DETAILED ACTION

Continued Examination Under 37 CFR 1.114
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection.  Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114.  Applicant's submission filed on 8/24/2022 has been entered.
 
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Status of Claims
	Claims 1-2, 5, 7, 10, 13, 17, 19, 21, 23-24, 27, 29-30, 46, 48-49, 51-52 are pending.  Claims 3-4, 6, 8-9, 11-12, 14-16, 18, 20, 22, 25-26, 28, 31-45, 47, 50 are cancelled.

Claim Objections
Claims 1, 13, 21, 46 are objected to because of the following informalities:  
None of claims 1, 13, 21, and 46 contain antecedent basis for “the user computer device”.  For the purposes of art rejection, “the user computer device” will be construed as “the user computing device”.  
Appropriate correction is required.

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1, 2, 46, 48-49, 51 is/are rejected under 35 U.S.C. 103 as being unpatentable over Loladia et al (US 10,382,203), and further in view of Woo (PGPUB 2018/0121921).

Regarding Claim 1:
Loladia teaches a method for associating a device to a user of a service hosted at a remote location (abstract, three-way pairing handshake for internet-of-things (IoT) service, IoT device, and companion application on a mobile device), the method comprising: 
establishing a direct network connection between the device and a user computing device (col 3 line 40-65, companion application and IoT device set to pairing mode to establish short-range wireless communication link); 
sending the key to the device (col 10 line 1-18, user supplies login data to companion app; companion app authenticates self to identity service; identity service returns service managed identifier (client ID) recognized by IoT service; col 10 line 19-41, once pairing session is active, companion app sends client ID received from identity service to IoT device over communication link established for pairing session); 
establishing a network connection between the service and the device, wherein the device provides the key to the service (col 10 line 19-41, the IoT device generates a token request message to send to the IoT service over a second communication link (e.g., using an MQTT or HTTP message sent over a wireless network connection); the request may include the client ID received over the first communication link and a device identifier (device ID) representing the IoT device; col 11 line 24-41, IoT device establishes independent connection with IoT service); and
sending a request to the service to associate with the device, and wherein the request includes the key to establish a network connection between the user computing device and the service, wherein the request includes the key (col 10 line 42-col 11 line 10, IoT service generates token which includes device ID and client ID received from IoT device; IoT service sends token to IoT device; IoT device sends token to companion app over first communication link; companion app sends token and client ID as part of pairing request to IoT service; col 4 line 41-53, mobile device connected to local network including Internet uplink, allowing mobile device to communicate with cloud computing platform including IoT service; col 16 line 43-67, link established between application (i.e. “companion app”) and IoT service); 
wherein the service is associated with the device in response to the request if the key provided by the user computing device matches the key provided by the device (col 10 line 55-col 11 line 10, IoT service validates token in pairing request, including extracting client ID and device ID received from IoT device from token and comparing to client ID and device ID in pairing request; if client IDs match, IoT device is associated with client ID and paired with companion app of mobile device).
Loladia does not explicitly teach generating a key on the user computing device by an application running on the user computer device.
However, Woo teaches the concept of generating a key on a user computing device by an application running on the user computer device (abstract, device authentication system; paragraph 67, device 100 generates device authentication one-time-password (OTP); paragraph 69, device authentication OTP generated using random number seed; paragraph 71, device 100 puts device authentication OTP into beacon message and broadcasts beacon message; paragraph 79, application 200 receives beacon from device 100 and device authentication OTP from server 300; paragraph 82, application checks whether device authentication OTP loaded in beacon message received from device 100 and server 300 coincide to verify whether devices are authentic; paragraph 101, Fig. 5, device 100 transmits device authentication OTP to server 300). 
	It would have been obvious to one or ordinary skill in the art before the effective filing date of the claimed invention to combine the randomized one-time-password teachings of Woo with the Internet-of-things device association teachings of Loladia.  Passwords or keys generated using random data provide the benefit of increasing the entropy of the authentication data, thereby making it more difficult for an attacker to impersonate or guess the code, and improving the security environment.

Regarding Claim 2:
Loladia in view of Woo teaches the method of claim 1.  In addition, Loladia teaches the method further comprising placing the device into an enrollment mode (col 10 line 19-41, user initiates pairing mode on IoT device).

