Remarks
Claims 1-7, 10, 12-22, and 24 are pending.  

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Claim Interpretation
Any language within any claim that is not required thereby has no patentable weight, such as functionality that is intended use.  

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1-7, 10, 12-19, and 24 are rejected under 35 U.S.C. 103 as being unpatentable over Vaswani (U.S. Patent Application Publication 2012/0116602) in view of Weintraub (U.S. Patent 11,005,889).
Regarding Claim 1,
Vaswani discloses a computer implemented method for delivering an authenticatable management activity to a group of remote devices, the method comprising:
Receiving, at a remote web client, an activity authorization token from a remote service, the activity authorization token defining a management activity to be performed on the group of remote devices (Exemplary Citations: for example, Abstract, Paragraphs 20-22, 41-46, and associated figures; command, payload, message, call, etc., as examples.  It is noted that the remote web client is receiving these via a network (e.g., WAN 34 in figures 1 and 8).  Therefore, the client is a web client, since it is connected to a web/network);
Rendering, at the remote web client, a human readable description of the management activity to be approved by an operator of the remote web client; in response to approval of the management activity by the operator, adding, at the remote web client, a client signature to the activity authorization token with a remote web client private key under the control of the operator (Exemplary Citations: for example, Abstract, Paragraphs 20-22, 28-32, 41-46, and associated figures; authorized user in bunker can authorize restricted commands with signatures verifying such, for example); and
Forwarding, from the remote web client, the signed activity authorization token to enable the signed token to be provided to the group of remote devices (Exemplary Citations: for example, Abstract, Paragraphs 20-22, 28-32, 41-46, 49-54, and associated figures; sending the above to meters, nodes, or the like, as examples);
But does not explicitly use the word web.  
Weintraub discloses a computer implemented method for delivering an authenticatable management activity to a group of remote devices, the method comprising:
Receiving, at a remote web client, an activity authorization token from a remote service, the activity authorization token defining a management activity to be performed on the group of remote devices (Exemplary Citations: for example, Abstract, Column 3, lines 10-31; Column 4, line 44 to Column 5, line 17; Column 5, line 54 to Column 6, line 3; Column 6, line 50 to Column 7, line 23; Column 7, line 64 to Column 8, line 14; Column 9, lines 16-36, Column 9, line 63 to Column 10, line 7; Column 11, line 45 to Column 12, line 11; and associated figures; receiving policy edits, changes, or the like, at a web client (e.g., a device that uses a web browser as a UI/GUI and/or a device on a network that is a web device since it is connected to the web), for example);
Rendering, at the remote web client, a human readable description of the management activity to be approved by an operator of the remote web client; in response to approval of the management activity by the operator, adding, at the remote web client, a client signature to the activity authorization token with a remote web client private key under the control of the operator (Exemplary Citations: for example, Abstract, Column 4, line 44 to Column 5, line 53; Column 7, lines 24-51; Column 8, lines 25-36; Column 9, line 37 to Column 10, line 7; Column 11, line 45 to Column 12, line 11; and associated figures; receiving responses approving the edit, change, or the like, including a signature of the approver, for example); and
Forwarding, from the remote web client, the signed activity authorization token to enable the signed token to be provided to the group of remote devices (Exemplary Citations: for example, Abstract, Column 3, lines 33-43; Column 5, line 46 to Column 6, line 15; Column 7, lines 52-63; Column 8, lines 15-61; Column 9, line 55 to Column 10, line 7; Column 11, line 45 to Column 12, line 11; and associated figures; sending the above to initiator (e.g., device 102), storing in a distributed policy repository, single policy repository, sending to policy administration point for sending to repository, etc., as examples).  It would have been obvious to one of ordinary skill in the art at the time of applicant’s invention, which is before any effective filing date of the claimed invention, to incorporate the consensus based authorization techniques of Weintraub into the authorization system of Vaswani in order to allow the system to request and be given a consensus of authorizations from multiple authorizing parties, to allow for additional forms of storage, to extend the system for use in additional settings, such as in authorizing policy changes, and/or to increase security in the system.  
Regarding Claim 24,
Claim 24 is a method claim that is broader than method claim 1 and is rejected for the same reasons.  
