DETAILED ACTION
This Office Action is a replacement for the Ex Parte Quayle Action mailed on July 11th, 2022. Therefore, the Ex Parte Quayle Action is now vacated or withdrawn.
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
Claim 2 was canceled. Claims 1 and 3-26 are pending and herein considered.

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Information Disclosure Statement
The information disclosure statement (IDS), submitted on 06/06/2022, is in compliance with the provisions of 37 CRR 1.97. Accordingly, the information disclosure statement is being considered by the examiner.

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all obviousness rejections set forth in this Office action:
(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in section 102 of this title, if the differences between the subject matter sought to be patented and the prior art are such that the subject matter as a whole would have been obvious at the time the invention was made to a person having ordinary skill in the art to which said subject matter pertains.  Patentability shall not be negatived by the manner in which the invention was made.

Claims 1, 3-13, 17-19, 22 and 26 are rejected under 35 U.S.C 103(a) as being unpatentable over Thomas et al. (Thomas), U.S. Pub. Number 2004/0039827, in view of Carrer et al. (Carrer), U.S. Pub. Number 2016/0285628.
Regarding claim 1; Thomas discloses a system (par. 0062; fig. 1B; system 150.) for establishing a distributed trust network, having:
a root of trust (RoT) service (par. 0063; fig. 1B; an intermediary server 158 and an authentication server 164.) with direct knowledge of a RoT of a device (par. 0063; fig. 1B; client machines 154 and 156.), providing authentication services and secure provisioning services of the device to an application service (pars. 0063-0064; fig. 1B; the intermediary server 158 provides access to an intranet 160; the resources being requested by the client machines 154 and 156 reside within the intranet 160; since a firewall limits or precludes external access to the intranet 160, the intermediary server 158 must be permitted to communicate with the intranet through the firewall; a given client machine can access any one of the servers 164-172 residing within or on the intranet 160 by way of the intermediary server 158; the requestors that are seeking to access resources or content residing on the intranet 160 must be authenticated; the authentication can utilizes the authentication server 164 residing within or on the intranet 160; ), so that the application service can establish a trusted connection with the device without having direct knowledge of the RoT of the device (par. 0064; fig. 1B; the intermediary server 158 ensures that access to the intranet 160 via the intermediary server 158 remains protected.), wherein the RoT service comprises an authentication policy server and an RoT identity server to provide the authentication services (par. 0067; fig. 1B; the authentication server 164 manages authentication processing which serves to determine whether the requester is who they say they are/verifying the requester’s identity.), wherein a front-end protocol of the authentication policy server is protocol-specific to the device and holds a state of the device (par. 0071; fig. 2B; the intermediary server 252 includes a front-end protocol handler layer 270; the front-end protocol handler layer 270 includes a plurality of protocol handlers to handle the different types of incoming protocols that may be utilized by the various client applications.), wherein a back-end protocol between the authentication policy server and the RoT identity server is independent of the front-end protocol and is state-less (par. 0072; fig. 2B; the intermediary server 252 includes a back-end protocol handlers 282; the back-end protocol handlers 282 provides the appropriate protocol for outgoing and incoming communications with respect to a particular server; the layer of back-end protocol handlers includes protocol handlers of HTTP, IMAP, SMTP, POP, SMB, NFS, NIS, RADIUS, LDAP, and NT.).
Thomas fails to explicitly disclose the application service can establish a trusted connection.
However, in the same field of endeavor, Carrer discloses system and method for trusted provisioning and authentication for networked devices in cloud-based IOT/M2M platforms comprising the application service can establish a trusted connection (Carrer: par. 0078; establish a trusted connection between Device 1 and the provisioning server 110.).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teaching of Carrer into the method and system of Thomas comprising the application service can establish a trusted connection to prevent unauthorized entities accessing to the networked devices in a cloud-based IoT/M2M platform (Carrer: abstract).
Regarding claim 3; Thomas and Carrer disclose the system of claim 1, wherein Carrer further discloses the direct knowledge is based on at least one key provisioned during device manufacturing of the device (par. 0067; an activation key for a networked device.).
Regarding claim 4; Thomas and Carrer disclose the system of claim 1, wherein Thomas further discloses the front-end protocol comprises a chip manufacturer’s business requirements for the device, a communication protocol, and an authentication protocol (Thomas: par. 0071; front-end protocol handler layer 270 includes separate protocol handlers for the protocol of HTTP, IMAP, SMTP, POP and MAPI.).
