DETAILED ACTION
Claims 1-20 (filed 09/07/2022) have been considered in this action.  Claims 1, 9, 12 and 18 have been amended.  Claims 2-8, 10-11, 13-17 and 19-20 have been presented in the same format as previously presented.

Response to Arguments
Applicant’s arguments, see page 7 paragraph 4, filed 09/07/2022, with respect to objection to claims 1, 12 and 18 have been fully considered and are persuasive.  The objection of claims 1, 12 and 18 has been withdrawn. 

Applicant’s arguments, see page 8 paragraph 1, filed 09/07/2022, with respect to rejection of claims 1-20 under 35 U.S.C. 101 have been fully considered and are persuasive.  The rejection of claims 1-20 under 35 U.S.C. 101 has been withdrawn. 

Applicant’s arguments, see page 14 paragraph 3, filed 09/07/2022, with respect to rejection of claims 1-20 under 35 U.S.C. 112(a) have been fully considered and are partially persuasive.  The rejection of claims 1-8 and 18-20 under 35 U.S.C. 112(a) has been withdrawn.  A new rejection under 35 U.S.C. 112(a) is supplied below for unsupported features still present in claim 9. 

Applicant’s arguments, see page 15 paragraph 1, filed 09/07/2022, with respect to rejection of claims 1-20 under 35 U.S.C. 112(a) have been fully considered and are persuasive.  The rejection of claims 1-20 under 35 U.S.C. 112(a) has been withdrawn. 

Applicant’s arguments, see page 15 paragraph 2, filed 09/07/2022, with respect to rejection of claims 9-17 under 35 U.S.C. 112(b) have been fully considered and are persuasive.  The rejection of claims 9-17 under 35 U.S.C. 112(b) has been withdrawn. 

Applicant’s arguments, see page 15 paragraph 3, filed 09/07/2022, with respect to rejection of claims 1-20 under 35 U.S.C. 103 have been considered but are moot because the new ground of rejection does not rely on any reference applied in the prior rejection of record for any teaching or matter specifically challenged in the argument.  Applicant has amended the independent claims to provide further detail regarding how the firmware token establishes permissions of the HVAC device.  These features are taught via newly provided prior art reference Smith et al. (US 20160285874); see below for a mapping of the newly amended features to the prior art of record.
To expedite compact prosecution, the examiner notes that the claimed “firmware token” with its associated credentials and permissions is in no way linked to the claimed “device shadow” through a feature that acts as a through line between the firmware token and the device shadow.  In other words, the device shadow and the firmware token, aside from being for the same HVAC device, are claimed in such a way that the technical features of the firmware token and the device shadow are not integrated into a whole and complete technical feature that would illicit favorable consideration of novelty.  The examiner recommends amending features that link the two distinct concepts of firmware tokens and device shadow into the independent claims to expedite prosecution.

Claim Rejections - 35 USC § 112
The following is a quotation of the first paragraph of 35 U.S.C. 112(a):
(a) IN GENERAL.—The specification shall contain a written description of the invention, and of the manner and process of making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it pertains, or with which it is most nearly connected, to make and use the same, and shall set forth the best mode contemplated by the inventor or joint inventor of carrying out the invention.

The following is a quotation of the first paragraph of pre-AIA  35 U.S.C. 112:
The specification shall contain a written description of the invention, and of the manner and process of making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it pertains, or with which it is most nearly connected, to make and use the same, and shall set forth the best mode contemplated by the inventor of carrying out his invention.

Claims 9-17 are rejected under 35 U.S.C. 112(a) or 35 U.S.C. 112 (pre-AIA ), first paragraph, as failing to comply with the written description requirement. The claim(s) contains subject matter which was not described in the specification in such a way as to reasonably convey to one skilled in the relevant art that the inventor or a joint inventor, or for applications subject to pre-AIA  35 U.S.C. 112, the inventor(s), at the time the application was filed, had possession of the claimed invention.
Claim 9 recites “obtain a firmware token from an HVAC device at a registration service...”.  The examiner fails to find support for this limitation as the original disclosure never explicitly described that the firmware token resides on the HVAC device (in memory) for retrieval by a registration service.  While support is offered for obtaining a firmware token for an HVAC device at a registration service, the original disclosure fails in offering support for obtaining a firmware token from an HVAC device.  The examiner notes claims 1 and 18 are properly supported, as the preposition “for” is utilized in the corresponding limitation.  The examiner recommends amending claim 9 utilize similar phrasing as claims 1 or 18.  
Claims 10-17 are dependent upon claim 9, and thus inherit the rejection under 35 U.S.C. 112(a).

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

The factual inquiries for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.

Claims 1-20 are rejected under 35 U.S.C. 103 as being unpatentable over Leblond et al. (US 20160234186, hereinafter Leblond) in view of Sundaresan et al. (US 9396015, hereinafter Sundaresan) and Smith et al. (US 20160285874, hereinafter Smith).