Regarding Claim 2,
Vaswani as modified by Weintraub discloses the method of claim 1, in addition, Vaswani discloses that the activity authorization token comprises a digital signature of the remote service and machine readable data, the machine readable data comprising sign off information (Exemplary Citations: for example, Abstract, Paragraphs 20-22, 28-32, 41-46, 49-54, and associated figures; signature and approvals, for example); and
Weintraub discloses that the activity authorization token comprises a digital signature of the remote service and machine readable data, the machine readable data comprising sign off information (Exemplary Citations: for example, Abstract, Column 3, lines 10-31; Column 4, line 44 to Column 6, line 15; Column 6, line 50 to Column 8, line 61; Column 9, line 16 to Column 10, line 7; Column 11, line 45 to Column 12, line 11; and associated figures; signatures, edits, and approvals, for example).  
Regarding Claim 3,
Vaswani as modified by Weintraub discloses the method of claim 1, in addition, Vaswani discloses prior to receiving the activity authorization token, receiving, at the remote web client, a notification of a pending management activity to be performed on the group of remote devices (Exemplary Citations: for example, Abstract, Paragraphs 20-22, 28-32, 41-46, 49-54, and associated figures; user request, request for permission to issue command, as examples); and
Transmitting to the remote service, a request for the pending management activity (Exemplary Citations: for example, Abstract, Paragraphs 20-22, 28-32, 41-46, 49-54, and associated figures; transmitting of the above, for example); and
Weintraub discloses prior to receiving the activity authorization token, receiving, at the remote web client, a notification of a pending management activity to be performed on the group of remote devices (Exemplary Citations: for example, Abstract, Column 3, lines 10-31; Column 4, line 44 to Column 6, line 15; Column 6, line 50 to Column 8, line 61; Column 9, line 16 to Column 10, line 7; Column 11, line 45 to Column 12, line 11; and associated figures; previous notification, previous edit, etc., as examples); and
Transmitting to the remote service, a request for the pending management activity (Exemplary Citations: for example, Abstract, Column 3, lines 10-31; Column 4, line 44 to Column 6, line 15; Column 6, line 50 to Column 8, line 61; Column 9, line 16 to Column 10, line 7; Column 11, line 45 to Column 12, line 11; and associated figures; response thereto, for example).  
Regarding Claim 4,
Vaswani as modified by Weintraub discloses the method of claim 1, in addition, Vaswani discloses storing the remote client private key in a hardware security module at the remote web client (Exemplary Citations: for example, Abstract, Paragraphs 18-22, 28-37, 41-46, 49-54, and associated figures; private key in HSM, for example).  
Regarding Claim 5,
Vaswani as modified by Weintraub discloses the method of claim 4, in addition, Vaswani discloses utilizing two factor authentication to release the remote client private key (Exemplary Citations: for example, Abstract, Paragraphs 20-22, 28-32, 41-46, 49-54, and associated figures; secure access to bunker via fingerprint detection, physical keys or tokens, and/or password protection, for example).  
Regarding Claim 6,
Vaswani as modified by Weintraub discloses the method of claim 5, in addition, Vaswani discloses prior to adding the client signature to the activity authorization token, requesting the operator provides operator authentication to release the remote client private key (Exemplary Citations: for example, Abstract, Paragraphs 20-22, 28-32, 41-46, 49-54, and associated figures; as above, for example); and
Generating the client signature based on the remote client private key (Exemplary Citations: for example, Abstract, Paragraphs 20-22, 28-32, 41-46, 49-54, and associated figures; as above, for example); and
Weintraub discloses prior to adding the client signature to the activity authorization token, requesting the operator provides operator authentication to release the remote client private key (Exemplary Citations: for example, Abstract, Column 3, lines 10-31; Column 4, line 44 to Column 6, line 15; Column 6, line 50 to Column 8, line 61; Column 9, line 16 to Column 10, line 7; Column 11, line 45 to Column 12, line 11; and associated figures; approval, for example); and
Generating the client signature based on the remote client private key (Exemplary Citations: for example, Abstract, Column 3, lines 10-31; Column 4, line 44 to Column 6, line 15; Column 6, line 50 to Column 8, line 61; Column 9, line 16 to Column 10, line 7; Column 11, line 45 to Column 12, line 11; and associated figures; signature, for example).  
Regarding Claim 7,
Vaswani as modified by Weintraub discloses the method of claim 6, in addition, Vaswani discloses that the operator authentication comprises the operator providing proof of physical presence, a personal identification number, or a fingerprint of the operator (Exemplary Citations: for example, Abstract, Paragraphs 20-22, 28-32, 41-46, 49-54, and associated figures; as above, for example); and
Weintraub discloses that the operator authentication comprises the operator providing proof of physical presence, a personal identification number, or a fingerprint of the operator (Exemplary Citations: for example, Abstract, Column 3, lines 10-31; Column 4, line 44 to Column 6, line 15; Column 6, line 50 to Column 8, line 61; Column 9, line 16 to Column 10, line 7; Column 11, line 45 to Column 12, line 11; and associated figures; at least physical presence is met by being at device using the UI, for example).  
