DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Acknowledgements
This communication is in response to
Application claim amendments filed on 07/05/2022, and 
Authorization for the below examiner’s claim amendments was given by Phone by Mr. Steven Stupp (Reg. No. 54,475) on 07/20/2022.

The amendments filed on 07/05/2022 have been entered.
The claims amendments overcome the USC 103 rejections previously set forth in the Office Action mailed on 05/02/2022.

An examiner’s amendment to the record appears below. Should the changes and/or additions be unacceptable to applicant, an amendment may be filed as provided by 37 CFR 1.312. To ensure consideration of such an amendment, it MUST be submitted no later than the payment of the issue fee.

Examiner’s Amendment
Note: Proposed amendments marked manually with underlining and 
Claims
Please replace claim 1 with:
1. (Currently Amended) An electronic device configured to securely distribute a link key to a gateway, comprising:
	a network node; 
	an interface circuit communicatively coupled to the network node; 
	a processor coupled to the interface circuit; and 
	memory, coupled to the processor, configured to store program instructions, wherein, when executed by the processor, the program instructions cause the electronic device to perform operations, comprising:	
		while an administrator is logged in via a computer that is different from the electronic device: 
	receiving, at the interface circuit and associated with a second computer, [[a]] the link key using a secure widget, wherein the link key facilitates secure communication via a link;
			after receiving the link key, creating, at the electronic device, an access key;
	generating, at the electronic device, an encrypted version of the link key based at least in part on the access key and the link key, wherein the access key enables access to the link key based at least in part on the encrypted version of the link key; and
	storing, at the electronic device, at least two of the link key, the access key and the encrypted version of the link key in a trusted envelope or partition in the memory with encryption;
when the administrator logs out, disabling access to the trusted envelope, wherein access to the stored at least two of the link key, the access key and the encrypted version of the link key in the trusted envelope or the partition in the memory with encryption is only enabled when the administrator is logged in;
			when the administrator logs in via the computer again:
 				re-enabling access to the trusted envelope;
	when the electronic device receives information that indicates that [[a]] the gateway has joined a network, providing, from the interface circuit, the encrypted version of the link key addressed to the gateway; and
	when the electronic device receives, at the interface circuit and associated with the gateway, an access request for the access key, providing, from the interface circuit, the access key addressed to the gateway, wherein the access request is associated with [[a]] an authorized second electronic device that is associated with [[a]] the gateway and an entity that is different than the administrator; and
		when the administrator logs out again, disabling access to the trusted envelope.
	
	Please replace claim 13 with:
	13. (Currently Amended) A non-transitory computer-readable storage medium for use in conjunction with an electronic device, the computer-readable storage medium storing program instructions that, when executed by the electronic device, securely distributes a link key to a gateway by causing the electronic device to perform operations comprising:
	while an administrator is logged in via a computer that is different from the electronic device: 
		receiving, at the electronic device and associated with a second computer, the link key using a secure widget, wherein the link key facilitates secure communication via a link;
		after receiving the link key, creating, at the electronic device, an access key;		generating, at the electronic device, an encrypted version of the link key based at least in part on the access key and the link key, wherein the access key enables access to the link key based at least in part on the encrypted version of the link key; and
	storing, at the electronic device, at least two of the link key, the access key and the encrypted version of the link key in a trusted envelope or partition in a memory of the electronic device with encryption;
	when the administrator logs out, disabling access to the trusted envelope, wherein access to the stored at least two of the link key, the access key and the encrypted version of the link key in the trusted envelope or the partition in the memory with encryption is only enabled when the administrator is logged in;
	when the administrator logs in via the computer again:
 			re-enabling access to the trusted envelope;
		when the electronic device receives information that indicates that [[a]] the gateway has joined a network, providing, from the electronic device 
		when the electronic device receives, electronic device an authorized second electronic device that is associated with [[a]] the gateway and an entity that is different than the administrator; and
	when the administrator logs out again, disabling access to the trusted envelope.
Please replace claim 16 with:
	16. (Currently Amended) The non-transitory computer-readable storage medium of claim [[15]] 13, wherein the encrypted version of the link key and the access key are provided using different communication channels.  
	