In regards to Claim 1, Leblond teaches “A method for registering an HVAC device in a building management system (BMS), the method comprising” ([0039] FIG. 1A shows a block diagram illustrating example embodiments of the CASRM. In some implementations, a user 102 may wish to control resources within a home, building, and/or a similar site. In some implementations, a user may be a person living in a home, a landlord, superintendent, and/or a like entity, a resource company (e.g., an electric company), and/or the like. In some implementations, a user may wish to monitor electric, gas, water, oil, and/or like resources, and/or may wish to control electronic home and/or like appliances (including but not limited to kitchen appliances, lights, heating and air conditioning units, washing and drying machines, electronic showers and/or baths, electronic window shades and/or blinds, fans, bathroom resources, computer resources, and/or the like); [0042] In other implementations (referring to FIGS. 1B and 1C), the main and unit controllers may connect via a building automation management device (e.g., a cloud network controller, such as a device instantiating CASRM cloud 112a and/or 112b), which may facilitate a network connection between various controllers 122a-c, and/or the like in the network without physical network infrastructure at the controllers' sites. For example, in some implementations, rather than using a physical device (e.g., a BACnet IP switch, router, and/or the like) which communicates with the controllers via UDP, TCP, and/or a like protocol, and relays this information to other controllers, sites, a central processing location, and/or the like, the controllers may connect directly to the CASRM cloud, which may package the data and forward it to the appropriate recipients (e.g. an internet router 120a and/or 120b) in a format similar to that which would be sent from the physical device (e.g., via CASRM Virtual BACnet Router 116a and/or 116b and CASRM Virtual Network Proxy 118a and/or 118b)) “obtaining a firmware token for the HVAC device at a registration service...” (Fig. 1A-1E and [0045] in some implementations, a user 102 may set up a new main controller device 126, e.g., via providing user information (e.g., name, address, correspondence address, and/or the like), authentication credentials (e.g., user name, user password, user activation code if applicable, and/or the like), and/or like information to a main controller 128, to an application interface linked to the CASRM cloud, and/or the like. The main controller may attempt to register on the cloud 130 using the user-provided input, its controller information (e.g., controller ID, controller type, controller location, and/or the like), and/or any other information the cloud may need to facilitate authentication and registration of the main controller into the network, and/or the like.   In some implementations the controller may send a registration request 134 to the CASRM cloud 136 in order to be registered to the network. In some implementations, registration request 134 may take a form similar to the following: ...<user_password>********</user_password>...<controller_ID>12345678<controller_ID> ; [0047] In some implementations, if the user wishes to set up a new controller 148 (e.g., a unit controller 150, and/or the like), the user may again provide authentication credentials, user information, and/or the like to the unit controller, to a CASRM application interface, and/or the like, which may send a new registration request 152 to the CASRM cloud. In some implementations, a registration request 152 may take a form similar to registration request 134, and may comprise information about the user, the controller, and/or the like; [0129] Referring to FIG. 18, main controllers may also have device setup settings that the user may provide upon initial bootup of the main controller, and/or the like.  For example, the user may enter and/or view network settings 1804 (e.g., BACnet and/or ZigBee network settings), configuration settings 1806, setpoint and display settings for the main controller 1808, service and status view settings test outputs for the main controller 1810, and/or test outputs for the main controller 1812...[0132] Configuration settings 1806 can include...a main password for the main controller, a user password for the main controller; wherein a controller_ID is a unique device identifier and a user password or main controller password is considered a device key, as it is the authentication information used to allow access to the device and linking that device to said user) “authorizing the registration of the HVAC device using the firmware token;” (Fig. 1A-1E and [0045] in some implementations, a user 102 may set up a new main controller device 126, e.g., via providing user information (e.g., name, address, correspondence address, and/or the like), authentication credentials (e.g., user name, user password, user activation code if applicable, and/or the like), and/or like information to a main controller 128, to an application interface linked to the CASRM cloud, and/or the like. The main controller may attempt to register on the cloud 130 using the user-provided input, its controller information (e.g., controller ID, controller type, controller location, and/or the like), and/or any other information the cloud may need to facilitate authentication and registration of the main controller into the network, and/or the like; [0047] if the user wishes to set up a new controller 148 (e.g., a unit controller 150, and/or the like), the user may again provide authentication credentials, user information, and/or the like to the unit controller, to a CASRM application interface, and/or the like, which may send a new registration request 152 to the CASRM cloud. In some implementations, a registration request 152 may take a form similar to registration request 134, and may comprise information about the user, the controller, and/or the like.)  “registering the HVAC device into a database of the registration service using a unique device identifier” ([0045] the controller may send a registration request 134 to the CASRM cloud 136 in order to be registered to the network. In some implementations, registration request 134 may take a form similar to the following:TABLE-US-00001 POST /registration_message.php HTTP/1.1 Host: www.CASRMproccess.com Content-Type: Application/XML Content-Length: 788 <?XML version = “1.0” encoding = “UTF-8”?> <registration_message>...<controller_ID>12345678<controller_ID> ; wherein the cloud is well-known to be a server that stores databases and a controller_ID is considered a unique identifier; [0046] The CASRM cloud may be able to authenticate the user-provided credentials 138, and may generate a new local virtual network for the user for the new main controller 140. The new local virtual network may be stored as a new record for a virtual network in the CASRM database, and the record may be linked to and/or otherwise associated with that of the user account record; [0047] a registration request 152 may take a form similar to registration request 134, and may comprise information about the user, the controller, and/or the like. In some implementations, the CASRM cloud may use the information to create a local virtual network node 154 (e.g., a non-edge node, and/or the like) corresponding to the new unit controller, and based on the data provided to the cloud; [0055]  In some implementations, the CASRM may also receive a registration request for a secondary resource device, may authenticate the registration request, and may generate a new virtual network node with a new virtual local address, the new virtual local address corresponding to a location of the new virtual network node within the first virtual local network. The CASRM may map the new virtual network node to the secondary resource device, and may link the new virtual network node to the virtual network node corresponding to the resource management device within the first virtual local network. The CASRM may store new virtual network node information in the database, and may store permissions in the database to allow the secondary resource device to be issued instructions from the resource management device, the instructions issued from the resource management device including instructions to alter the settings on the secondary resource device; [0217] In one embodiment, the database component 3019 includes several tables 3019a-i. A user account table 3019a includes fields such as, but not limited to: user_ID, user_name, user_password, user_fname, user_lname, user_address, user_devices, user_email, user_date_added, user_controllers, user_buildings, and/or the like. The user account table may support and/or track multiple user accounts on a CASRM.[0218] A controller table 3019b includes fields such as, but not limited to: controller_ID, controller_type, controller_make, controller_model, controller_version, controller_location, controller_settings_current, controller_settings_history, controller_child_controllers, controller_initiated, controller_last_updated, and/or the like. The controller table may support and/or track multiple controllers on a CASRM.) “determining credentials associated with the HVAC device in the database of the registration service...” ([0049]the CASRM cloud may accessed off-site from the user via CASRM application 110 a and/or 110b, which may allow the user to access and/or control various controller and/or like devices; in other implementations, the user may be able to host CASRM infrastructure on-site as an application and/or software service via CASRM application 110.  In some implementations, the user may pay a subscription fee and/or the like for accessing the service, and the fee amount and/or method of payment may depend on the method of use that the user chooses. In some implementations a different service may be provided to the user based on the user's current infrastructure, management needs, and/or the like (e.g., a homeowner may obtain a different service than a landlord of multiple properties, and/or the like). In some implementations, for example, a homeowner may obtain a service which allows them to control a specified number of controllers at one site, while a landlord of multiple properties may need a more complete version of the service, e.g., one which supports multiple controllers on multiple sites, and/or the like. In some implementations settings and/or service changes may be implemented via using the user's account credentials and/or service access permissions to grant access to certain portions of the platform to the user. In some implementations the user may be able to designate sub-accounts to users of controllers at a site and/or the like, and may be able to forward subscription costs and/or the like to the sub-accounts, may be able to receive monetary incentives for signing up sub-accounts with CASRM, and/or the like. In some implementations, users may be able to reassign device addresses, ownership, and/or the like on the fly in order to adapt to temporary conditions within a building (e.g. conventions, parties, guests, and/or the like; e.g., see FIGS. 12A-B); [0080] Although only unit controllers are discussed hereinafter, it is to be understood that settings, instructions, and/or the like could also be sent to appliances and/or like devices. Moreover, in some embodiments, these settings include but are not limited to instructions to change user preferences; functions to manage site addresses; functions to manage user credentials and/or like system properties and functions; [0092] FIG. 4 shows a logic flow diagram illustrating initiating a new controller in some embodiments of the CASRM. In some implementations, the user may connect 402 to the new CASRM main controller, or may connect to a controller interface via her electronic device, and may provide user login credentials (e.g. a username and passport), new user information (e.g. name, address, username, password, email, phone number, map of home, office/and or the like layout, and/or the like), and/or like information. In some implementations, the main controller may receive the user's input and generate a setup request 404 to the cloud containing the user input, controller information (e.g. the controller ID, the controller location, and/or the like; [0217] In one embodiment, the database component 3019 includes several tables 3019a-i. A user account table 3019a includes fields such as, but not limited to: user_ID, user_name, user_password, user_fname, user_lname, user_address, user_devices, user_email, user_date_added, user_controllers, user_buildings, and/or the like. The user account table may support and/or track multiple user accounts on a CASRM.) “providing the credentials to the HVAC device for operation of the HVAC device in accordance with the one or more permissions” (Fig. 3-6 and [0086] In some implementations, the cloud may send a controller setup response 326 back to the main controller, indicating that the database has successfully initialized the new user-controller relationship in the cloud. In some implementations, the user may then start to provide controller settings, instructions, restrictions, controls, and/or the like 328 to the main controller. The main controller may update itself with those settings 329, and may also send a controller update message 330 to the cloud in order to indicate that a change in settings has been made to the main controller; [0095] In some implementations, a user may subsequently update 418 the main controller's settings. The main controller may configure its internal settings 420 based on the user-provided settings data, and then may generate and send a controller setting update message to the CASRM cloud. In some implementations, the user may instead provide the settings information (e.g., to the controller and/or directly to the cloud), and the cloud, after receiving the controller settings 424 and storing the updated settings in the controller's update history, [0097] FIG. 5 shows a data flow diagram illustrating updating controller settings in some embodiments of the CASRM. In some implementations, a user 502 may user her electronic device 504 in order to provide settings input 506 to a CASRM main controller 508. In some implementations, the settings input may include aggregate settings for a plurality of unit controllers and/or like devices. The main controller may send these settings and authentication information to the CASRM cloud via a settings authentication request 510.  In some implementations, settings authentication request 510 may be an XML-encoded HTTP(S) POST message that may take a form similar to the following: [0098] In some implementations, the cloud may authenticate 516 the request to change controller settings via querying 518 the database 520 to ensure the user provided the correct credentials for the main controller and for the unit controllers. If the user is authenticated, the cloud may send a settings authentication response 522 to the main controller indicating that it has permission to forward 524 the settings to the unit controllers...In some implementations, the settings update messages 526a-c may be XML-encoded HTTP(S) POST messages that may take a form similar to the following:...user password; [0100] a user may provide controller settings 602 to her main controller. Said settings may include temperature changes (e.g. lowering/raising temperatures, setting minimum/maximum temperatures, and/or the like), setting resource schedules, and/or like settings. Once the main controller receives the settings 604 from the user, the main controller may generate and send a settings authentication request to the CASRM cloud 606 via a TCP or UDP NAT traversal connection (e.g. TCP/UDP hole punching). The cloud, after receiving 608 the settings authentication request, may authenticate the user's request to change her controller settings 610 based on the user's provided credentials and based on which of the controllers the user wishes to update have records which are linked to her account. If the authentication is successful 612, then the cloud may generate and send an authentication response to the main controller 616 indicating that the authentication was successful; wherein because the user is sending the credentials (user name and password) to the main controller for changing settings it is considered providing them, and operates in accordance with the permissions when the user name and password has the authority to change settings) “and generating a device shadow...comprising one or more data points associated with the HVAC device, wherein the device shadow provides a virtual representation of the HVAC device within the BMS” ([0046] The CASRM cloud may also create a new local virtual network edge node for the main controller to 142 to add to the local virtual network. In some implementation the node may contain information corresponding to the main controller (e.g., controller data and/or the like), and may also be linked to the user (e.g., may also contain user-provided information, and/or the like), and may be assigned a virtual IP and/or like network address which is mapped onto the physical main controller device, and/or the like. The node may also be configured to have particular relationships with other nodes already in the network, if applicable (e.g., may be designated as a node through which other nodes within the network must interface with in order to communicate with the CASRM cloud, or a node which only communicates with certain other nodes within the network, and/or the like). The CASRM cloud may store routing tables and/or the like corresponding to the virtual network, and/or the like. In some implementations the CASRM cloud may then instantiate the virtual network node within the virtual network 144 (e.g., may modify the virtual network record to include the node and to include its connections to other nodes within the network, and/or the like), and may send a registration response 146 to the main controller, user, and/or the like, which may provide a confirmation that the controller has been added to the virtual network, and/or the like; [0125] In some