Regarding Claim 10,
Vaswani as modified by Weintraub discloses the method of claim 1, in addition, Vaswani discloses forwarding the signed activity authorization token to the remote service for transmittal to the group of remote devices or forwarding the signed activity authorization token to another remote service for transmittal to the group of remote devices (Exemplary Citations: for example, Abstract, Paragraphs 20-22, 28-32, 41-46, 49-54, and associated figures); and
Weintraub discloses forwarding the signed activity authorization token to the remote service for transmittal to the group of remote devices or forwarding the signed activity authorization token to another remote service for transmittal to the group of remote devices (Exemplary Citations: for example, Abstract, Column 3, lines 10-31; Column 4, line 44 to Column 6, line 15; Column 6, line 50 to Column 8, line 61; Column 9, line 16 to Column 10, line 7; Column 11, line 45 to Column 12, line 11; and associated figures).  
Regarding Claim 12,
Vaswani as modified by Weintraub discloses the method of claim 10, in addition, Vaswani discloses establishing, at the remote service, a root of trust of the signed activity authorization token, prior to transmittal to the group of remote devices (Exemplary Citations: for example, Abstract, Paragraphs 20-22, 28-32, 41-46, 49-54, and associated figures; verifying chain of certificates, for example); and
Weintraub discloses establishing, at the remote service, a root of trust of the signed activity authorization token, prior to transmittal to the group of remote devices (Exemplary Citations: for example, Abstract, Column 3, lines 10-31; Column 4, line 44 to Column 6, line 15; Column 6, line 50 to Column 8, line 61; Column 9, line 16 to Column 10, line 7; Column 11, line 45 to Column 12, line 11; and associated figures; verifying signatures via certificates and CAs, for example).  
Regarding Claim 13,
Vaswani as modified by Weintraub discloses the method of claim 2, in addition, Vaswani discloses authenticating, at the remote service, the digital signature of the signed activity authorization token and the client signature of the signed activity authorization token, prior to forwarding the signed token (Exemplary Citations: for example, Abstract, Paragraphs 20-22, 28-32, 41-46, 49-54, and associated figures; verifying signatures, for example); and
Weintraub discloses authenticating, at the remote service, the digital signature of the signed activity authorization token and the client signature of the signed activity authorization token, prior to forwarding the signed token (Exemplary Citations: for example, Abstract, Column 3, lines 10-31; Column 4, line 44 to Column 6, line 15; Column 6, line 50 to Column 8, line 61; Column 9, line 16 to Column 10, line 7; Column 11, line 45 to Column 12, line 11; and associated figures; verifying signatures, for example).  
Regarding Claim 14,
Vaswani as modified by Weintraub discloses the method of claim 10, in addition, Vaswani discloses forwarding, from the remote service, the management activity together with the signed activity authorization token to the group of remote devices (Exemplary Citations: for example, Abstract, Paragraphs 20-22, 28-32, 41-46, 49-54, and associated figures; application or other initiator sending the above on the above-described device(s), for example); and
Weintraub discloses forwarding, from the remote service, the management activity together with the signed activity authorization token to the group of remote devices (Exemplary Citations: for example, Abstract, Column 3, lines 10-31; Column 4, line 44 to Column 6, line 15; Column 6, line 50 to Column 8, line 61; Column 9, line 16 to Column 10, line 7; Column 11, line 45 to Column 12, line 11; and associated figure; user device 102 or other initiator sending the above on to the above-described device(s), for example).  
Regarding Claim 15,
Vaswani as modified by Weintraub discloses the method of claim 14, in addition, Vaswani discloses establishing, at one or more of the remote devices, a root of trust of the signed activity authorization token, prior to performing the management activity at the one or more remote device (Exemplary Citations: for example, Abstract, Paragraphs 20-22, 28-32, 41-46, 49-54, and associated figures; verifying signatures and certificate chains, for example); and
Weintraub discloses establishing, at one or more of the remote devices, a root of trust of the signed activity authorization token, prior to performing the management activity at the one or more remote device (Exemplary Citations: for example, Abstract, Column 3, lines 10-31; Column 4, line 44 to Column 6, line 15; Column 6, line 50 to Column 8, line 61; Column 9, line 16 to Column 10, line 7; Column 11, line 45 to Column 12, line 11; and associated figures; verifying signatures and CAs, for example).  
