response for the equipment (¶0071 “if server 30 did not authenticate the response, server 30 may refuse data communication 115 connection with the one of the plurality of communication devices. In some embodiments, server 30 may send an error message to report the failed authentication to the one of the plurality of communication devices, a network administrator, or a designated system device”).  

Regarding claim 15, GLOUCHE discloses the apparatus according to claim 12 wherein the system further comprises a database preconfigured with the correspondence between the identifier and the security element for the second security function for authentication requests from the equipment according to the second function addressed to the second network (¶0064-¶0065, “In operation 305, server 30 may store a plurality of unique identifiers uniquely identifying a plurality of respective communication devices (e.g., IoT devices 15 as shown in FIG. 1), and a plurality of public and private keys associated with the plurality of communication devices 15. In operation 310, server 30 may receive communication request 105 from one of the plurality of communication devices 15 over an Internet protocol (IP) communication network (e.g., Internet 25”) and                                                                                                              (¶0030 “The use of digital certificates for authenticating each of the communication devices communicating with a server over the communication network typically requires the server to manage a large database of individual digital certificates for each of the communication devices”):    
However, GLOUCHE does not explicitly disclose the following limitation taught by Li:                                                                                                                                                        and wherein the processor is further configured to send to the database a request for verification of recording the received identifier in the database, wherein the request comprises the received identifier.  
	Li discloses searching IoT profile data to determine whether the hardware identifier matches a record in (¶0044 “…For example, referring back to FIG. 4, authenticator 155 may use the hardware identifier included in the request as a basis to search IoT profile data, and determine whether the hardware identifier matches a record (e.g., IoT identifier field 405)”). 
Thus, one of ordinary skill in the art would have found it obvious before the effective filing date of the applicant’s claimed invention to modify the method of GLOUCHE in claim 2 to include the teaching of requesting for verification of recording of received IoT identifier in a database as disclosed by Li and be motivated in doing so because it makes the system to detect a security breach before any amount of data would be communicated by or to the IoT device via the attached network-Li ¶0014 

Regarding claim 16, GLOUCHE discloses the apparatus according to claim 12. wherein the processor is further configured to generate the authentication failure response for the equipment (¶0071 “if server 30 did not authenticate the response, server 30 may refuse data communication 115 connection with the one of the plurality of communication devices. In some embodiments, server 30 may send an error message to report the failed authentication to the one of the plurality of communication devices…”).  
However, GLOUCHE does not explicitly disclose the following limitation taught by Li:
  upon receiving a response of absence of a record for the received identifier in the database, or a response indicating an anomaly relative to one or more previous authentication requests for the equipment according to the first security function in the first communication network and/or according to the second security function in the second communication network, 
Li discloses when the hardware identifier does not match the records, the response may indicate that the hardware identifier has not been successfully verified (¶0046 “when the hardware identifier does not match any of records 440, the response may indicate that the hardware identifier has not been successfully verified. Also, authenticator 155 may generate and transmit a message to a network device in core network 115 that causes the default bearer to be torn down. For example, authenticator 155 may generate and transmit a delete session request to MME 130. Subsequently, in response to receiving the delete session request, MME 130 may initiate a PDN teardown procedure of the default bearer (e.g., the EPS bearer) and the external bearer established with PGW 125. In this way, IoT device 180 may not establish a session, or transmit and/or receive data from a network device residing in network 150),
Thus, one of ordinary skill in the art would have found it obvious before the effective filing date of the applicant’s claimed invention to modify the method of GLOUCHE and Li in claim 3 to include the teaching of response to hardware identifier not matching records in the database as disclosed by Li and be motivated in doing so because it prevents data from being transmitted to or received from a network device residing in the network in order to avoid any security risk-Li ¶0046 in part.
Regarding claim 17, GLOUCHE discloses the apparatus according to claim 12, wherein the system further comprises a database preconfigured with the correspondence between the identifier and the security element for the second security function for authentication requests from the equipment according to the second function addressed to the second network (¶0064-¶0065, “In operation 305, server 30 may store a plurality of unique identifiers uniquely identifying a plurality of respective communication devices (e.g., IoT devices 15 as shown in FIG. 1), and a plurality of public and private keys associated with the plurality of communication devices 15. In operation 310, server 30 may receive communication request 105 from one of the plurality of communication devices 15 over an Internet protocol (IP) communication network (e.g., Internet 25”) and                                                                                                              (¶0030 “The use of digital certificates for authenticating each of the communication devices communicating with a server over the communication network typically requires the server to manage a large database of individual digital certificates for each of the communication devices”):                                                                                                                                               
wherein the processor is further configured to: receive an authentication request from the equipment according to the second security function on the second communication network, wherein the authentication request uses the security element (FIG. 2, “network 25”, and ¶0056 “IoT device 150 may send communication request 105 to server 30 over an Internet Protocol (IP) communication network (e.g., Internet 25). In some embodiments, the request may be sent over a secure HTTPS link”) and (¶0076 “IoT device 150 may generate response 110 to communication challenge 107 based on one or more unique identifiers by computing for example:
response=Hash(IMEI+IMSI+Decrypt(challenge,privateKey)…”)
However, GLOUCHE does not explicitly disclose the following limitation taught by Li:  4012810056US
send to the database a request for verification of recording the received identifier corresponding to the received security element in the database, wherein the request comprises the received identifier and the received security element
 	Li discloses searching IoT profile data to determine whether the hardware identifier matches a record in (¶0044 “…For example, referring back to FIG. 4, authenticator 155 may use the hardware identifier included in the request as a basis to search IoT profile data, and determine whether the hardware identifier matches a record (e.g., IoT identifier field 405)”). 
Thus, one of ordinary skill in the art would have found it obvious before the effective filing date of the applicant’s claimed invention to modify the method of GLOUCHE in claim 12 to include the teaching of requesting for verification of recording of received IoT identifier in a database as disclosed by Li and be motivated in doing so because it makes the system to detect a security breach before any amount of data would be communicated by or to the IoT device via the attached network-Li ¶0014.  
 Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure U.S. PGPub. 20080016230, U.S. PGPub. 20180054734, and U.S. PGPub. 20220150740.


 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to MUDASIRU K OLAEGBE whose telephone number is (571)272-2082. The examiner can normally be reached MON-FRI. 7.30AM-5.30PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Farid Homayounmehr can be reached on 5712723739. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/MUDASIRU K OLAEGBE/Examiner, Art Unit 2495                                                                                                                                                                                                        
/FARID HOMAYOUNMEHR/Supervisory Patent Examiner, Art Unit 2495