implementations, referring to FIG. 14, the user may be able to edit settings for her controllers, including the time, time zone, date, and/or the like for the controllers 1402, the network settings for the controller 1404, particular network layer (e.g., Ethernet, CANbus, Zigbee, and/or the like) settings 1406, and/or the like. [0126] In some implementations, referring to FIG. 15, the user may also be able to view a list 1502 of all of her devices and/or the like which have been added to her account, and may be able to search for 1504 and/or select any of the devices (which, in some implementations, may also be referred to as nodes within the user's local network) in order to edit the settings of the devices, viewing the status of the devices, and/or the like; [0128] In some implementations, referring to FIG. 17, the user may also be able to view her controllers and/or like devices via a map interface 1702 which may mark the user's devices (e.g., via green markers on the map 1704), may provide sensor and/or like data from each device 1706, units for the data provided by each device 1708, and/or the like) “and at least one of (i) reading, by a second device of the BMS, values of the one or more data points from the device shadow or (ii) writing, by the second BMS device, the values of the one or more data points to the device shadow” ([0043] In some implementations, the CASRM cloud may also be able to facilitate the virtualization of a local network of physical devices (e.g., a user-specified local network of unit controllers 124a-124c, and/or the like). In some implementations, the virtual network architecture implemented by the CASRM cloud may also be able to provide security to communications between controllers and/or control devices that may not be able to be handled by a traditional BACnet and/or the like infrastructure (e.g., may be able to provide a way of granting varying user access privileges, providing a secure form of communication between controllers via providing an extra layer of security with regards to communications between devices, and/or the like). [0046] In some implementations the CASRM cloud may generate and/or modify rules for the virtual network (e.g., may specify how nodes within the virtual network interact with each other, with other nodes in other virtual networks, with the CASRM cloud, and/or like entities)... The node may also be configured to have particular relationships with other nodes already in the network, if applicable (e.g., may be designated as a node through which other nodes within the network must interface with in order to communicate with the CASRM cloud, or a node which only communicates with certain other nodes within the network, and/or the like). The CASRM cloud may store routing tables and/or the like corresponding to the virtual network, and/or the like. In some implementations the CASRM cloud may then instantiate the virtual network node within the virtual network 144 (e.g., may modify the virtual network record to include the node and to include its connections to other nodes within the network, and/or the like); [0055] In some implementations, the CASRM may also receive a registration request for a secondary resource device, may authenticate the registration request, and may generate a new virtual network node with a new virtual local address, the new virtual local address corresponding to a location of the new virtual network node within the first virtual local network. The CASRM may map the new virtual network node to the secondary resource device, and may link the new virtual network node to the virtual network node corresponding to the resource management device within the first virtual local network. The CASRM may store new virtual network node information in the database, and may store permissions in the database to allow the secondary resource device to be issued instructions from the resource management device, the instructions issued from the resource management device including instructions to alter the settings on the secondary resource device; 
Leblond fails to teach “...wherein the firmware token establishes one or more permissions of the HVAC device; determining credentials associated with the HVAC device in the database of the registration service based on the one or more permissions of the HVAC device established by the firmware token; and generating a device shadow based on a device template, the device template comprising one or more data points associated with the HVAC device...”.
Smith teaches “obtaining a firmware token for the HVAC device at a registration service, wherein the firmware token establishes one or more permissions of the HVAC device” ([0085] The authentication service 532 may generate a JSON Web Token (JWT) 566 that includes application and user permissions. The authentication service 532 may sign the JWT 566 with a private key and may append the signature to the JWT 566. The authentication service 532 may return JWT 566 to the client device 520. It should be noted that the authentication service 532 may combine the authentication and authorization processes into a single process resulting in a JWT 566 being returned to the client device 520; [0028] Examples of automation tasks include adjusting lighting, operating and monitoring security systems, controlling heating and air conditioning, scheduling and operating water sprinkling, adjusting window coverings, controlling entertainment devices and controlling food preparation appliances, etc. Examples of the one or more automation devices 110 include lights and/or lighting systems, thermostats, audio systems, security cameras, web cameras, sprinkling systems, security systems, televisions, game consoles, computers, etc.; [0034] A direct link between the client device 120 and the controller 102 may be more efficient and reduce the chance of errors occurring during communication. A direct link may be achieved by including the API 108 in the controller 102 and using a reflector service 116 on the cloud server 114. The link between the client device 120, cloud server 114 and the controller 102 may be established based on a security token 124 sent by the client device 120. [0035] The security token 124 may allow the link to traverse the security service 112. For example, the cloud server 114 may validate the security token 124 and create a session for the client device 120 and the controller 102. It should be noted that a web service may issue JSON Web Token (JWT) given proper credentials. The JWT itself can be validated independently of a cloud server if the correct public key is present where it is being validated; [0043] The cloud server 114 may include a reflector service 116. The reflector service 116 may also be referred to as a “Representational State Transfer (REST) Reflector/Forwarder,” or simply “reflector.” The cloud server 114 may establish a link with the controller 102 by forwarding the security token 124 sent by the client device 120. For example, the security token 124 may be a JWT that is used to direct a request received by the reflector (e.g., reflector service 116) to the controller 102 referenced in the validated JWT; [0090] The client device 520 may make an API call by sending an API request 528, parameters 568 and the JWT 566 to the REST forwarder 516. The REST forwarder 516 may validate the JWT 566 signature using an authorization/security public key. The REST forwarder 516 may inspect the JWT 566 ensuring that the client device 520 has remote access permissions; [0092] The REST forwarder 516 may retrieve an available worker from the session worker pool using the API request 528, parameters 568 and JWT 566. A worker sends the API request 528 and the JWT 566 to the controller 502 through the pre-allocated relay server 564 IP and port. [0093] The relay server 564 may forward/relay the packet(s) from the worker to the controller 502. The controller 502 may validate the JWT 566 with an authorization/security public key. The controller 502 may inspect the JWT 566 ensuring the client device 520 has appropriate permission levels to execute the API. If the client device 520 has an invalid permission level, then the controller 502 may return a “403 NOT AUTHORIZED” response) “registering the HVAC device into a database of the registration service...” ([0086] The controller 502 may contact the connection service 534 in order to register the location of the controller 502. The connection service 534 may comprise a service with which the controller 502 may communicate over the network using a communication protocol. The connection service 534 may negotiate a link between the controller 502 and the cloud server 514.) “determining credentials associated with the HVAC device in the database of the registration service based on the one or more permissions of the HVAC device established by the firmware token;” ([0090] The client device 520 may make an API call by sending an API request 528, parameters 568 and the JWT 566 to the REST forwarder 516. The REST forwarder 516 may validate the JWT 566 signature using an authorization/security public key. The REST forwarder 516 may inspect the JWT 566 ensuring that the client device 520 has remote access permissions; [0092] The REST forwarder 516 may retrieve an available worker from the session worker pool using the API request 528, parameters 568 and JWT 566. A worker sends the API request 528 and the JWT 566 to the controller 502 through the pre-allocated relay server 564 IP and port. [0093] The relay server 564 may forward/relay the packet(s) from the worker to the controller 502. The controller 502 may validate the JWT 566 with an authorization/security public key. The controller 502 may inspect the JWT 566 ensuring the client device 520 has appropriate permission levels to execute the API. If the client device 520 has an invalid permission level, then the controller 502 may return a “403 NOT AUTHORIZED” response).
It would have been obvious to a person having ordinary skill in the art before the effective file date of the claimed invention to have modified the system that uses a token to register an HVAC device to a building automation/management system using a cloud service with the use of permissions that are included in the token so that certain permissions are checked to ensure devices that have proper security credentials and permissions are allowed to access the HVAC device because by including the permissions in the token it would prevent unauthorized access and usage of the HVAC device.  Furthermore, both Leblond and Smith can be considered in the same field of use, as both deal with automation systems/building management systems that use tokens to authorize access to HVAC devices so that only authorized persons and devices are able to access that HVAC device, thus making their combination more obvious.  By combining these elements, it can be considered taking the known HVAC device token that contains a unique ID and credentials, and modifying it by including permissions in the token in a known way to achieve predictable results. 
The combination of Leblond and Smith fail to teach “and generating a device shadow based on a device template, the device template comprising one or more data points associated with the HVAC device...”
Sundaresan teaches “and generating a device shadow based on a device template, the device template comprising one or more data points associated with the HVAC device, wherein the device shadow provides a virtual representation of the HVAC device within the BMS” ([col 2 line 20] The templating framework uses one or multiple device templates to define and generate virtual devices; [col 10 line 31] Template association module 215 associates specific devices and/or types of devices to device templates 232A-C. A single device (e.g., a particular product of an OEM) may be associated with a single device template or with multiple different device templates. The device may be identified by a product identifier assigned to that device; [col 5 line 1] Status updates received from the embedded systems 150A-C may identify values or states of some or all detectable parameters of devices 135A-C that the embedded systems are included in. Status updates may also include fault information, statistical device usage information, trace data and/or other information. Such values, states and/or other information may change based on direct user interaction with the devices. Such values, states and/or other information may also change responsive to commands sent to the embedded systems 150A-C by the WAN accessible service 130 and/or by computing devices 105A-C via an appropriate virtual device 185A-C; [col 3 line 17] The devices 135A-C may also include consumer devices such as...HVAC systems) “and at least one of (i) reading, by a second device of the BMS, values of the one or more data points from the device shadow or (ii) writing, by the second BMS device, the values of the one or more data points to the device shadow” ([col 6 line 17] The virtual device 185A-C is then connected to a particular physical device 135A-C (e.g., to an embedded system 150A-C of a particular physical device 135A-C), and may be used to monitor, interface with, and control that physical device; [col 6 line 55] Computing devices 105 may include a remote control application (or multiple remote control applications) 115 that can receive information for devices 135A-C and control the devices 135A-C via virtual devices 185A-C. The remote control application 115 is configured to interface with one or more virtual devices 185A-C, and may issue commands to the connected virtual devices 185A-C. The virtual devices 185A-C may then format the commands into a protocol used by associated physical devices 185A-C and/or generate new commands in such a protocol. The virtual devices 185A-C may then send the new or modified commands to associated physical devices 135A-C (e.g., via the devices' embedded systems 150A-C) to control the physical devices 135A-C; [col 12 line 65] physical device 366A may be a thermostat from a first manufacturer with a distinct set of physical attributes 374A. First level virtual device 380A may be configured with the physical attributes 374A of the physical device 366A and with logical attributes 384A specific to that physical device 366A... Second level virtual device 378A and second level virtual device 378B may be separate instances of virtual devices generated from the same templates. Each of the second level virtual devices 378A-B may include a common API that remote control applications 370A-B can use to communicate with the second level virtual devices 378A-B. The second level virtual devices 378A-B include application interfaces 395A-B that translate commands from the remote control applications 370A-B into commands that can be acted on by the specific first level virtual devices 380A-B. Additionally, the second level virtual devices 378A-B may translate data from the first level virtual devices 380A-B into a common format that can be used by the remote control applications 370A-B. This enables a single remote control application 370A-B to be used to interface with and control multiple different types of devices).
It would have been obvious to a person having ordinary skill in the art before the effective file date of the claimed invention to have modified the system that registers Internet of Thing devices that include functionality for controlling HVAC systems, the registration providing unique identifiers and keys that allow authentication the device with a cloud-based service and credentials that include permissions that allow different users to access and modify settings such that virtual nodes are creating that offering a virtual representation of a device to a building management system that manages devices in a building as taught by Leblond with the use of the templates that allow creation of virtual devices for representation in a building management system, the templates including data points associated with HVAC devices as taught by Sundaresan because by using templates for creating virtual representation of devices would offer the added benefit noted by Sundaresan “[col 1 line 60] Embodiments are directed to a network-connected device platform (also referred to as an internet-of-things (IoT) cloud platform or simply an IoT platform) having an agile templating framework that provides flexible generation and modification of virtual devices that can be used to facilitate, supplement and modify the functionality of physical devices”.  By using templates to generate the device nodes it would gain the inherent benefit of having the user enter less information during the setup of the node, because certain data points would have values or parameters already defined as opposed to having to be individually created for each new controller and device.  Additional benefits noted by Sundaresan include “[col 2 line 38] The agile templating framework enables the functionality, attributes and/or behaviors of a physical device to change over time. Such changes may occur even to physical devices that have been deployed to customer locations. In many instances, changes may be implemented based on updating business logic executed at a server (e.g., a cloud based server) without writing new software code for execution on the physical device or for execution on a server. This shortens and simplifies a product development cycle”.  Furthermore, both Leblond and Sundaresan can be considered in a related field, as both deal with internet of things devices being registered via a cloud-based service, thus obviating the use of the templates from Sundaresan into the system of Leblond.  By combining these elements, it can be considered taking the known method of providing templates for registering devices in a cloud system so that the template provides a data point associated with an internet of things HVAC device, and using it to improve the internet of things HVAC device registration system of Leblond such that when a virtual representation of an internet of things HVAC device is created, it is based on a template so that certain specific data points are created in the virtual representation, including certain settings and feedback values.  