Regarding claim 5; Thomas and Carrer disclose the system of claim 1, Thomas further discloses comprising the device, wherein the RoT of the device is a hardware RoT (Thomas: par. 0063; the intermediary server, the authentication server can be implemented hardware server.).
Regarding claim 6; Thomas and Carrer disclose the system of claim 1, Thomas further discloses comprising the device, wherein the RoT of the device is a software RoT (Thomas: par. 0063; the intermediary server, the authentication server can be software application/service/server.).
Regarding claim 7; Thomas and Carrer disclose the system of claim 1, wherein Thomas further discloses the authentication policy server and the RoT identity server communicate using Transport Layer Security (TLS) and Hyper Text Transfer Protocol Secure (HTTPS) (Thomas: par. 0260; HTTPS using a communication protocol.).
Regarding claim 8; Thomas and Carrer disclose the system of claim 1, Thomas further discloses comprising the application service, the application service to provide an application to the device (Thomas: par. 0250; an application program interface.).
Regarding claim 9; Thomas and Carrer disclose the system of claim 8, wherein Carrer further discloses the application service comprises a front-end application gateway and a back-end application server (Carrer: par. 0068; gateway and IoT).
Regarding claim 10; Thomas and Carrer disclose the  system of claim 9, wherein Thomas further discloses the front-end application gateway and the back-end application server communicate using Hyper Text Transfer Protocol Secure (HTTPS) (Thomas: par. 0157; the target URL is a secure request then a secure indicator such as HTTPS.).
Regarding claim 11; Thomas and Carrer disclose the system of claim 1, wherein Thomas further discloses the RoT service further comprises a front-end provisioning policy server and a back-end provisioning server to provide the secure provisioning services (Thomas: par. 0072; the back-end protocol handlers provide the appropriate protocol for outgoing and incoming communications with respect to a particular server; provide temporary or semi-permanent data storage for the various components of the intermediary server.).
Regarding claim 12; Thomas discloses a method comprising:
receiving, at a device provisioning service, a message from an internet of things (IoT) device to securely provision the IoT device, the message comprising a profile identifier and a provisioning request (par. 0464; fig. 26; a network connection request is received.);
retrieving provisioning policy information using the profile identifier (par. 0466; fig. 26; a name of the client application, a checksum of the client application, a version of the client application, a server of the destination, and a port of the destination.);
determining a Root of Trust (RoT) authentication service to authenticate and authorize the IoT device (pars. 0074 & 446; authenticate the requester; the network request can pass through one or more of: the Winsock dynamic library and the Winsock 2 dynamic link library.);
sending, by the device provisioning service, a redirect response to the IoT device to redirect the IoT device to the RoT authentication service to authenticate and authorize the IoT device, wherein the redirect response comprises an encrypted policy identifier used to authenticate the IoT device, receiving, at the device provisioning service, a provisioning request comprising a token issued by the RoT authentication service, validating the provisioning request and the token (par. 0466; the network connection request is redirected to the intermediary server in the remote network via at least a proxy on the computer.); and
when the provisioning request and token are validated, sending provisioning information to the IoT device by the device provisioning service (par. 0467; the data of the client application can be sent through at least a local address and a local port of the computer prior to sending the data of the client application towards the intermediary server.).
Thomas fails to explicitly disclose the provisioning request comprising a token issued by the RoT authentication service.
However, in the same field of endeavor, Carrer discloses system and method for trusted provisioning and authentication for networked devices in cloud-based IOT/M2M platforms comprising the provisioning request comprising a token issued by the RoT authentication service (Carrer: par. 0092; credentials/tokens are received from the networked device; the username, the fully qualified domain name, and an encrypted password are deduced from the redentials.).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teaching of Carrer into the method and system of Thomas comprising the provisioning request comprising a token issued by the RoT authentication service to prevent unauthorized entities accessing to the networked devices in a cloud-based IoT/M2M platform (Carrer: abstract).
Regarding claim 13; Thomas and Carrer disclose the method of claim 12, Carrer further discloses comprising: registering, by the device provisioning service, the IoT device with an IoT application service when the provisioning request and token are validated (Carrer: par. 0091; a network connection is established with the networked device; a fully qualified domain name and a public key for the networked device are received from the networked device; the fully qualified domain name and the public key are registered with a domain name server (DNS).).