Regarding Claim 46:
Loladia teaches a method for associating a device to a user of a service hosted at a remote location (abstract, three-way pairing handshake for internet-of-things (IoT) service, IoT device, and companion application on a mobile device), the method for the service comprising: 
connecting to the device via a first communication link (col 10 line 19-41, the IoT device generates a token request message to send to the IoT service over a second communication link (e.g., using an MQTT or HTTP message sent over a wireless network connection); the request may include the client ID received over the first communication link and a device identifier (device ID) representing the IoT device; col 11 line 24-41, IoT device establishes independent connection with IoT service); 
receiving a first key from the device via the first communication link (col 10 line 19-41, the request may include the client ID received over the first communication link and a device identifier (device ID) representing the IoT device); 
connecting to a user computing device via a second communication link (col 10 line 42-col 11 line 10, IoT service generates token which includes device ID and client ID received from IoT device; IoT service sends token to IoT device; IoT device sends token to companion app over first communication link; companion app sends token and client ID as part of pairing request to IoT service; col 4 line 41-53, mobile device connected to local network including Internet uplink, allowing mobile device to communicate with cloud computing platform including IoT service; col 16 line 43-67, link established between application (i.e. “companion app”) and IoT service); 
receiving, from the user computing device, a request for the user to associate with the device, wherein the request includes a second key (col 10 line 42-col 11 line 10, IoT service generates token which includes device ID and client ID received from IoT device; IoT service sends token to IoT device; IoT device sends token to companion app over first communication link; companion app sends token and client ID as part of pairing request to IoT service); and, 
comparing the first key received from the device via the first communication link and the second key received from the user computing device via the second communication link, wherein the service makes an association between the device and the user if the first and second keys are the same (col 10 line 55-col 11 line 10, IoT service validates token in pairing request, including extracting client ID and device ID received from IoT device from token and comparing to client ID and device ID in pairing request; if client IDs match, IoT device is associated with client ID and paired with companion app of mobile device).
Loladia does not explicitly teach the first key, randomly generated on the user computing device by an application running on the user computer device; and
the second key, randomly generated on the user computing device by an application running on the user computer device.
However, Woo teaches the concept of the first key, randomly generated on a user computing device by an application running on the user computer device (abstract, device authentication system; paragraph 67, device 100 generates device authentication one-time-password (OTP); paragraph 69, device authentication OTP generated using random number seed; paragraph 71, device 100 puts device authentication OTP into beacon message (i.e. “first key”) and broadcasts beacon message; paragraph 79, application 200 receives beacon from device 100 and device authentication OTP from server 300 (i.e. “second key”); paragraph 82, application checks whether device authentication OTP loaded in beacon message received from device 100 and server 300 coincide to verify whether devices are authentic; paragraph 101, Fig. 5, device 100 transmits device authentication OTP to server 300); and
a second key, randomly generated on the user computing device by an application running on the user computer device (abstract, device authentication system; paragraph 67, device 100 generates device authentication one-time-password (OTP); paragraph 69, device authentication OTP generated using random number seed; paragraph 71, device 100 puts device authentication OTP into beacon message (i.e. “first key”) and broadcasts beacon message; paragraph 79, application 200 receives beacon from device 100 and device authentication OTP from server 300; paragraph 82, application checks whether device authentication OTP loaded in beacon message received from device 100 and server 300 coincide to verify whether devices are authentic; paragraph 101, Fig. 5, device 100 transmits device authentication OTP to server 300).
	It would have been obvious to one or ordinary skill in the art before the effective filing date of the claimed invention to combine the randomized one-time-password teachings of Woo with the Internet-of-things device association teachings of Loladia.  Passwords or keys generated using random data provide the benefit of increasing the entropy of the authentication data, thereby making it more difficult for an attacker to impersonate or guess the code, and improving the security environment.

Regarding Claim 48:
Loladia in view of Woo teaches the method of claim 46.  In addition, Loladia teaches wherein the service is an Internet based service (col 4 line 41-53, mobile device connected to local network including Internet uplink, allowing mobile device to communicate with cloud computing platform including IoT service; IoT service accessed over Internet, and is therefore Internet based service).