Regarding Claim 16,
Vaswani as modified by Weintraub discloses the method of claim 15, in addition, Vaswani discloses authenticating, at one or more of the remote devices, both the remote web client and the remote service by confirming the one or more roots of trust of the signed activity authorization token referred by one or more digital signatures attached to the token, prior to the performing the management activity at the one or more remote device (Exemplary Citations: for example, Abstract, Paragraphs 20-22, 28-32, 41-46, 49-54, and associated figures); and
Weintraub discloses authenticating, at one or more of the remote devices, both the remote web client and the remote service by confirming the one or more roots of trust of the signed activity authorization token referred by one or more digital signatures attached to the token, prior to the performing the management activity at the one or more remote device (Exemplary Citations: for example, Abstract, Column 3, lines 10-31; Column 4, line 44 to Column 6, line 15; Column 6, line 50 to Column 8, line 61; Column 9, line 16 to Column 10, line 7; Column 11, line 45 to Column 12, line 11; and associated figures).  
Regarding Claim 17,
Vaswani as modified by Weintraub discloses the method of claim 14, in addition, Vaswani discloses authenticating, at one or more of the remote devices, the digital signature of the signed activity authorization token and the client signature of the signed activity authorization token, prior to performing the management activity at the one or more remote device (Exemplary Citations: for example, Abstract, Paragraphs 20-22, 28-32, 41-46, 49-54, and associated figures); and
Weintraub discloses authenticating, at one or more of the remote devices, the digital signature of the signed activity authorization token and the client signature of the signed activity authorization token, prior to performing the management activity at the one or more remote device (Exemplary Citations: for example, Abstract, Column 3, lines 10-31; Column 4, line 44 to Column 6, line 15; Column 6, line 50 to Column 8, line 61; Column 9, line 16 to Column 10, line 7; Column 11, line 45 to Column 12, line 11; and associated figures).  
Regarding Claim 18,
Vaswani as modified by Weintraub discloses the method of claim 1, in addition, Vaswani discloses that the group of remote devices comprises one or more remote devices (Exemplary Citations: for example, Abstract, Paragraphs 20-22, 28-32, 41-46, 49-54, and associated figures); and
Weintraub discloses that the group of remote devices comprises one or more remote devices (Exemplary Citations: for example, Abstract, Column 3, lines 10-31; Column 4, line 44 to Column 6, line 15; Column 6, line 50 to Column 8, line 61; Column 9, line 16 to Column 10, line 7; Column 11, line 45 to Column 12, line 11; and associated figures).  
Regarding Claim 19,
Vaswani discloses a computer implemented method for establishing trust in a remote service, the method comprising:
Storing locally, at a browser, a static signing web application page targeting the remote service (Exemplary Citations: for example, Abstract, Paragraphs 20-22, 28-32, 41-46, 49-54, and associated figures); and
Executing the signing web application page, the signing web application page comprising an activity authorization token defining a management activity provided by the remote service for client authorization to be performed on a group of remote devices (Exemplary Citations: for example, Abstract, Paragraphs 20-22, 28-32, 41-46, 49-54, and associated figures);
But does not explicitly use the word web.  
Weintraub discloses a computer implemented method for establishing trust in a remote service, the method comprising:
Storing locally, at a browser, a static signing web application page targeting the remote service (Exemplary Citations: for example, Abstract, Column 3, lines 10-31; Column 4, line 44 to Column 6, line 15; Column 6, line 50 to Column 8, line 61; Column 9, line 16 to Column 10, line 7; Column 11, line 45 to Column 12, line 11; and associated figures); and
Executing the signing web application page, the signing web application page comprising an activity authorization token defining a management activity provided by the remote service for client authorization to be performed on a group of remote devices (Exemplary Citations: for example, Abstract, Column 3, lines 10-31; Column 4, line 44 to Column 6, line 15; Column 6, line 50 to Column 8, line 61; Column 9, line 16 to Column 10, line 7; Column 11, line 45 to Column 12, line 11; and associated figures).  It would have been obvious to one of ordinary skill in the art at the time of applicant’s invention, which is before any effective filing date of the claimed invention, to incorporate the consensus based authorization techniques of Weintraub into the authorization system of Vaswani in order to allow the system to request and be given a consensus of authorizations from multiple authorizing parties, to allow for additional forms of storage, to extend the system for use in additional settings, such as in authorizing policy changes, and/or to increase security in the system.  