In regards to Claim 2, Leblond, Smith and Sundaresan teach the method of registering an HVAC device as incorporated by claim 1 above.  
Sundaresan further teaches “The method of claim 1, wherein the  device template is associated with the unique device identifier” ([col 2 line 20] The templating framework uses one or multiple device templates to define and generate virtual devices; [col 10 line 31] Template association module 215 associates specific devices and/or types of devices to device templates 232A-C. A single device (e.g., a particular product of an OEM) may be associated with a single device template or with multiple different device templates. The device may be identified by a product identifier assigned to that device).

In regards to Claim 3, Leblond, Smith and Sundaresan teach the method of registering an HVAC device as incorporated by claim 1 above.  Leblond further teaches “The method of claim 1, wherein the registration service is implemented using one or more cloud-based servers” ([0045] a user 102 may set up a new main controller device 126, e.g., via providing user information (e.g., name, address, correspondence address, and/or the like), authentication credentials (e.g., user name, user password, user activation code if applicable, and/or the like), and/or like information to a main controller 128, to an application interface linked to the CASRM cloud, and/or the like. The main controller may attempt to register on the cloud 130 using the user-provided input).

In regards to Claim 4, Leblond, Smith and Sundaresan teach the method of registering an HVAC device as incorporated by claim 1 above.  Sundaresan further teaches “The method of claim 1, further comprising comparing the one or more data points of the device template against one or more data points of the HVAC device and updating the device shadow with at least one data point of the HVAC device that is different from a data point of the device template” ([col 2 line 38] The agile templating framework enables the functionality, attributes and/or behaviors of a physical device to change over time. Such changes may occur even to physical devices that have been deployed to customer locations. In many instances, changes may be implemented based on updating business logic executed at a server (e.g., a cloud based server) without writing new software code for execution on the physical device or for execution on a server. This shortens and simplifies a product development cycle, and enables additional tools such as A-B testing between different versions of physical devices, where each version may have the same hardware and the same software but a different virtual device and business logic executed on a remote server. Additionally, templates may be used to quickly and easily define the functionality of a new product based on modifying and/or reusing device templates formerly created for other devices. This can further simplify product design and shorten the product development cycle. [col 7 line 34] (41) Template editor 210 is responsible for creating new device templates and editing existing templates. Template editor 210 may create a blank template or may create a new template based on an existing template. Template editor 210 may receive template data 220 that is used to populate fields and/or entries in the template, where each field or entry may be for a particular device attribute. Template data 220 may be input or selected by a user via a user interface 218. Alternatively, or additionally, template data 220 may be imported from existing templates and/or from other sources).

In regards to Claim 5, Leblond, Smith and Sundaresan teach the method of registering an HVAC device as incorporated by claim 1 above.  Leblond further teaches “The method of claim 1,  wherein the firmware token is only valid for a defined time period” ([0103] FIG. 8 shows a data flow diagram illustrating utilizing control codes in some embodiments of the CASRM. In some implementations, a home, building hotel, and/or like manager 802 may send a new guest message 804 to the CASRM server 806, indicating that a new user may be occupying a room for a specified period of time. In some implementations, new guest message 804 may be an XML-encoded HTTP(S) POST message which may take a form similar to the following; [0105] In some implementations the server may generate 812 a new authentication code, verification code, and/or the like for the main controller. In some implementations the verification code may be QR code, barcode, NFC or RFID tag, and/or a like mechanism, data. In some implementations at least a part of the authentication code may identify the controller the guest is attempting to access (e.g. part of the authentication code may comprise the controller model number, ID, and/or the like). The server may send the verification code, along with an expiration time and/or date for the code, via a new verification code message 814 to the main controller 816. The main controller may then display the verification code (e.g. if it is a QR or barcode), update the settings of a previously-existing code (e.g. update the contents of an NFC and/or RFID tag), and/or the like).

In regards to Claim 6, Leblond, Smith and Sundaresan teach the method of registering an HVAC device as incorporated by claim 1 above.  Leblond further teaches “The method of claim 1, further comprising claiming, by a user, the HVAC device, wherein claiming the HVAC device allows the user to manage the HVAC device within the BMS” ([0049] In some implementations, users may be able to reassign device addresses, ownership, and/or the like on the fly in order to adapt to temporary conditions within a building (e.g. conventions, parties, guests, and/or the like; e.g., see FIGS. 12A-B).  [0058] A user may use a web application and/or a like user interface in order to obtain information from the main controller and/or other network-enabled devices. In some implementations the web application can provide a user with a dashboard which enables the user to manage and/or modified the settings of the devices installed in different sites. For example, a user can view all metering devices on a site and/or can view detailed metering information corresponding to a specific device; [0082] unit controllers may also receive settings 220a-c from users 218a-b who are only in control of local controllers (e.g. an employee in control of a thermostat in his office, a homeowner in control of a control device in her home, and/or the like). These users may be able to send settings to controllers they own (e.g. 216a-c), and may also be able to forward those settings to other controllers in their possession that can be controlled through their unit controllers (e.g. controllers 222a-c, which may control particular rooms in a multi-room home). However, in some implementations, restrictions may be placed on who may be allowed to send instructions, settings, and/or the like to other unit controllers under the control of the main controller, and/or the like. For example, user 218c may be able to send settings and/or instructions 220c to unit controller 216c, but may not be able to send settings and/or instructions 224a to Kitchen Controller 222c, as both user 218 and his controller may not have permission to affect Kitchen Controller 222c; [0085] In some implementations, a CASRM server 314 in the cloud may parse 316 controller, user, and/or like data from the controller setup request. The server may also update the controller's data to indicate new ownership, create or update a user record for the user initializing the controller, and/or the like 318 [0127]  the user may also be able to set permissions 1602 for the controllers, e.g., in order to determine who may change settings and/or like aspects of the user's local network, and/or the like. In some implementations the user may set permissions for controllers, resource management devices, network settings, input and/or output settings, and/or like settings, based on the type of user 1604 (e.g., based on whether the user is an administrative user, regular user, maintenance user, and/or the like).