Regarding Claim 49:
Loladia in view of Woo teaches the method of claim 46.  In addition, Loladia teaches wherein the first communication link connects the device to the service via a premise network (col 4 line 41-53, IoT device connected to local network including Internet uplink, allowing IoT device to communicate with cloud computing platform), wherein the second communication link connects the user computing device to the service via the premise network (col 4 line 41-53, mobile device connected to local network including Internet uplink, allowing mobile device to communicate with cloud computing platform), and wherein the premise network is one of a wireless network, a cellular network, and a hardwired network (col 4 line 41-53, local network, e.g. wireless network).

Regarding Claim 51:
Loladia in view of Woo teaches the method of claim 46.  In addition, Loladia teaches wherein the first and second keys are the same key (col 10 line 55-col 11 line 10, IoT service validates token in pairing request, including extracting client ID and device ID received from IoT device from token and comparing to client ID and device ID in pairing request; if client IDs match, IoT device is associated with client ID and paired with companion app of mobile device); and
Woo teaches wherein the key is a randomly generated key (paragraph 69, device authentication OTP generated using random number seed).
The rationale to combine Loladia and Woo is the same as provided for claim 46 due to the overlapping subject matter between claims 46 and 51.

Claim 5 is/are rejected under 35 U.S.C. 103 as being unpatentable over Loladia in view of Woo, and further in view of Tschofenig et al (PGPUB 2017/0359338).

Regarding Claim 5:
Loladia in view of Woo teaches the method of claim 1.  In addition, Woo teaches wherein generating a key on the user computing device and sending the key to the device includes generating a message including the key, and sending the message to the device (abstract, device authentication system; paragraph 67, device 100 generates device authentication one-time-password (OTP); paragraph 69, device authentication OTP generated using random number seed; paragraph 71, device 100 puts device authentication OTP into beacon message and broadcasts beacon message; paragraph 79, application 200 receives beacon from device 100 and device authentication OTP from server 300; paragraph 82, application checks whether device authentication OTP loaded in beacon message received from device 100 and server 300 coincide to verify whether devices are authentic; paragraph 101, Fig. 5, device 100 transmits device authentication OTP to server 300).
The rationale to combine Loladia and Woo is the same as provided for claim 1 due to the overlapping subject matter between claims 1 and 5.
Neither Loladia nor Woo explicitly teaches generating a message including information for the device to connect to the service, and sending the message to the device.
However, Tschofenig teaches the concept of generating a message including information for a device to connect to a service, and sending the message to the device (abstract, authentication device used to create secure connection between Internet of Things device and service provider; paragraph 38, aim of the discovery step is to tell the IoT device what service provider it is required to establish a link with; the user provides information about the service provider via the authentication device to the IoT device; paragraph 61, 67, prior to the registration exchanges a discovery phase takes place; during this discovery phase the IoT device learns what service provider to establish a link with).
It would have been obvious to one or ordinary skill in the art before the effective filing date of the claimed invention to combine the information message teachings of Tschofenig with the Internet-of-things device association teachings of Loladia in view of Woo, in order to allow a user to specify which service to connect to using an IoT device, as well as provide a new device with the necessary information to connect to a service regardless of whether the service information is preloaded on the IoT device, thereby improving compatibility and user experience.

Claims 10, 52 is/are rejected under 35 U.S.C. 103 as being unpatentable over Loladia in view of Woo, and further in view of Tanner (PGPUB 2009/0006636).

