Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
The instant Office Action us responsive to communication received 9/21/2020. Claims 1-20 are pending.

Information Disclosure Statement
The information disclosure statement (IDS) submitted on 1/21/2021 is in compliance with the provisions of 37 CFR 1.97. Accordingly, the information disclosure statement is being considered by the examiner.

Claim Interpretation
The following is a quotation of 35 U.S.C. 112(f):
(f) Element in Claim for a Combination. – An element in a claim for a combination may be expressed as a means or step for performing a specified function without the recital of structure, material, or acts in support thereof, and such claim shall be construed to cover the corresponding structure, material, or acts described in the specification and equivalents thereof. 

The following is a quotation of pre-AIA  35 U.S.C. 112, sixth paragraph:
An element in a claim for a combination may be expressed as a means or step for performing a specified function without the recital of structure, material, or acts in support thereof, and such claim shall be construed to cover the corresponding structure, material, or acts described in the specification and equivalents thereof.

This application includes one or more claim limitations that do not use the word “means,” but are nonetheless being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, because the claim limitation(s) uses a generic placeholder that is coupled with functional language without reciting sufficient structure to perform the recited function and the generic placeholder is not preceded by a structural modifier.  Such claim limitation(s) is/are: “a security module for encrypting signatures on certifcates” in claim 15.
Because this/these claim limitation(s) is/are being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, it/they is/are being interpreted to cover the corresponding structure described in the specification as performing the claimed function, and equivalents thereof.

Para. [0034] of the original specifications describe the security module as “a hardware component of the apparatus, a software component of the apparatus, and/or a component of the apparatus that comprises both hardware and software”.

If applicant does not intend to have this/these limitation(s) interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, applicant may:  (1) amend the claim limitation(s) to avoid it/them being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph (e.g., by reciting sufficient structure to perform the claimed function); or (2) present a sufficient showing that the claim limitation(s) recite(s) sufficient structure to perform the claimed function so as to avoid it/them being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph.

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1, 3-4, 11-12, 16, 18-20 are rejected under 35 U.S.C. 103 as being unpatentable over US 6233577 to Ramasubramani  et al., hereinafter Ramasubramani, and further in view of US 7698549 to Thornton et al., hereinafter Thornton.
Regarding claim1, and substantially 16 and 20, Ramasubramani discloses: A system for secure resource allocation communication with a network, the system comprising: at least one non-transitory storage device; and at least one processing device coupled to the at least one non-transitory storage device, wherein the at least one processing device is configured to: provide, to a device management system, a request for authentication (Col.8:29-42: mobile provides device ID to proxy); provide, using the link, a certificate enrollment request to the certificate system (Col.9:28-47: Ramasubramani discloses a PC to uses the URL of a special CA to request certificate using the mobile device’s account because the PC has a browser with a full user interface; however, before the instant application was filed, it is known that mobile devices are equipped with such competent browsers, therefore it would have been obvious to a skilled artisan to have the mobile device contact the CA “by providing a URL thereof”  to request a certificate in an efficient way) ; receive, from the certificate system, a signed certificate (Col.9:50-60: receive certificate signed by CA) ; and establish, using the signed certificate, a wireless connection to a network (Col.9:61-67: retrieve the signed certificate, and use the signed certificate to establish connection from mobile device with a website (wireless connection)).  Ramasubramani does not explicitly teach receive, from the device management system, a file comprising a link to a certificate system. 
In an analogous art, Thornton discloses a certificate abstractor acting like a proxy to certificate authorities; an interface prompts to select a CA from a list, or provide a CA choice, therefore teaching sending link to select to access a CA i.e receive, from the device management system, a file comprising a link to a certificate system (Fig. 11, col. 18:3-47). It would have been obvious to a skilled artisan before the instant application was effectively filed to receive a link of the CA, as taught by Thornton, and use the link to request a certificate, because it would allow sending the proper certificate request to a particular CA, specifically associated with a website, as taught by Ramasubramani (col.9:50-61, fig. 4B CAs mapped to specific websites).

Regarding claim 3, and substantially claim 18, Ramasubramani in view of Thornton discloses the system of claim 1, wherein the at least one processing device is further configured to generate a key, wherein the request for authentication comprises the key, and wherein the certificate enrollment request comprises the key (Ramasubramani col.11:18-30: CSR includes public key).  

Regarding claim 4, and substantially claim 19, Ramasubramani in view of Thornton discloses the system of claim 3, wherein the certificate system generates the signed certificate based on the key (Ramasubramani col.11:31-45: certificate embeds the public key and is signed).

Regarding claim 11, Ramasubramani in view of Thornton discloses the system of claim 1, wherein the at least one processing device is configured to: provide, to the certificate system and via the wireless connection, a certificate renewal request; and receive, from the certificate system and via the wireless connection, confirmation of renewal of the signed certificate (Thornton, Fig. 9, col.7:1-5; col.15:44-49: send a request to renew expired certificate; col.5:34-56: produce signed certificates, the CA communicating wirelessly with the device, as taught by Ramasubramani (col.4:52-64) ).