In regards to Claim 7, Leblond, Smith and Sundaresan teach the method of registering an HVAC device as incorporated by claim 1 above.  Leblond further teaches “The method of claim 1, wherein the one or more permissions of the HVAC device comprise one or more features accessible by the HVAC device” ([0049] In some implementations, the user may pay a subscription fee and/or the like for accessing the service, and the fee amount and/or method of payment may depend on the method of use that the user chooses. In some implementations a different service may be provided to the user based on the user's current infrastructure, management needs, and/or the like (e.g., a homeowner may obtain a different service than a landlord of multiple properties, and/or the like). In some implementations, for example, a homeowner may obtain a service which allows them to control a specified number of controllers at one site, while a landlord of multiple properties may need a more complete version of the service, e.g., one which supports multiple controllers on multiple sites, and/or the like. In some implementations settings and/or service changes may be implemented via using the user's account credentials and/or service access permissions to grant access to certain portions of the platform to the user; [0082]  user 218c may be able to send settings and/or instructions 220c to unit controller 216c, but may not be able to send settings and/or instructions 224a to Kitchen Controller 222c, as both user 218 and his controller may not have permission to affect Kitchen Controller 222c. Additionally, as unit controller 216c and main controller 216 may have a child-parent relationship, unit controller 216c may not be able to send settings and/or instructions 224b to main controller 216. However, lower-hierarchy controllers, such as room controllers 222a-c and unit controllers 216a-c, may be able to send logs, reports, and/or the like 226 to the main controller in order to allow the main controller to keep track of resource and/or appliance usage, local user settings, and/or the like. [0171] FIG. 25 shows a logic flow diagram illustrating adding a license to an account, in some embodiments. In some implementations, a user may log into her user account, e.g., via a process 2510-2528 similar to that in FIG. 23. A user may indicate to the building expert cloud web user interface 2502 account page that she would like to purchase a service license, at which point the building expert cloud web user interface may forward the user's data (e.g., credentials, selection for the license, and/or the like) to the building expert cloud application 2504).  In addition, Smith teaches this limitation ([0093] The relay server 564 may forward/relay the packet(s) from the worker to the controller 502. The controller 502 may validate the JWT 566 with an authorization/security public key. The controller 502 may inspect the JWT 566 ensuring the client device 520 has appropriate permission levels to execute the API. If the client device 520 has an invalid permission level, then the controller 502 may return a “403 NOT AUTHORIZED” response. In this case, the call stack unwinds, returning the response to the client device 520 (via the controller 502, relay server 564, REST forwarder 516, client device 520).  [0094] If the controller 502 determines that the client device 520 has a valid permission level, the controller 502 may execute the API 508. By executing the API 508, the controller 502 may produce an automation command 509. The controller 502 may then execute the automation command 509 or send the automation command 509 to an automation device 510 where the automation command 509 may be implemented. The controller 502 may return a response to client (e.g., the call stack unwinds: controller 502, relay server 564, REST forwarder 516, client device 520)).

In regards to Claim 8, Leblond, Smith and Sundaresan teach the method of registering an HVAC device as incorporated by claim 1 above.  Leblond further teaches “The method of claim 1, wherein the HVAC device is configured to transmit time series data to the BMS upon the registration of the HVAC device” ([0040] the main controller may be a device particularly designed for detecting and/or monitoring a particular resource, appliance, and/or the like...The main controller may provide data such as the current date and/or time, resource usage, indoor and/or outdoor temperatures, humidity, weather data, custom utility logos, and/or like information. [0041] Main controllers may be configured for residential buildings, commercial buildings, hospitality locales (e.g., hotels and/or the like), and/or other such locations; [0050] Such unit controllers and/or appliances may also send data (e.g. usage logs, reports, confirmations, and/or the like) to the main controller to allow the main controller to determine usage patterns and/or other useful information in determining further settings, restrictions, and/or the like to issue to the devices and/or appliances; [0071] In order to know if and when a room's temperature has changed, the CASRM cloud server may use “watches” (e.g. oBix watch objects and/or the like) to monitor data in real-time. In some implementations, a client may create a watch object which may have a make operation on the CASRM cloud server's WatchServiceURI, and/or a like service. The CASRM cloud server may define a new Watch object and may provide a URI to access the new watch object. In some implementations the client may register or unregister objects to be watched using the Watch object provided by the CASRM cloud server. The client may also periodically poll the Watch URI via a pollChanges operation in order to determine what events have occurred since the URI was last polled...In some implementations Watches allow a client to maintain a substantially real-time cache and/or event history for one or more objects. They may also be used to access an event stream from a feed object).  