Regarding Claim 10:
Loladia in view of Woo teaches the method of claim 1.  In addition, Loladia teaches wherein the service is an Internet-based service (col 4 line 41-53, mobile device connected to local network including Internet uplink, allowing mobile device to communicate with cloud computing platform including IoT service; IoT service accessed over Internet, and is therefore Internet based service); and
Woo teaches wherein the key includes a randomly generated string (paragraph 69, device authentication OTP generated using random number seed).
The rationale to combine Loladia and Woo is the same as provided for claim 1 due to the overlapping subject matter between claims 1 and 10.
Neither Loladia nor Woo explicitly teaches wherein the string is an alphanumeric string.
However, Tanner teaches the concept wherein a string is an alphanumeric string (paragraph 20, registration keys defined to determine how to register a device; registration keys may be formulated according to any suitable unique identification method, e.g. randomly generated alphanumeric string).
It would have been obvious to one or ordinary skill in the art before the effective filing date of the claimed invention to combine the randomly generated alphanumeric string teachings of Tanner with the Internet-of-things device association teachings of Loladia in view of Woo.  It is well-known in the art to generate codes using alphanumeric strings; at a certain level of abstraction, every computer code implemented on a modern computer system, using binary, can be considered an alphanumeric string.  Therefore, it would at least be obvious to a person of ordinary skill in the art to rely on the default means of representing computer data.

Regarding Claim 52:
Loladia in view of Woo teaches the method of claim 46.
Neither Loladia nor Woo explicitly teaches wherein the first and second keys include an alphanumeric string.
However, Tanner teaches the concept wherein first and second keys include an alphanumeric string (paragraph 20, registration keys defined to determine how to register a device; registration keys may be formulated according to any suitable unique identification method, e.g. randomly generated alphanumeric string).
It would have been obvious to one or ordinary skill in the art before the effective filing date of the claimed invention to combine the randomly generated alphanumeric string teachings of Tanner with the Internet-of-things device association teachings of Loladia in view of Woo.  It is well-known in the art to generate codes using alphanumeric strings; at a certain level of abstraction, every computer code implemented on a modern computer system, using binary, can be considered an alphanumeric string.  Therefore, it would at least be obvious to a person of ordinary skill in the art to rely on the default means of representing computer data.

Claim 13 is/are rejected under 35 U.S.C. 103 as being unpatentable over Loladia, and further in view of Woo and Tschofenig.

Regarding Claim 13:
Loladia teaches a method for associating a device to a user of a service hosted at a remote location (abstract, three-way pairing handshake for internet-of-things (IoT) service, IoT device, and companion application on a mobile device), the method for the device comprising: 
connecting to a user computing device via a direct network connection (col 3 line 40-65, companion application and IoT device set to pairing mode to establish short-range wireless communication link); 
receiving a message from the user computing device, wherein the message includes a device key (col 10 line 1-18, user supplies login data to companion app; companion app authenticates self to identity service; identity service returns service managed identifier (client ID) recognized by IoT service; col 10 line 19-41, once pairing session is active, companion app sends client ID received from identity service to IoT device over communication link established for pairing session);
establishing a network connection to the service (col 10 line 19-41, the IoT device generates a token request message to send to the IoT service over a second communication link (e.g., using an MQTT or HTTP message sent over a wireless network connection); the request may include the client ID received over the first communication link and a device identifier (device ID) representing the IoT device; col 11 line 24-41, IoT device establishes independent connection with IoT service); and, 
providing the device key to the service (col 10 line 19-41, the request may include the client ID received over the first communication link and a device identifier (device ID) representing the IoT device); 
wherein the device is associated with the user computing device in response to a determination by the service that the device key provided by the device to the service via the network connection matches a user computing device key that the service receives from the user computing device (col 10 line 55-col 11 line 10, IoT service validates token in pairing request, including extracting client ID and device ID received from IoT device from token and comparing to client ID and device ID in pairing request; if client IDs match, IoT device is associated with client ID and paired with companion app of mobile device).
Loladia does not explicitly teach wherein the message includes a device key generated on the user computing device by an application running on the user computer device.
However, Woo teaches the concept wherein a message includes a device key generated on a user computing device by an application running on the user computer device (abstract, device authentication system; paragraph 67, device 100 generates device authentication one-time-password (OTP); paragraph 69, device authentication OTP generated using random number seed; paragraph 71, device 100 puts device authentication OTP into beacon message and broadcasts beacon message; paragraph 79, application 200 receives beacon from device 100 and device authentication OTP from server 300; paragraph 82, application checks whether device authentication OTP loaded in beacon message received from device 100 and server 300 coincide to verify whether devices are authentic; paragraph 101, Fig. 5, device 100 transmits device authentication OTP to server 300). 
	It would have been obvious to one or ordinary skill in the art before the effective filing date of the claimed invention to combine the randomized one-time-password teachings of Woo with the Internet-of-things device association teachings of Loladia.  Passwords or keys generated using random data provide the benefit of increasing the entropy of the authentication data, thereby making it more difficult for an attacker to impersonate or guess the code, and improving the security environment.
Neither Loladia nor Woo explicitly teaches wherein the message includes information required for the device to connect to the service.
However, Tschofenig teaches the concept wherein a message includes information required for a device to connect to a service (abstract, authentication device used to create secure connection between Internet of Things device and service provider; paragraph 38, aim of the discovery step is to tell the IoT device what service provider it is required to establish a link with; the user provides information about the service provider via the authentication device to the IoT device; paragraph 61, 67, prior to the registration exchanges a discovery phase takes place; during this discovery phase the IoT device learns what service provider to establish a link with).
It would have been obvious to one or ordinary skill in the art before the effective filing date of the claimed invention to combine the information message teachings of Tschofenig with the Internet-of-things device association teachings of Loladia, in order to allow a user to specify which service to connect to using an IoT device, as well as provide a new device with the necessary information to connect to a service regardless of whether the service information is preloaded on the IoT device, thereby improving compatibility and user experience.