Claims 20-22 are rejected under 35 U.S.C. 103 as being unpatentable over Vaswani as modified by Weintraub and Hon (U.S. Patent Application Publication 2017/0324729).
Regarding Claim 20,
Vaswani as modified by Weintraub discloses that the signing web application page comprises an executable Javascript bookmarklet, the bookmarklet comprising a URL of the web page of the remote service and the activity authorization token, and wherein executing the signing web application page comprises generating the signing web application page from the URL and inserting the activity authorization token into the generated web page and authorizing all subsequently loaded resources by the bookmarklet (Vaswani: Exemplary Citations: for example, Abstract, Paragraphs 20-22, 28-32, 41-46, 49-54, and associated figures; Weintraub: Exemplary Citations: for example, Abstract, Column 3, lines 10-31; Column 4, line 44 to Column 6, line 15; Column 6, line 50 to Column 8, line 61; Column 9, line 16 to Column 10, line 7; Column 11, line 45 to Column 12, line 11; and associated figures; use of JS bookmarklets for interacting with web pages is very well-known and would be one of the options within Weintraub’s web browser UI, and use of URLs for addressing web pages is the standard method of doing so).  
Hon discloses that the signing web application page comprises an executable Javascript bookmarklet, the bookmarklet comprising a URL of the web page of the remote service and the activity authorization token, and wherein executing the signing web application page comprises generating the signing web application page from the URL and inserting the activity authorization token into the generated web page and authorizing all subsequently loaded resources by the bookmarklet (Exemplary Citations: for example, Abstract, Paragraphs 14, 40-44, 48, 51, 63-73, 80, 87, 90, 101, 108, 109, 115-118, 125-136, 142, 145, 146, 167, and associated figures; bookmarklets to web pages addressed by URLs, signatures used to verify data at such, and the like, for example).  It would have been obvious to one of ordinary skill in the art at the time of applicant’s invention, which is before any effective filing date of the claimed invention, to incorporate the authentication techniques of Hon into the authorization system of Vaswani as modified by Weintraub in order to allow the system to use extremely well-known techniques, to allow for increased extensibility in the system by allowing use of additional protocols and methods, to provide for additional forms of authentication, and/or to increase security in the system.  
Regarding Claim 21,
Vaswani as modified by Weintraub and Hon discloses the method of claim 20, in addition, Vaswani as modified by Weintraub and Hon discloses that the singing web application page comprised a hash of the content that is expected at the URL of the web page of the remote service and a hash the activity authorization token (Vaswani: Exemplary Citations: for example, Abstract, Paragraphs 20-22, 28-32, 41-46, 49-54, and associated figures; Weintraub: Exemplary Citations: for example, Abstract, Column 3, lines 10-31; Column 4, line 44 to Column 6, line 15; Column 6, line 50 to Column 8, line 61; Column 9, line 16 to Column 10, line 7; Column 11, line 45 to Column 12, line 11; and associated figures; Hon: Exemplary Citations: for example, Abstract, Paragraphs 14, 40-44, 48, 51, 63-73, 80, 87, 90, 101, 108, 109, 115-118, 125-136, 142, 145, 146, 167, and associated figures; signatures are hashes of content signed with private keys, signatures on payload as well as on approvals, permits, etc., as examples).  
Regarding Claim 22,
Vaswani as modified by Weintraub and Hon discloses the method of claim 20, in addition, Vaswani as modified by Weintraub and Hon discloses that storing the signing web application page for the remote service comprises storing a hash of the signing web application page in the bookmarklet (Vaswani: Exemplary Citations: for example, Abstract, Paragraphs 20-22, 28-32, 41-46, 49-54, and associated figures; Weintraub: Exemplary Citations: for example, Abstract, Column 3, lines 10-31; Column 4, line 44 to Column 6, line 15; Column 6, line 50 to Column 8, line 61; Column 9, line 16 to Column 10, line 7; Column 11, line 45 to Column 12, line 11; and associated figures; Hon: Exemplary Citations: for example, Abstract, Paragraphs 14, 40-44, 48, 51, 63-73, 80, 87, 90, 101, 108, 109, 115-118, 125-136, 142, 145, 146, 167, and associated figures; signatures are hashes of content signed with private keys, signatures on payload as well as on approvals, permits, etc., as examples).  

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to Jeffrey D Popham whose telephone number is (571)272-7215. The examiner can normally be reached Monday through Friday 9:00-5:30.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jeffrey Nickerson can be reached on (469) 295-9235. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.



/Jeffrey D. Popham/Primary Examiner, Art Unit 2432