In regards to Claim 9, Leblond teaches “A building management system (BMS), the system comprising” ([0039] FIG. 1A shows a block diagram illustrating example embodiments of the CASRM. In some implementations, a user 102 may wish to control resources within a home, building, and/or a similar site. In some implementations, a user may be a person living in a home, a landlord, superintendent, and/or a like entity, a resource company (e.g., an electric company), and/or the like. In some implementations, a user may wish to monitor electric, gas, water, oil, and/or like resources, and/or may wish to control electronic home and/or like appliances (including but not limited to kitchen appliances, lights, heating and air conditioning units, washing and drying machines, electronic showers and/or baths, electronic window shades and/or blinds, fans, bathroom resources, computer resources, and/or the like); [0042] In other implementations (referring to FIGS. 1B and 1C), the main and unit controllers may connect via a building automation management device (e.g., a cloud network controller, such as a device instantiating CASRM cloud 112a and/or 112b), which may facilitate a network connection between various controllers 122a-c, and/or the like in the network without physical network infrastructure at the controllers' sites. For example, in some implementations, rather than using a physical device (e.g., a BACnet IP switch, router, and/or the like) which communicates with the controllers via UDP, TCP, and/or a like protocol, and relays this information to other controllers, sites, a central processing location, and/or the like, the controllers may connect directly to the CASRM cloud, which may package the data and forward it to the appropriate recipients (e.g. an internet router 120a and/or 120b) in a format similar to that which would be sent from the physical device (e.g., via CASRM Virtual BACnet Router 116a and/or 116b and CASRM Virtual Network Proxy 118a and/or 118b)) “and a distributed BMS device comprising a processor, the processor configured to:” (Fig. 30 and [0039] FIG. 1A shows a block diagram illustrating example embodiments of the CASRM. In some implementations, a user 102 may wish to control resources within a home, building, and/or a similar site. In some implementations, a user may be a person living in a home, a landlord, superintendent, and/or a like entity, a resource company (e.g., an electric company), and/or the like. In some implementations, a user may wish to monitor electric, gas, water, oil, and/or like resources, and/or may wish to control electronic home and/or like appliances (including but not limited to kitchen appliances, lights, heating and air conditioning units, washing and drying machines, electronic showers and/or baths, electronic window shades and/or blinds, fans, bathroom resources, computer resources, and/or the like); [0042] the main and unit controllers may connect via a building automation management device (e.g., a cloud network controller, such as a device instantiating CASRM cloud 112a and/or 112b), which may facilitate a network connection between various controllers 122a-c, and/or the like in the network without physical network infrastructure at the controllers' sites; [0234] The component collection may be consolidated and/or distributed in countless variations through standard data processing and/or development techniques. Multiple instances of any one of the program components in the program component collection may be instantiated on a single node, and/or across numerous nodes to improve performance through load-balancing and/or data-processing techniques; wherein a cloud is well-known to be a server with processor and memory) “obtaining a firmware token for the HVAC device at a registration service...” (Fig. 1A-1E and [0045] in some implementations, a user 102 may set up a new main controller device 126, e.g., via providing user information (e.g., name, address, correspondence address, and/or the like), authentication credentials (e.g., user name, user password, user activation code if applicable, and/or the like), and/or like information to a main controller 128, to an application interface linked to the CASRM cloud, and/or the like. The main controller may attempt to register on the cloud 130 using the user-provided input, its controller information (e.g., controller ID, controller type, controller location, and/or the like), and/or any other information the cloud may need to facilitate authentication and registration of the main controller into the network, and/or the like.   In some implementations the controller may send a registration request 134 to the CASRM cloud 136 in order to be registered to the network. In some implementations, registration request 134 may take a form similar to the following: ...<user_password>********</user_password>...<controller_ID>12345678<controller_ID> ; [0047] In some implementations, if the user wishes to set up a new controller 148 (e.g., a unit controller 150, and/or the like), the user may again provide authentication credentials, user information, and/or the like to the unit controller, to a CASRM application interface, and/or the like, which may send a new registration request 152 to the CASRM cloud. In some implementations, a registration request 152 may take a form similar to registration request 134, and may comprise information about the user, the controller, and/or the like; [0129] Referring to FIG. 18, main controllers may also have device setup settings that the user may provide upon initial bootup of the main controller, and/or the like.  For example, the user may enter and/or view network settings 1804 (e.g., BACnet and/or ZigBee network settings), configuration settings 1806, setpoint and display settings for the main controller 1808, service and status view settings test outputs for the main controller 1810, and/or test outputs for the main controller 1812...[0132] Configuration settings 1806 can include...a main password for the main controller, a user password for the main controller; wherein a controller_ID is a unique device identifier and a user password or main controller password is considered a device key, as it is the authentication information used to allow access to the device and linking that device to said user) “register the HVAC device into a database of the registration service using a unique device identifier” (Fig. 1A-1E and [0045] the controller may send a registration request 134 to the CASRM cloud 136 in order to be registered to the network. In some implementations, registration request 134 may take a form similar to the following:TABLE-US-00001 POST /registration_message.php HTTP/1.1 Host: www.CASRMproccess.com Content-Type: Application/XML Content-Length: 788 <?XML version = “1.0” encoding = “UTF-8”?> <registration_message>...<controller_ID>12345678<controller_ID> ; wherein the cloud is well-known to be a server that stores databases; [0046] The CASRM cloud may be able to authenticate the user-provided credentials 138, and may generate a new local virtual network for the user for the new main controller 140. The new local virtual network may be stored as a new record for a virtual network in the CASRM database, and the record may be linked to and/or otherwise associated with that of the user account record; [0047] a registration request 152 may take a form similar to registration request 134, and may comprise information about the user, the controller, and/or the like. In some implementations, the CASRM cloud may use the information to create a local virtual network node 154 (e.g., a non-edge node, and/or the like) corresponding to the new unit controller, and based on the data provided to the cloud; [0055]  In some implementations, the CASRM may also receive a registration request for a secondary resource device, may authenticate the registration request, and may generate a new virtual network node with a new virtual local address, the new virtual local address corresponding to a location of the new virtual network node within the first virtual local network. The CASRM may map the new virtual network node to the secondary resource device, and may link the new virtual network node to the virtual network node corresponding to the resource management device within the first virtual local network. The CASRM may store new virtual network node information in the database, and may store permissions in the database to allow the secondary resource device to be issued instructions from the resource management device, the instructions issued from the resource management device including instructions to alter the settings on the secondary resource device; [0217] In one embodiment, the database component 3019 includes several tables 3019a-i. A user account table 3019a includes fields such as, but not limited to: user_ID, user_name, user_password, user_fname, user_lname, user_address, user_devices, user_email, user_date_added, user_controllers, user_buildings, and/or the like. The user account table may support and/or track multiple user accounts on a CASRM.[0218] A controller table 3019b includes fields such as, but not limited to: controller_ID, controller_type, controller_make, controller_model, controller_version, controller_location, controller_settings_current, controller_settings_history, controller_child_controllers, controller_initiated, controller_last_updated, and/or the like. The controller table may support and/or track multiple controllers on a CASRM.) “determine credentials associated with the HVAC device in the database of the registration service...” ([0049]the CASRM cloud may accessed off-site from the user via CASRM application 110 a and/or 110b, which may allow the user to access and/or control various controller and/or like devices; in other implementations, the user may be able to host CASRM infrastructure on-site as an application and/or software service via CASRM application 110.  In some implementations, the user may pay a subscription fee and/or the like for accessing the service, and the fee amount and/or method of payment may depend on the method of use that the user chooses. In some implementations a different service may be provided to the user based on the user's current infrastructure, management needs, and/or the like (e.g., a homeowner may obtain a different service than a landlord of multiple properties, and/or the like). In some implementations, for example, a homeowner may obtain a service which allows them to control a specified number of controllers at one site, while a landlord of multiple properties may need a more complete version of the service, e.g., one which supports multiple controllers on multiple sites, and/or the like. In some implementations settings and/or service changes may be implemented via using the user's account credentials and/or service access permissions to grant access to certain portions of the platform to the user. In some implementations the user may be able to designate sub-accounts to users of controllers at a site and/or the like, and may be able to forward subscription costs and/or the like to the sub-accounts, may be able to receive monetary incentives for signing up sub-accounts with CASRM, and/or the like. In some implementations, users may be able to reassign device addresses, ownership, and/or the like on the fly in order to adapt to temporary conditions within a building (e.g. conventions, parties, guests, and/or the like; e.g., see FIGS. 12A-B); [0080] Although only unit controllers are discussed hereinafter, it is to be understood that settings, instructions, and/or the like could also be sent to appliances and/or like devices. Moreover, in some embodiments, these settings include but are not limited to instructions to change user preferences; functions to manage site addresses; functions to manage user credentials and/or like system properties and functions; [0092] FIG. 4 shows a logic flow diagram illustrating initiating a new controller in some embodiments of the CASRM. In some implementations, the user may connect 402 to the new CASRM main controller, or may connect to a controller interface via her electronic device, and may provide user login credentials (e.g. a username and passport), new user information (e.g. name, address, username, password, email, phone number, map of home, office/and or the like layout, and/or the like), and/or like information. In some implementations, the main controller may receive the user's input and generate a setup request 404 to the cloud containing the user input, controller information (e.g. the controller ID, the controller location, and/or the like; [0217] In one embodiment, the database component 3019 includes several tables 3019a-i. A user account table 3019a includes fields such as, but not limited to: user_ID, user_name, user_password, user_fname, user_lname, user_address, user_devices, user_email, user_date_added, user_controllers, user_buildings, and/or the like. The user account table may support and/or track multiple user accounts on a CASRM.) “provide the credentials to the HVAC device for operation of the HVAC device in accordance with the one or more permissions” (Fig. 3-6 and [0086] In some implementations, the cloud may send a controller setup response 326 back to the main controller, indicating that the database has successfully initialized the new user-controller relationship in the cloud. In some implementations, the user may then start to provide controller settings, instructions, restrictions, controls, and/or the like 328 to the main controller. The main controller may update itself with those settings 329, and may also send a controller update message 330 to the cloud in order to indicate that a change in settings has been made to the main controller; [0095] In some implementations, a user may subsequently update 418 the main controller's settings. The main controller may configure its internal settings 420 based on the user-provided settings data, and then may generate and send a controller setting update message to the CASRM cloud. In some implementations, the user may instead provide the settings information (e.g., to the controller and/or directly to the cloud), and the cloud, after receiving the controller settings 424 and storing the updated settings in the controller's update history, [0097] FIG. 5 shows a data flow diagram illustrating updating controller settings in some embodiments of the CASRM. In some implementations, a user 502 may user her electronic device 504 in order to provide settings input 506 to a CASRM main controller 508. In some implementations, the settings input may include aggregate settings for a plurality of unit controllers and/or like devices. The main controller may send these settings and authentication information to the CASRM cloud via a settings authentication request 510.  In some implementations, settings authentication request 510 may be an XML-encoded HTTP(S) POST message that may take a form similar to the following: [0098] In some implementations, the cloud may authenticate 516 the request to change controller settings via querying 518 the database 520 to ensure the user provided the correct credentials for the main controller and for the unit controllers. If the user is authenticated, the cloud may send a settings authentication response 522 to the main controller indicating that it has permission to forward 524 the settings to the unit controllers...In some implementations, the settings update messages 526a-c may be XML-encoded HTTP(S) POST messages that may take a form similar to the following:...user password; [0100] a user may provide controller settings 602 to her main controller. Said settings may include temperature changes (e.g. lowering/raising temperatures, setting minimum/maximum temperatures, and/or the like), setting resource schedules, and/or like settings. Once the main controller receives the settings 604 from the user, the main controller may generate and send a settings authentication request to the CASRM cloud 606 via a TCP or UDP NAT traversal connection (e.g. TCP/UDP hole punching). The cloud, after receiving 608 the settings authentication request, may authenticate the user's request to change her controller settings 610 based on the user's provided credentials and based on which of the controllers the user wishes to update have records which are linked to her account. If the authentication is successful 612, then the cloud may generate and send an authentication response to the main controller 616 indicating that the authentication was successful; wherein because the user is sending the credentials (user name and password) to the main controller for changing settings it is considered providing them, and operates in accordance with the permissions when the user name and password has the authority to change settings) “generate a device shadow...comprising one or more data points associated with the HVAC device, wherein the device shadow provides a virtual representation of the HVAC device within the BMS” ([0046] The CASRM cloud may also create a new local virtual network edge node for the main controller to 142 to add to the local virtual network. In some implementation the node may contain information corresponding to the main controller (e.g., controller data and/or the like), and may also be linked to the user (e.g., may also contain user-provided information, and/or the like), and may be assigned a virtual IP and/or like network address which is mapped onto the physical main controller device, and/or the like. The node may also be configured to have particular relationships with other nodes already in the network, if applicable (e.g., may be designated as a node through which other nodes within the network must interface with in order to communicate with the CASRM cloud, or a node which only communicates with certain other nodes within the network, and/or the like). The CASRM cloud may store routing tables and/or the like corresponding to the virtual network, and/or the like. In some implementations the CASRM cloud may then instantiate the virtual network node within the virtual network 144 (e.g., may modify the virtual network record to include the node and to include its connections to other nodes within the network, and/or the like), and may send a registration response 146 to the main controller, user, and/or the