Claims 7, 19 is/are rejected under 35 U.S.C. 103 as being unpatentable over Loladia in view of Woo and Tschofenig, and further in view of Kim et al (PGPUB 2020/0275249)

Regarding Claim 7:
Loladia in view of Woo and Tschofenig teaches the method of claim 5.
Neither Loladia nor Woo nor Tschofenig explicitly teaches the method further comprising: 
requesting the device for a public encryption key; 
encrypting the message by the user computing device prior to sending the message to the device; and, 
decrypting the message by the device using a private encryption key.
However, Kim teaches the concept of a method comprising: 
requesting a device for a public encryption key (paragraph 135-140, second device requests public key KPU of user of first device; first device transmits public key KPU to second device); 
encrypting a message by a user computing device prior to sending the message to the device (paragraph 135-140, in operation, second device encrypts data with public key KPU and transmits encrypted information to first device); and, 
decrypting the message by the device using a private encryption key (paragraph 135-140, first device decrypts encrypted information with private key KPR of user of first device).
It would have been obvious to one or ordinary skill in the art before the effective filing date of the claimed invention to combine the public key encryption teachings of Kim with the Internet-of-things device association teachings of Loladia in view of Woo and Tschofenig, in order to incorporate the well-known advantages of public-key encryption techniques, such as assuring integrity, identity, and confidentiality, while preventing exposure of secret key materials during key transfer.

Regarding Claim 19:
Loladia in view of Woo and Tschofenig teaches the method of claim 13.
Neither Loladia nor Woo nor Tschofenig explicitly teaches the method further comprising: 
sending a public encryption key of the device to the user computing device upon request by the user computing device; and, 
decrypting the message using a private encryption key.
However, Kim teaches a method comprising: 
sending a public encryption key of a device to a user computing device upon request by the user computing device (paragraph 135-140, second device requests public key KPU of user of first device; first device transmits public key KPU to second device); and, 
decrypting a message using a private encryption key (paragraph 135-140, in operation, second device encrypts data with public key KPU and transmits encrypted information to first device; paragraph 135-140, first device decrypts encrypted information with private key KPR of user of first device).
It would have been obvious to one or ordinary skill in the art before the effective filing date of the claimed invention to combine the public key encryption teachings of Kim with the Internet-of-things device association teachings of Loladia in view of Woo and Tschofenig, in order to incorporate the well-known advantages of public-key encryption techniques, such as assuring integrity, identity, and confidentiality, while preventing exposure of secret key materials during key transfer.

Claim 17 is/are rejected under 35 U.S.C. 103 as being unpatentable over Loladia in view of Woo and Tschofenig, and further in view of Queralt et al (PGPUB 2018/0097640).