	Please replace claim 17 with:
	17.	(Currently Amended) A method for securely distributing a link key to a gateway comprising:
	by an electronic device:
	while an administrator is logged in via a computer that is different from the electronic device: 
		receiving, at the electronic device and associated with a second computer, the link key using a secure widget, wherein the link key facilitates secure communication via a link;
		after receiving the link key, creating, at the electronic device, an access key;	
		generating, at the electronic device, an encrypted version of the link key based at least in part on the access key and the link key, wherein the access key enables access to the link key based at least in part on the encrypted version of the link key; and
		storing, at the electronic device, at least two of the link key, the access key and the encrypted version of the link key in a trusted envelope or partition in a memory of the electronic device with encryption;
	when the administrator logs out, disabling access to the trusted envelope, wherein access to the stored at least two of the link key, the access key and the encrypted version of the link key in the trusted envelope or the partition in the memory with encryption is only enabled when the administrator is logged in;
	when the administrator logs in via the computer again:
 			re-enabling access to the trusted envelope;
		when the electronic device receives information that indicates that [[a]] the gateway has joined a network, providing, from the electronic device 
		when the electronic device receives, electronic device an authorized second electronic device that is associated with [[a]] the gateway and an entity that is different than the administrator; and
when the administrator logs out again, disabling access to the trusted envelope.

Allowable Subject Matter
Claims 1-6, 8, 10-14 and 16-22 are allowed.
The following is a statement of reasons for indication of allowable subject matter.
Cited and relevant prior art of record:
Vasic (US 7885413 B2),
Saylor (US 10257179 B1),
Yang (US 20170093565 A1),
Dangooret (US 8375207 B2), and
Pedersen (US 20170180419 A1).

Vasic discloses remote computer systems, a key server and a repository server, and further discloses an operation when a user accesses an interface to log in and thereby authenticate himself/herself to the system, where the users’ roles include an administrative level. Vasic further discloses a process to encrypt data to be stored or decrypt data to be retrieved, which is based on retrieving encrypted session key (SEK), encrypted with a session-key-protection key and consequently decrypting the encrypted SEK, where this process is achieved only if the user is successfully authenticated, i.e. successfully logged in. Vasic further discloses a hidden link in order to access encrypted information, and storing the session key and the session-key-protection key. Vasic further discloses that access to encrypted information, is achieved by authorized user, through the hidden link pointing to the protection key that decrypts the session key. Saylor discloses when a user logging out, a certificate associated with a client device is deleted therefore, the client device is deactivated from accessing the client account. Yang discloses after receiving a generated symmetric key, to be used for encrypting an eSIM, then deriving a key encryption key for encrypting the generated symmetric key. Dangooret discloses a joining device sending information to a trust center indicating the joining device joining a network, accordingly, the trust center, after mutual authentication sends secured/encrypted network key, to the joining device for encryption/decryption of network traffic. Pedersen discloses when a server receives through its interface a request from a client, the server provides the client a key used for decrypting the encrypted session key at the client device.
While above prior arts disclose the aforementioned concepts, however, none of the prior arts, individually or in combination, discloses all limitations, as a whole, in the manner recited in the independent claims. Specifically, none of the prior art discloses
“while an administrator is logged in via a computer that is different from the electronic device”, the electronic device performs the operation as recited in the independent claims, and “when the administrator logs in via the computer again”, perform the operation as recited in the independent claim including “providing, from the electronic device, the access key addressed to the gateway, wherein the access request is associated with an authorized second electronic device that is associated with the gateway and an entity that is different than the administrator”. Therefore, the above limitations in conjunction with the remaining limitations of the independent claims render the above independent claims allowable.

Any comments considered necessary by applicant must be submitted no later than the payment of the issue fee and, to avoid processing delays, should preferably accompany the issue fee. Such submissions should be clearly labeled "Comments on Statement of Reasons for Allowance."

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to BASSAM A NOAMAN whose telephone number is (571)272-2705.  The examiner can normally be reached on Monday-Friday 8:30 AM-5:00PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Eleni A. Shiferaw can be reached on (571) 272-3867.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.




/BASSAM A NOAMAN/Examiner, Art Unit 2497