like, which may provide a confirmation that the controller has been added to the virtual network, and/or the like; [0125] In some implementations, referring to FIG. 14, the user may be able to edit settings for her controllers, including the time, time zone, date, and/or the like for the controllers 1402, the network settings for the controller 1404, particular network layer (e.g., Ethernet, CANbus, Zigbee, and/or the like) settings 1406, and/or the like. [0126] In some implementations, referring to FIG. 15, the user may also be able to view a list 1502 of all of her devices and/or the like which have been added to her account, and may be able to search for 1504 and/or select any of the devices (which, in some implementations, may also be referred to as nodes within the user's local network) in order to edit the settings of the devices, viewing the status of the devices, and/or the like; [0128] In some implementations, referring to FIG. 17, the user may also be able to view her controllers and/or like devices via a map interface 1702 which may mark the user's devices (e.g., via green markers on the map 1704), may provide sensor and/or like data from each device 1706, units for the data provided by each device 1708, and/or the like) “and at least one of (i) reading, by a second device of the BMS, values of the one or more data points from the device shadow or (ii) writing, by the second BMS device, the values of the one or more data points to the device shadow” ([0043] In some implementations, the CASRM cloud may also be able to facilitate the virtualization of a local network of physical devices (e.g., a user-specified local network of unit controllers 124a-124c, and/or the like). In some implementations, the virtual network architecture implemented by the CASRM cloud may also be able to provide security to communications between controllers and/or control devices that may not be able to be handled by a traditional BACnet and/or the like infrastructure (e.g., may be able to provide a way of granting varying user access privileges, providing a secure form of communication between controllers via providing an extra layer of security with regards to communications between devices, and/or the like). [0046] In some implementations the CASRM cloud may generate and/or modify rules for the virtual network (e.g., may specify how nodes within the virtual network interact with each other, with other nodes in other virtual networks, with the CASRM cloud, and/or like entities)... The node may also be configured to have particular relationships with other nodes already in the network, if applicable (e.g., may be designated as a node through which other nodes within the network must interface with in order to communicate with the CASRM cloud, or a node which only communicates with certain other nodes within the network, and/or the like). The CASRM cloud may store routing tables and/or the like corresponding to the virtual network, and/or the like. In some implementations the CASRM cloud may then instantiate the virtual network node within the virtual network 144 (e.g., may modify the virtual network record to include the node and to include its connections to other nodes within the network, and/or the like); [0055] In some implementations, the CASRM may also receive a registration request for a secondary resource device, may authenticate the registration request, and may generate a new virtual network node with a new virtual local address, the new virtual local address corresponding to a location of the new virtual network node within the first virtual local network. The CASRM may map the new virtual network node to the secondary resource device, and may link the new virtual network node to the virtual network node corresponding to the resource management device within the first virtual local network. The CASRM may store new virtual network node information in the database, and may store permissions in the database to allow the secondary resource device to be issued instructions from the resource management device, the instructions issued from the resource management device including instructions to alter the settings on the secondary resource device; 
Leblond fails to teach “...wherein the firmware token establishes one or more permissions of the HVAC device; determining credentials associated with the HVAC device in the database of the registration service based on the one or more permissions of the HVAC device established by the firmware token; and generating a device shadow based on a device template, the device template comprising one or more data points associated with the HVAC device...”.
Smith teaches “obtaining a firmware token for the HVAC device at a registration service, wherein the firmware token establishes one or more permissions of the HVAC device” ([0085] The authentication service 532 may generate a JSON Web Token (JWT) 566 that includes application and user permissions. The authentication service 532 may sign the JWT 566 with a private key and may append the signature to the JWT 566. The authentication service 532 may return JWT 566 to the client device 520. It should be noted that the authentication service 532 may combine the authentication and authorization processes into a single process resulting in a JWT 566 being returned to the client device 520; [0028] Examples of automation tasks include adjusting lighting, operating and monitoring security systems, controlling heating and air conditioning, scheduling and operating water sprinkling, adjusting window coverings, controlling entertainment devices and controlling food preparation appliances, etc. Examples of the one or more automation devices 110 include lights and/or lighting systems, thermostats, audio systems, security cameras, web cameras, sprinkling systems, security systems, televisions, game consoles, computers, etc.; [0034] A direct link between the client device 120 and the controller 102 may be more efficient and reduce the chance of errors occurring during communication. A direct link may be achieved by including the API 108 in the controller 102 and using a reflector service 116 on the cloud server 114. The link between the client device 120, cloud server 114 and the controller 102 may be established based on a security token 124 sent by the client device 120. [0035] The security token 124 may allow the link to traverse the security service 112. For example, the cloud server 114 may validate the security token 124 and create a session for the client device 120 and the controller 102. It should be noted that a web service may issue JSON Web Token (JWT) given proper credentials. The JWT itself can be validated independently of a cloud server if the correct public key is present where it is being validated; [0043] The cloud server 114 may include a reflector service 116. The reflector service 116 may also be referred to as a “Representational State Transfer (REST) Reflector/Forwarder,” or simply “reflector.” The cloud server 114 may establish a link with the controller 102 by forwarding the security token 124 sent by the client device 120. For example, the security token 124 may be a JWT that is used to direct a request received by the reflector (e.g., reflector service 116) to the controller 102 referenced in the validated JWT; [0090] The client device 520 may make an API call by sending an API request 528, parameters 568 and the JWT 566 to the REST forwarder 516. The REST forwarder 516 may validate the JWT 566 signature using an authorization/security public key. The REST forwarder 516 may inspect the JWT 566 ensuring that the client device 520 has remote access permissions; [0092] The REST forwarder 516 may retrieve an available worker from the session worker pool using the API request 528, parameters 568 and JWT 566. A worker sends the API request 528 and the JWT 566 to the controller 502 through the pre-allocated relay server 564 IP and port. [0093] The relay server 564 may forward/relay the packet(s) from the worker to the controller 502. The controller 502 may validate the JWT 566 with an authorization/security public key. The controller 502 may inspect the JWT 566 ensuring the client device 520 has appropriate permission levels to execute the API. If the client device 520 has an invalid permission level, then the controller 502 may return a “403 NOT AUTHORIZED” response) “register the HVAC device into a database of the registration service...” ([0086] The controller 502 may contact the connection service 534 in order to register the location of the controller 502. The connection service 534 may comprise a service with which the controller 502 may communicate over the network using a communication protocol. The connection service 534 may negotiate a link between the controller 502 and the cloud server 514.) “determine credentials associated with the HVAC device in the database of the registration service based on the one or more permissions of the HVAC device established by the firmware token;” ([0090] The client device 520 may make an API call by sending an API request 528, parameters 568 and the JWT 566 to the REST forwarder 516. The REST forwarder 516 may validate the JWT 566 signature using an authorization/security public key. The REST forwarder 516 may inspect the JWT 566 ensuring that the client device 520 has remote access permissions; [0092] The REST forwarder 516 may retrieve an available worker from the session worker pool using the API request 528, parameters 568 and JWT 566. A worker sends the API request 528 and the JWT 566 to the controller 502 through the pre-allocated relay server 564 IP and port. [0093] The relay server 564 may forward/relay the packet(s) from the worker to the controller 502. The controller 502 may validate the JWT 566 with an authorization/security public key. The controller 502 may inspect the JWT 566 ensuring the client device 520 has appropriate permission levels to execute the API. If the client device 520 has an invalid permission level, then the controller 502 may return a “403 NOT AUTHORIZED” response).
It would have been obvious to a person having ordinary skill in the art before the effective file date of the claimed invention to have modified the system that uses a token to register an HVAC device to a building automation/management system using a cloud service with the use of permissions that are included in the token so that certain permissions are checked to ensure devices that have proper security credentials and permissions are allowed to access the HVAC device because by including the permissions in the token it would prevent unauthorized access and usage of the HVAC device.  Furthermore, both Leblond and Smith can be considered in the same field of use, as both deal with automation systems/building management systems that use tokens to authorize access to HVAC devices so that only authorized persons and devices are able to access that HVAC device, thus making their combination more obvious.  By combining these elements, it can be considered taking the known HVAC device token that contains a unique ID and credentials, and modifying it by including permissions in the token in a known way to achieve predictable results. 
The combination of Leblond and Smith fail to teach “generate a device shadow based on a device template, the device template comprising one or more data points associated with the HVAC device...”
Sundaresan teaches “generate a device shadow based on a device template, the device template comprising one or more data points associated with the HVAC device, wherein the device shadow provides a virtual representation of the HVAC device within the BMS” ([col 2 line 20] The templating framework uses one or multiple device templates to define and generate virtual devices; [col 10 line 31] Template association module 215 associates specific devices and/or types of devices to device templates 232A-C. A single device (e.g., a particular product of an OEM) may be associated with a single device template or with multiple different device templates. The device may be identified by a product identifier assigned to that device; [col 5 line 1] Status updates received from the embedded systems 150A-C may identify values or states of some or all detectable parameters of devices 135A-C that the embedded systems are included in. Status updates may also include fault information, statistical device usage information, trace data and/or other information. Such values, states and/or other information may change based on direct user interaction with the devices. Such values, states and/or other information may also change responsive to commands sent to the embedded systems 150A-C by the WAN accessible service 130 and/or by computing devices 105A-C via an appropriate virtual device 185A-C; [col 3 line 17] The devices 135A-C may also include consumer devices such as...HVAC systems) “and at least one of (i) reading, by a second device of the BMS, values of the one or more data points from the device shadow or (ii) writing, by the second BMS device, the values of the one or more data points to the device shadow” ([col 6 line 17] The virtual device 185A-C is then connected to a particular physical device 135A-C (e.g., to an embedded system 150A-C of a particular physical device 135A-C), and may be used to monitor, interface with, and control that physical device; [col 6 line 55] Computing devices 105 may include a remote control application (or multiple remote control applications) 115 that can receive information for devices 135A-C and control the devices 135A-C via virtual devices 185A-C. The remote control application 115 is configured to interface with one or more virtual devices 185A-C, and may issue commands to the connected virtual devices 185A-C. The virtual devices 185A-C may then format the commands into a protocol used by associated physical devices 185A-C and/or generate new commands in such a protocol. The virtual devices 185A-C may then send the new or modified commands to associated physical devices 135A-C (e.g., via the devices' embedded systems 150A-C) to control the physical devices 135A-C; [col 12 line 65] physical device 366A may be a thermostat from a first manufacturer with a distinct set of physical attributes 374A. First level virtual device 380A may be configured with the physical attributes 374A of the physical device 366A and with logical attributes 384A specific to that physical device 366A... Second level virtual device 378A and second level virtual device 378B may be separate instances of virtual devices generated from the same templates. Each of the second level virtual devices 378A-B may include a common API that remote control applications 370A-B can use to communicate with the second level virtual devices 378A-B. The second level virtual devices 378A-B include application interfaces 395A-B that translate commands from the remote control applications 370A-B into commands that can be acted on by the specific first level virtual devices 380A-B. Additionally, the second level virtual devices 378A-B may translate data from the first level virtual devices 380A-B into a common format that can be used by the remote control applications 370A-B. This enables a single remote control application 370A-B to be used to interface with and control multiple different types of devices).
It would have been obvious to a person having ordinary skill in the art before the effective file date of the claimed invention to have modified the system that registers Internet of Thing devices that include functionality for controlling HVAC systems, the registration providing unique identifiers and keys that allow authentication the device with a cloud-based service and credentials that include permissions that allow different users to access and modify settings such that virtual nodes are creating that offering a virtual representation of a device to a building management system that manages devices in a building as taught by Leblond with the use of the templates that allow creation of virtual devices for representation in a building management system, the templates including data points associated with HVAC devices as taught by Sundaresan because by using templates for creating virtual representation of devices would offer the added benefit noted by Sundaresan “[col 1 line 60] Embodiments are directed to a network-connected device platform (also referred to as an internet-of-things (IoT) cloud platform or simply an IoT platform) having an agile templating framework that provides flexible generation and modification of virtual devices that can be used to facilitate, supplement and modify the functionality of physical devices”.  By using templates to generate the device nodes it would gain the inherent benefit of having the user enter less information during the setup of the node, because certain data points would have values or parameters already defined as opposed to having to be individually created for each new controller and device.  Additional benefits noted by Sundaresan include “[col 2 line 38] The agile templating framework enables the functionality, attributes and/or behaviors of a physical device to change over time. Such changes may occur even to physical devices that have been deployed to customer locations. In many instances, changes may be implemented based on updating business logic executed at a server (e.g., a cloud based server) without writing new software code for execution on the physical device or for execution on a server. This shortens and simplifies a product development cycle”.  Furthermore, both Leblond and Sundaresan can be considered in a related field, as both deal with internet of things devices being registered via a cloud-based service, thus obviating the use of the templates from Sundaresan into the system of Leblond.  By combining these elements, it can be considered taking the known method of providing templates for registering devices in a cloud system so that the template provides a data point associated with an internet of things HVAC device, and using it to improve the internet of things HVAC device registration system of Leblond such that when a virtual representation of an internet of things HVAC device is created, it is based on a template so that certain specific data points are created in the virtual representation, including certain settings and feedback values.  