Regarding Claim 17:
Loladia in view of Woo and Tschofenig teaches the method of claim 13.
Neither Loladia nor Woo nor Tschofenig explicitly teaches the method further comprising opening a device-based service, wherein the device-based service is a web server that is configured to process the message from the user.
However, Queralt teaches the concept of a method comprising opening a device-based service, wherein the device-based service is a web server that is configured to process a message from a user (paragraph 70-71, user device including app for accessing service; app activated to transmit a request received by relying party web server; relying party web server then requests authentication from FIDO server).
It would have been obvious to one or ordinary skill in the art before the effective filing date of the claimed invention to combine the web server teachings of Queralt with the Internet-of-things device association teachings of Loladia in view of Woo and Tschofenig, in order to utilize common and well-understood structures for communicating over a network, such as web servers or services, to improve compatibility between various devices.

Claims 21, 24 is/are rejected under 35 U.S.C. 103 as being unpatentable over Loladia, and further in view of Woo and Yu (PGPUB 2020/0145372).

Regarding Claim 21:
Loladia teaches a device associated to a user of a service hosted at a remote location (abstract, three-way pairing handshake for internet-of-things (IoT) service, IoT device, and companion application on a mobile device), the device comprising: 
a network connection (paragraph 41, network connection);
a wiring device, the wiring device comprising a device-based service to (EXAMINER’S NOTE: Applicant’s specification does not give a definition of “wiring device”, but gives as examples elements 200, 210, 220, and 230 as shown in [0018] and Fig. 1; Applicant further describes elements 210, 220, and 230 as a “circuit breaker”, “receptacle”, and an “occupancy sensor” in [0029]; Examiner shall therefore interpret a “wiring device” as a similar device related to household electrical service; paragraph 2, “Internet-of-Things” devices include network-connected thermostats, light bulbs, power switches, etc.):
establish a first communication link to make a direct network connection to a user computing device (col 3 line 40-65, companion application and IoT device set to pairing mode to establish short-range wireless communication link), wherein a message is received from the user computing device after the user computing device joins the peer-to-peer network (col 10 line 19-41, once pairing session is active, companion app sends client ID received from identity service to IoT device over communication link established for pairing session); 
wherein the message includes a device key (col 10 line 1-18, user supplies login data to companion app; companion app authenticates self to identity service; identity service returns service managed identifier (client ID) recognized by IoT service; col 10 line 19-41, once pairing session is active, companion app sends client ID received from identity service to IoT device over communication link established for pairing session); and, 
establish a second communication link to connect to the service, wherein the device provides a device key to the service via the second communication link (col 10 line 19-41, the IoT device generates a token request message to send to the IoT service over a second communication link (e.g., using an MQTT or HTTP message sent over a wireless network connection); the request may include the client ID received over the first communication link and a device identifier (device ID) representing the IoT device; col 11 line 24-41, IoT device establishes independent connection with IoT service); 
wherein the device is associated with the user computing device in response to a determination by the service that the device key provided by the device to the service via the second communication link matches the user computing device key that the service receives from the user computing device (col 10 line 55-col 11 line 10, IoT service validates token in pairing request, including extracting client ID and device ID received from IoT device from token and comparing to client ID and device ID in pairing request; if client IDs match, IoT device is associated with client ID and paired with companion app of mobile device).
Loladia does not explicitly teach the device keys generated on the user computing device by an application running on the user computing device.
However, Woo teaches the concept of device keys generated on the user computing device by an application running on the user computing device (abstract, device authentication system; paragraph 67, device 100 generates device authentication one-time-password (OTP); paragraph 69, device authentication OTP generated using random number seed; paragraph 71, device 100 puts device authentication OTP into beacon message and broadcasts beacon message; paragraph 79, application 200 receives beacon from device 100 and device authentication OTP from server 300; paragraph 82, application checks whether device authentication OTP loaded in beacon message received from device 100 and server 300 coincide to verify whether devices are authentic; paragraph 101, Fig. 5, device 100 transmits device authentication OTP to server 300). 
	It would have been obvious to one or ordinary skill in the art before the effective filing date of the claimed invention to combine the randomized one-time-password teachings of Woo with the Internet-of-things device association teachings of Loladia.  Passwords or keys generated using random data provide the benefit of increasing the entropy of the authentication data, thereby making it more difficult for an attacker to impersonate or guess the code, and improving the security environment.
Neither Loladia nor Woo explicitly teaches the device-based service to: to start a peer-to-peer network.
However, Yu teaches the concept of a device-based service to: start a peer-to-peer network (paragraph 13-14, subscriber access device provides service set identifier in advertisement; multiple clients connect to subscriber access device connected through service set, i.e. first/second/third/etc. communication links); and
advertise the peer-to-peer network (paragraph 13-14, subscriber access device provides service set identifier in advertisement).
It would have been obvious to one or ordinary skill in the art before the effective filing date of the claimed invention to combine the communication link advertisement teachings of Yu with the Internet-of-things device association teachings of Loladia in view of Woo, in order to provide the means to automatically generate a peer-to-peer network, relying on ad hoc device advertisements to allow devices to determine the appropriate configuration without requiring user input, thereby allowing multiple clients to connect to a network independently.