Regarding claim 17; Thomas and Carrer disclose the method of claim 12, wherein Thomas further discloses receiving the message comprises receiving a uniform resource locator (URL) described in a manufacturer usage description (MUD) file, wherein the MUD file comprises the profile identifier (Thomas: par. 0071; front-end protocol handler layer 270 includes separate protocol handlers for the protocol of HTTP, IMAP, SMTP, POP and MAPI.).
Regarding claim 18; Thomas and Carrer disclose the method of claim 12, Thomas further discloses comprising: determining from the provisioning policy information an authentication method to be used to authenticate an IoT device by the RoT authentication service, the authentication method having an identification policy identifier; and encoding the identification policy identifier in a uniform resource locator (URL) in the redirect response (Thomas: par. 0199; if the page is using the host name modification technique, then relative URLs do not need to be modified since the host name encodes the necessary information; if the URL is a full URL, then the set URL function has all of the information it needs to convert the URL; e.g., a suffix (i.e., “:danainfo:host=xxx”) can be appended to the URL; thus, if the page that the script appears on is using the host name modification technique, the first argument is not needed by the set URL function.).
Regarding claim 19; Thomas and Carrer disclose the method of claim 12, Thomas further discloses comprising: determining that the token in the provisioning request has an unknown format; sending a request to validate the token to the RoT authentication service; and receiving a validation response from the RoT authentication service (pars. 0106-0108; figs. 9A-9C; determines whether a response has been received; when the decision determines that a response has received, determines whether “cookies” are present in the response; extract and save the “cookies”).
Regarding claim 22; Thomas discloses a method comprising: 
receiving, at a Root of Trust (RoT) authentication service from a device provisioning service, provisioning policy information that defines requirements for issuing a token (par. 0464; fig. 26; a network connection request is received.); 
receiving, at the RoT authentication service, a redirect message from an internet of things (IoT) device to authenticate and authorize the IoT device, the redirect message comprising a policy identifier used to identify the provisioning policy information and a provisioning request (par. 0466; fig. 26; a name of the client application, a checksum of the client application, a version of the client application, a server of the destination, and a port of the destination.);
authenticating and authorizing the IoT device by the RoT authentication service according to the provisioning policy information issuing a token when the IoT device is authenticated and authorized (pars. 0074 & 446; authenticate the requester; the network request can pass through one or more of: the Winsock dynamic library and the Winsock 2 dynamic link library.); and 
sending a redirect response to the IoT device with the issued token, the redirect response redirects the IoT device to the device provisioning service with the issued token for the provisioning request to securely provisioning request to securely provision the IoT device (par. 0466; the network connection request is redirected to the intermediary server in the remote network via at least a proxy on the computer.).
Thomas fails to explicitly disclose the provisioning request comprising a token issued by the RoT authentication service.
However, in the same field of endeavor, Carrer discloses system and method for trusted provisioning and authentication for networked devices in cloud-based IOT/M2M platforms comprising the provisioning request comprising a token issued by the RoT authentication service (Carrer: par. 0092; credentials/tokens are received from the networked device; the username, the fully qualified domain name, and an encrypted password are deduced from the redentials.).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teaching of Carrer into the method and system of Thomas comprising the provisioning request comprising a token issued by the RoT authentication service to prevent unauthorized entities accessing to the networked devices in a cloud-based IoT/M2M platform (Carrer: abstract).
Regarding claim 26; Thomas discloses the method of claim 22, wherein receiving the redirect message comprises receiving uniform resource locator (URL) encoded with a identification policy identifier (Thomas: par. 0199; if the page is using the host name modification technique, then relative URLs do not need to be modified since the host name encodes the necessary information; if the URL is a full URL, then the set URL function has all of the information it needs to convert the URL; e.g., a suffix (i.e., “:danainfo:host=xxx”) can be appended to the URL; thus, if the page that the script appears on is using the host name modification technique, the first argument is not needed by the set URL function.).

Allowable Subject Matter
Claims 14-16, 20-21, or 23-25 are objected to as being dependent upon a rejected base claim, but would be allowable if rewritten to overcome the rejection under 35 U.S.C. 101 and to include all of the limitations of the base claim and any intervening claims.

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to KHOI V LE whose telephone number is (571)270-5087. The examiner can normally be reached 9:00 AM - 5:00 PM EST.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Shewaye Gelagay can be reached on 571-272-4219. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.


/KHOI V LE/Primary Examiner, Art Unit 2436