Regarding claim 12, Ramasubramani in view of Thornton discloses the system of claim 1, wherein the at least one processing device is configured to, after receiving the signed certificate, store the signed certificate in the at least one non-transitory storage device (Thornton, col.27:54-58).

Claims 2, 5  and 17 are rejected under 35 USC as being unpatentable over Ramasubramani and Thornton, in view of US 20140310777 to Truskovsky et al., hereinafter Truskovsky.
Regarding claim 2, and substantially claim 17, Ramasubramani in view of Thornton discloses system of claim 1, but does not teach the rest of the limitations. In an analogous art,  Truskovsky discloses a wireless device connected through a cable to a PC, which is connected to the network through a wireline ([0060]),  wherein the at least one processing device is configured to: before providing the request for authentication, establish a wired communication link with the network; when providing the request for authentication, provide the request for authentication via the wired communication link ([0060]: activation password thru wireline); when receiving the file, receive the file via the wired communication link ([0073]: receiving other instructions ([0073]), therefore receiving the file would not need further testing); when providing the certificate enrollment request, provide the certificate enrollment request via the wired communication link; and when receiving the signed certificate, receive the signed certificate via the wired communication link ([0066]: receive certificate after booting up, thru the wireline).  It would have been obvious to a skilled artisan before the instant application was effectively filed to communicate thru a wired connection as taught by Truskovsky because such connection is “assumed to be trustworthy and secure for activation purposes” (Truskovsky [0060]).
Regarding claim 5, Ramasubramani in view of Thornton discloses the system of claim 1, but does not teach the rest of the limitation. In an analogous art, Truskovsky discloses the file comprises configuration instructions, and wherein the at least one processing device is configured to adjust, based on the configuration instructions, a configuration of the system (Truskovsky [0073][0074]: send instructions to mobile, for pre-setting device configurations).  It would have been obvious to a skilled artisan before the instant application was effectively filed to include configuration instructions in the file as taught by Truskovsky because it would allow customizing “particular corporate and/or user preferences and/or requirements” (Truskovsky [0074]), and help ready the device to function as wanted after activation.

Claim 6 is are rejected under 35 USC as being unpatentable over Ramasubramani, Thornton, and Truskovsky in view of US 20140366105  to Bradley et al et al., hereinafter Bradley.

Regarding claim 6, Ramasubramani in view of Thornton and Truskovsky discloses the system of claim 5 but does not teach the rest of the limitation.
In an analogous art, Bradley discloses updating wireless configuration of a device; Bradley teaches the at least one processing device is configured to, after adjusting the configuration of the system and when establishing the wireless connection, establish the wireless connection using ports and protocols identified by the configuration ([0039] accessory device receives configuration updates, the updates including protocol ([0056][0060], port [0069]). It would have been obvious to a skilled artisan before the instant application was effectively filed to update the wireless configuration port and protocol as taught by Bradley because it would allow to correctly implement supported protocol and ports for a particular functionality of the device.

Claims 7-9 are rejected under 35 USC as being unpatentable over Ramasubramani and Thornton, in view of US 20160050192 to Banerjee et al., hereinafter Banerjee.
Regarding claim 7, Ramasubramani in view of Thornton discloses the system of claim 1, but does not teach the rest of the limitation. In an analogous art, Banerjee discloses  wherein the device management system is configured to: authenticate the system for communication on the network for a time period; and revoke authentication of the system after the time period ([[0035]: revoke authentication based on a rule that sets the time period the authentication is valid). It would have been obvious to a skilled artisan before the instant application was effectively filed to revoke the authentication after a time period because it would reinforce periodical re-authentication to prevent open-ended authentication that would promote fraud.

Regarding claim 8, Ramasubramani in view of Thornton discloses the system of claim 1 but does not explicitly teach the rest of the claims. In an analogous art, Banerjee discloses a system, further comprising: a scanner device for processing instruments associated with resource allocations (;[0022] credit card reader, reader for mobile payment ) and a network device communicatively connected to the scanner device for enabling the scanner device to communicate wirelessly with the network ([0024] carrier network implicitly including a network device such as a router, or access point, for performing transactions; [0021] wireless connection).  It would have been obvious to a skilled artisan before the instant application was effectively filed to use a wireless network device enabling payment transactions because such modes of transactions are convenient, easy to use  and increase the user positive experience for being involved in purchase items.
Regarding claim 9, Ramasubramani in view of Thornton discloses the system of claim 1 but does not explicitly teach the rest of the claims. In an analogous art, Banerjee discloses a system wherein the at least one processing device is configured to: scan an instrument associated with a resource allocation; and transmit information regarding the instrument via the wireless connection to the network (see rejection claim 8).