Regarding Claim 24:
Loladia in view of Woo and Yu teaches the device of claim 21.  In addition, Loladia teaches wherein the device is placed into an enrollment mode (col 10 line 19-41, user initiates pairing mode on IoT device), and 
Yu teaches wherein the device advertises an identification of the peer-to-peer network so the user computing device can join the peer-to-peer network of the device (paragraph 13-14, advertisement of service set identifiers (SSID)).
The rationale to combine Loladia and Yu is the same as provided for claim 21 due to the overlapping subject matter between claims 21 and 24.

Claim 23 is/are rejected under 35 U.S.C. 103 as being unpatentable over Loladia in view of Woo and Yu, and further in view of Tschofenig.

Regarding Claim 23:
Loladia in view of Woo and Yu teaches the device of claim 21.  In addition, Loladia teaches wherein the device is one of a load control device, a switch, a dimmer, a fan, a receptacle, a ground fault circuit interrupter, an arc fault circuit interrupter, ground fault protection equipment, a home automation device, a smart home device, an "Internet of Things" device (abstract, IoT device), an audio/video device, a security device, an occupancy sensor, a surge protective device, a Universal Serial Bus device, a circuit breaker, a circuit breaker controller, and a circuit breaker aggregator.
Neither Loladia nor Woo nor Yu explicitly teaches wherein the message further includes information required for the device to connect to the service.
However, Tschofenig teaches the concept wherein a message includes information required for a device to connect to a service (abstract, authentication device used to create secure connection between Internet of Things device and service provider; paragraph 38, aim of the discovery step is to tell the IoT device what service provider it is required to establish a link with; the user provides information about the service provider via the authentication device to the IoT device; paragraph 61, 67, prior to the registration exchanges a discovery phase takes place; during this discovery phase the IoT device learns what service provider to establish a link with).
It would have been obvious to one or ordinary skill in the art before the effective filing date of the claimed invention to combine the information message teachings of Tschofenig with the Internet-of-things device association teachings of Loladia in view of Woo and Yu, in order to allow a user to specify which service to connect to using an IoT device, as well as provide a new device with the necessary information to connect to a service regardless of whether the service information is preloaded on the IoT device, thereby improving compatibility and user experience.

Claim 27 is/are rejected under 35 U.S.C. 103 as being unpatentable over Loladia in view of Woo and Yu, and further in view of Queralt.

Regarding Claim 27:
Loladia in view of Woo and Yu teaches the device of claim 21.
Neither Loladia nor Woo nor Yu explicitly teaches wherein the device further comprises a device-based service, wherein the device-based service is a web server that is configured to start up on the peer-to-peer network and to process the message from the user computing device.
However, Queralt teaches wherein a device further comprises a device-based service, wherein the device-based service is a web server that is configured to start up on a peer-to-peer network and to process a message from a user computing device (paragraph 70-71, user device including app for accessing service; app activated to transmit a request received by relying party web server; relying party web server then requests authentication from FIDO server).
It would have been obvious to one or ordinary skill in the art before the effective filing date of the claimed invention to combine the web server teachings of Queralt with the Internet-of-things device association teachings of Loladia in view of Woo and Yu, in order to utilize common and well-understood structures for communicating over a network, such as web servers or services, to improve compatibility between various devices.

