Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Information Disclosure Statement
The information disclosure statement (IDS) submitted on June 17, 2021 has been considered by the examiner.

Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.


The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.


Claims 1-20 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA  35 U.S.C. 112, the applicant), regards as the invention.
The term “newly” in claim 1 is a relative term which renders the claim indefinite. The term “newly” is not defined by the claim, the specification does not provide a standard for ascertaining the requisite degree, and one of ordinary skill in the art would not be reasonably apprised of the scope of the invention. Claims 1-4, 9, 11-12, 16-17 recite limitations “newly generated private key”, “newly generated public key” and/or “newly provisioned named entity device”.  In each of the above recited limitations, the term “newly” suggests or means in its literal meaning lately or recently. For example, in the limitation “newly generated private key”, generation of the private key happened or occurred recently relative to the current time and how recent is not clearly defined. Similarly, for the other limitations, it is not clear when exactly the public key is generated and the named entity device is provisioned. The term “newly” is a relative term and rendered the above limitations ambiguous and therefore claims 1-4, 9, 11-12, 16-17 are rejected as indefinite. 
Claim 1 recites the limitation “responsive to verifying the identity record of the provisioning device”, however, there is no prior active occurrence or recitation of verification of the identity record of the provisioning device to perform the encryption step in response to verification of the identity. Therefore, there is insufficient antecedent basis for this limitation in the claim.
Claims 1, 2, 3, 9, 11, 12, 16 and 17 recite the limitation "the namespace server" in lines 18, 2, 3, 4.  There are insufficient antecedent basis for this limitation in the claims.
Claims 2-10, 12-15 and 17-20 failed to remedy the deficiencies in their respective independent claims and therefore rendered ambiguous and indefinite.  
For the above reasons, claims 1-20 are rejected under 35 U.S.C. 112(b), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor regards as the invention.

Allowable Subject Matter
Claims 1-20 would be allowable over prior arts of record on condition that the above outstanding rejection has been overcome.  The following is a statement of reasons for the indication of allowable subject matter:
The current claimed invention provides an identity provisioning service performed by a third-party server which is delegated to distribute cryptographic keypairs on behalf of one or more different organizations. The identity provisioning service is used for installing identity onto new or configurable devices so that the devices may have keys generated with high quality entropy without needing local access to a specialized hardware needed for such entropy. The provisioning devices transfer the identities generated with high quality entropy to new devices or rotate identities for devices whose keypairs are periodically updated. A new device is being prepared or bootstrapped for service within the organization by receiving identity keys from the identity provisioning service to install identity keys with high quality entropy in its configurable devices. The identity distribution service is a centralized managed PKI provisioning and rotation service whose high-quality entropy generation is accessible by multiple devices that do not have, and similarly do not need, specialized hardware.

The prior arts made of record and not relied upon are considered pertinent to applicant's disclosure. See the notice of reference cited in form PTO-892 for additional prior arts.
Qiu et al.  US 20110138177 discloses a method for requesting new identity data for a plurality of network-enabled devices and receiving notification that the new identity data is ready to be delivered to the plurality of network-enabled devices. A software object is delivered to the plurality of network-enabled devices over a first communications network. Each of the software objects is configured to cause the network-enabled devices to download the new identity data to the respective network-enabled device over a second communications network and install the new identity data at a time based at least in part on information included with the software object. The new identity data that is to replace prior identity data currently being used by a plurality of network-enabled devices.  Qiu, further describes receiving a request for new identity data for a plurality of network-enabled devices and generating the new identity data for each network-enabled device specified with its own identifier on a whitelist. The new identity data is encrypted for each network-enabled device with a unique key that is accessible only to each respective network-enabled device and not other network-enabled devices. The new identity data is loaded onto an on-line server accessible to the network-enabled devices over a communications network. The network-enabled devices are notified that the new identity data is ready to be downloaded. The new identity data is received in an encrypted form over communications network and decrypted using a cryptographic key included in the current identity data. The decrypted identity data is installed to replace the current identity data. However, Qiu et al. does not teach the above claimed invention.
Medvinsky et al. US 20140281497 A1  discloses a method for updating network-enabled devices with new identity data, by: generating a key pair based on a device identifier on a whitelist, wherein the key pair  having a public key and a private key, generating a certificate signing request for the public key, providing the certificate signing request to an external trust authority, receiving a digital certificate from the external trust authority, wherein the external trust authority issued the digital certificate based on the certificate signing request, matching the digital certificate with the key pair for the device identifier, receiving an update request from a network-enabled device linked with the device identifier, and providing the digital certificate and the key pair to the network-enabled device in response to the update request. However, Medvinsky et al. does not teach the above claimed invention.
CARRER et al. US 20160285628 A1 discloses a system for provisioning a networked device to enable and support authenticated access by the networked device to a data collection and processing server. The network connection is established with the networked device. A fully qualified domain name and a public key for the networked device is received from the networked device. The fully qualified domain name and the public key are registered with a domain name server (DNS). Configuration data, including data corresponding to a username, is transmitted to the networked device. The username enables the networked device to establish an authorized connection with a data collection server that is accessible, via a network, to the networked device. The networked device is now provisioned and ready to periodically connect to a data collection and processing server to download collected data. CARRER further discloses credentials are received from the networked device. The username, the fully qualified domain name, and an encrypted password are deduced from the credentials. A domain name server is queried. The DNS stores records mapping fully qualified device names to public keys for respective networked devices. A determination is made as to whether the public key is received from the domain name server. When a public key for the device is returned by the domain name server, the password is decrypted based, at least in part, on the public key. However, CARRER et al. does not teach the above claimed invention.

Contact Information
Any inquiry concerning this communication or earlier communications from the examiner should be directed to TECHANE GERGISO whose telephone number is (571)272-3784. The examiner can normally be reached 9:30am to 6:30pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, JUNG W KIM can be reached on 5712723804. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/TECHANE GERGISO/Primary Examiner, Art Unit 2494