Claim 10 is rejected under 35 USC as being unpatentable over Ramasubramani and Thornton, in view of US 8255278 to Young et al., hereinafter Young.

Regarding claim 10, Ramasubramani in view of Thornton discloses the system of claim 1, but does not teach the rest of the limitations.
In an analogous art, Young discloses a merchant system comprising a point-of-sale and a mobile device (Fig. 1) wherein the at least one processing device is configured to: print information on an instrument associated with a resource allocation; and cause, based on printing the information and using the wireless connection, resources to be allocated (col.1:30-48: the point-of-sale receives payment from the mobile device, and print the receipt (on a printer or instrument), causing a transaction to be completed; the mobile device in communication with the point-of-sale using wireless communication (col.2:55-60).  It would have been obvious to a skilled artisan before the instant application was effectively filed to perform transaction and print information as taught by Young because “mobile payments have grown to include mobile banking and mobile credit cards. Mobile devices may be used to transfer money from one mobile banking account to another, pay utility bills, pay parking fees, etc.” (Young col.1:15-20) for user convenience, promoting commercial transactions.


Claim 13 is rejected under 35 USC as being unpatentable over Ramasubramani and Thornton, in view of US 20210067349 to Kruegel et al., hereinafter Kruegel.

Regarding claim 13, Ramasubramani in view of Thornton discloses the system of claim 1, but does not teach the rest of the claim. In an analogous art, Kruegel discloses a system for enrolling a device into a PKI domain,  wherein the certificate system generates the signed certificate based on a unique identifier of the system, wherein the unique identifier is provided by a manufacturer of the system (Fig. 6, [014],[017]: device sends a CSR to PKI, the CSR includes public key and unique device ID, generated at Factory; PKI generates the device certificate based on the XSR i.e public key and device ID). It would have been obvious to a skilled artisan before the instant application was effectively filed to generate the certificate based on a ID provided by the manufacturer because it would uniquely tie the device certificate to the manufacturer, contributing to the uniqueness of the certificate and making it difficult to forge.

Claim 14 is rejected under 35 USC as being unpatentable over Ramasubramani and Thornton, in view of US 8151336  to Savoor., hereinafter Savoor.
Regarding claim 14, Ramasubramani in view of Thornton discloses the system of claim 1 but does not teach the rest of the claim.
In an analogous art, Savoor discloses a wireless AP sending its certificate to a device for verification, if successful, setting up encypted wireless communication between the device and the AP (Fig. 5, col.7:41-67, col.8:1-30); therefore Savoor teaches , wherein the network is configured to restrict the system from accessing portions of the network until the system uses the signed certificate to establish the wireless connection to the network.  It would have been obvious to a skilled artisan before the instant application was effectively filed to restrict access until verification of the signed certificate because it would provide secure communication with the AP, “without fear of identity theft or other malicious tactics” (Savoor, col.2:59-62).

Claim 15 is rejected under 35 USC as being unpatentable over Ramasubramani and Thornton, in view of excerpts from “Understanding Digital Signatures”, by Gail L. Grant, 1998, McGraw-Hill, p.33-36, hereinafter Grant.

Regarding claim 15, Ramasubramani in view of Thornton discloses the system of claim 1, wherein the certificate system comprises: a certificate enrollment server for receiving certificate enrollment requests; a certificate authority for receiving certificate signing requests from the certificate enrollment server and generating signed certificates (Thornton col.5:6-25: the renewal system (certificate enrollment server) receives the CSR, sends it to the CA, which signs the certificate); 
Ramasubramani in view of Thornton does not explicitly teach a security module for encrypting signatures on certificates. However, encrypting signatures on certificates is well known in the art as attested by Grant. Grant, in an analogous art, discloses creating a small thumbprint of received data using a one-way hash or message digest (p. 34), encrypting the thumbprint (digest) using the private key (of the entity generating the certificate i.e. the CA) (p.35) thus generating the digital certificate. It would have been obvious to a skilled artisan before the instant application was effectively filed to encrypt the signature as taught by Grant because it is common practice to do so, ensuring the certificate validation process using the corresponding public key, to expose the digest and compare it with a locally computed digest using the same algorithm (see Grant, p.35).

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure:
Ma et al 20160344559 disclose generating a CSR, sends to the CA through a wired connection, and obtain a digital certificate
Rao et al 10864444 disclose determining whether the user authentication need to expire.
Berry et al 20180219739 discloses using a GUI to update configuration parameters such as port, from a management device.
Rahn et al 20210297259 , Chen et al 20200183804  discloses generating a certificate based on unique device ID from the manufacturer.


Any inquiry concerning this communication or earlier communications from the examiner should be directed to CATHERINE B THIAW whose telephone number is (571)270-1138. The examiner can normally be reached Monday-Friday 7am-4pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, CARL G COLIN can be reached on 571-272-3862. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/Catherine Thiaw/Primary Examiner, Art Unit 2493                                                                                                                                                                                                        8/27/2022