Claim 29 is/are rejected under 35 U.S.C. 103 as being unpatentable over Loladia in view of Woo, Yu, and Queralt, and further in view of Vandenheste (PGPUB 2019/0021133).

Regarding Claim 29:
Loladia in view of Woo, Yu, and Queralt teaches the device of claim 27.
Neither Loladia nor Yu nor Woo nor Queralt explicitly teaches wherein the peer-to-peer network is disconnected after the device receives the message from the user computing device, and wherein the device-based service shuts down when peer-to-peer network is disconnected.
However, Vandenheste teaches the concept wherein a peer-to-peer network is disconnected after a device receives a message from a user computing device, and wherein a device-based service shuts down when the peer-to-peer network is disconnected (paragraph 26, method for controlling wireless communication between a mobile device and a IoT device; comprising maintaining a wireless connection for a period of time, and terminating the wireless connection in response to the elapse of the period of time; the period of time is determined dynamically based on the operation status associated with the mobile device and/or the IoT device; the operation status includes one or more of: a power level of the mobile device, a power level of the electronic device, an operating state of the mobile device, an operating state of the electronic device, a time or period of connection or disconnection between the mobile device and the electronic device, an application running actively on the mobile device or in a background of the mobile device; paragraph 39, upon enabling wireless connection, information is transferred between mobile device and electronic device; paragraph 41, wireless connection is terminated in response to a timeout event).
It would have been obvious to one or ordinary skill in the art before the effective filing date of the claimed invention to combine the connection termination teachings of Vandenheste with the Internet-of-things device association teachings of Loladia in view of Woo, Yu, and Queralt, in order to conserve device power and resources by termination a connection once said connection was no longer in use, which would be beneficial in an environment comprising mobile devices and Internet of Things devices, many of which rely on battery power to function.

Claim 30 is/are rejected under 35 U.S.C. 103 as being unpatentable over Loladia in view of Woo and Yu, and further in view of Kim.

Regarding Claim 30:
Loladia in view of Woo and Yu teaches the device of claim 21.
Neither Loladia nor Woo nor Yu explicitly teaches the device further comprising a private encryption key and a public encryption key of the device, wherein the device sends the public encryption key to the user computing device to receive the message, and wherein the device uses the private encryption key to decrypt the message.
However, Kim teaches a device further comprising a private encryption key and a public encryption key of the device (paragraph 135-140, first device public key KPU and private key KPR), wherein the device sends the public encryption key to a user computing device to receive a message (paragraph 135-140, second device requests public key KPU of user of first device; first device transmits public key KPU to second device), and wherein the device uses the private encryption key to decrypt the message (paragraph 135-140, first device decrypts encrypted information with private key KPR of user of first device).
It would have been obvious to one or ordinary skill in the art before the effective filing date of the claimed invention to combine the public key encryption teachings of Kim with the Internet-of-things device association teachings of Loladia in view of Woo and Yu, in order to incorporate the well-known advantages of public-key encryption techniques, such as assuring integrity, identity, and confidentiality, while preventing exposure of secret key materials during key transfer.


Response to Arguments
Applicant's arguments filed 8/24/2022 have been fully considered but they are not persuasive.

Regarding the rejection of claims under 35 USC 102:
In response to Applicant’s arguments, pages 7-9:  Examiner agrees that Loladia does not explicitly teach the amended claim language, in that the remote identity service cannot be considered an “application running on the user computer device”.  Loladia is therefore missing this element.  However, a new ground(s) for rejection is provided above which does teach this amended limitation.

 Regarding the rejection of claims under 35 USC 103:
Applicant’s arguments, pages 9-15, regarding claims 5, 13, 21, and 46, are similar to those regarding claim 1, with respect to Loladia, as the claims now incorporate similar subject matter.  Therefore, these arguments are responded to in a similar way.

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to FORREST L CAREY whose telephone number is (571)270-7814. The examiner can normally be reached 9:00AM-5:30PM M-F.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Ashok Patel can be reached on 5712723972. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/FORREST L CAREY/Examiner, Art Unit 2491                                                                                                                                                                                                        


/ASHOKKUMAR B PATEL/Supervisory Patent Examiner, Art Unit 2491