In regards to Claim 10, Leblond, Smith and Sundaresan teach the system for registering an HVAC device as incorporated by claim 9 above.  Sundaresan further teaches “The system of claim 9, wherein the  device template is associated with the unique device identifier” ([col 2 line 20] The templating framework uses one or multiple device templates to define and generate virtual devices; [col 10 line 31] Template association module 215 associates specific devices and/or types of devices to device templates 232A-C. A single device (e.g., a particular product of an OEM) may be associated with a single device template or with multiple different device templates. The device may be identified by a product identifier assigned to that device).

In regards to Claim 11, Leblond, Smith and Sundaresan teach the system for registering an HVAC device as incorporated by claim 10 above.  Sundaresan further teaches “The system of claim 10, wherein the device template is based on a device type of the HVAC device that is determined using the unique device identifier” (([col 11 line 30] When a network connected device (also referred to as a physical device) gains network access, is powered on, etc., that physical device may send a message to virtual device manager 250 notifying virtual device manager 250 of that device. The notification may include information identifying a particular device model, an OEM, a version number, a media access control (MAC) address, a serial number, a network address of the physical device, etc. For example, the notification may include a unique device identifier.  Template determiner 255 may use the provided information to determine a device type for the physical device. Template determiner 255 may additionally determine which device templates 232A-C are associated with that device type, where each of the device templates 232A-C includes different device attributes 240A-C.).

In regards to Claim 12, Leblond, Smith and Sundaresan teach the system for registering an HVAC device as incorporated by claim 9 above.  Sundaresan further teaches “The system of claim 9, wherein the processor is further configured to compare the one or more data points of the device template against one or more data points of the HVAC device” ([col 2 line 38] The agile templating framework enables the functionality, attributes and/or behaviors of a physical device to change over time. Such changes may occur even to physical devices that have been deployed to customer locations. In many instances, changes may be implemented based on updating business logic executed at a server (e.g., a cloud based server) without writing new software code for execution on the physical device or for execution on a server. This shortens and simplifies a product development cycle, and enables additional tools such as A-B testing between different versions of physical devices, where each version may have the same hardware and the same software but a different virtual device and business logic executed on a remote server. Additionally, templates may be used to quickly and easily define the functionality of a new product based on modifying and/or reusing device templates formerly created for other devices. This can further simplify product design and shorten the product development cycle. [col 7 line 34] (41) Template editor 210 is responsible for creating new device templates and editing existing templates. Template editor 210 may create a blank template or may create a new template based on an existing template. Template editor 210 may receive template data 220 that is used to populate fields and/or entries in the template, where each field or entry may be for a particular device attribute. Template data 220 may be input or selected by a user via a user interface 218. Alternatively, or additionally, template data 220 may be imported from existing templates and/or from other sources).

In regards to Claim 13, Leblond, Smith and Sundaresan teach the system for registering an HVAC device as incorporated by claim 12 above.  Sundaresan further teaches “The system of claim 12, wherein the processor is further configured to update the device shadow with the data points of the HVAC device that are different from data points of the device shadow” ([col 2 line 38] The agile templating framework enables the functionality, attributes and/or behaviors of a physical device to change over time. Such changes may occur even to physical devices that have been deployed to customer locations. In many instances, changes may be implemented based on updating business logic executed at a server (e.g., a cloud based server) without writing new software code for execution on the physical device or for execution on a server. This shortens and simplifies a product development cycle, and enables additional tools such as A-B testing between different versions of physical devices, where each version may have the same hardware and the same software but a different virtual device and business logic executed on a remote server. Additionally, templates may be used to quickly and easily define the functionality of a new product based on modifying and/or reusing device templates formerly created for other devices. This can further simplify product design and shorten the product development cycle. [col 7 line 34] (41) Template editor 210 is responsible for creating new device templates and editing existing templates. Template editor 210 may create a blank template or may create a new template based on an existing template. Template editor 210 may receive template data 220 that is used to populate fields and/or entries in the template, where each field or entry may be for a particular device attribute. Template data 220 may be input or selected by a user via a user interface 218. Alternatively, or additionally, template data 220 may be imported from existing templates and/or from other sources).

In regards to Claim 14, Leblond, Smith and Sundaresan teach the system for registering an HVAC device as incorporated by claim 9 above.  Leblond further teaches “The system of claim 9, wherein the HVAC device is claimed by a user, and wherein claiming the HVAC device allows the user to manage the HVAC device within the BMS” ([0049] In some implementations, users may be able to reassign device addresses, ownership, and/or the like on the fly in order to adapt to temporary conditions within a building (e.g. conventions, parties, guests, and/or the like; e.g., see FIGS. 12A-B).  [0058] A user may use a web application and/or a like user interface in order to obtain information from the main controller and/or other network-enabled devices. In some implementations the web application can provide a user with a dashboard which enables the user to manage and/or modified the settings of the devices installed in different sites. For example, a user can view all metering devices on a site and/or can view detailed metering information corresponding to a specific device; [0082] unit controllers may also receive settings 220a-c from users 218a-b who are only in control of local controllers (e.g. an employee in control of a thermostat in his office, a homeowner in control of a control device in her home, and/or the like). These users may be able to send settings to controllers they own (e.g. 216a-c), and may also be able to forward those settings to other controllers in their possession that can be controlled through their unit controllers (e.g. controllers 222a-c, which may control particular rooms in a multi-room home). However, in some implementations, restrictions may be placed on who may be allowed to send instructions, settings, and/or the like to other unit controllers under the control of the main controller, and/or the like. For example, user 218c may be able to send settings and/or instructions 220c to unit controller 216c, but may not be able to send settings and/or instructions 224a to Kitchen Controller 222c, as both user 218 and his controller may not have permission to affect Kitchen Controller 222c; [0085] In some implementations, a CASRM server 314 in the cloud may parse 316 controller, user, and/or like data from the controller setup request. The server may also update the controller's data to indicate new ownership, create or update a user record for the user initializing the controller, and/or the like 318 [0127]  the user may also be able to set permissions 1602 for the controllers, e.g., in order to determine who may change settings and/or like aspects of the user's local network, and/or the like. In some implementations the user may set permissions for controllers, resource management devices, network settings, input and/or output settings, and/or like settings, based on the type of user 1604 (e.g., based on whether the user is an administrative user, regular user, maintenance user, and/or the like).

In regards to Claim 15, Leblond and Sundaresan teach the system for registering an HVAC device as incorporated by claim 9 above.  Leblond further teaches “The method of claim 1, wherein the one or more permissions of the HVAC device comprise one or more features accessible by the HVAC device” ([0049] In some implementations, the user may pay a subscription fee and/or the like for accessing the service, and the fee amount and/or method of payment may depend on the method of use that the user chooses. In some implementations a different service may be provided to the user based on the user's current infrastructure, management needs, and/or the like (e.g., a homeowner may obtain a different service than a landlord of multiple properties, and/or the like). In some implementations, for example, a homeowner may obtain a service which allows them to control a specified number of controllers at one site, while a landlord of multiple properties may need a more complete version of the service, e.g., one which supports multiple controllers on multiple sites, and/or the like. In some implementations settings and/or service changes may be implemented via using the user's account credentials and/or service access permissions to grant access to certain portions of the platform to the user; [0082]  user 218c may be able to send settings and/or instructions 220c to unit controller 216c, but may not be able to send settings and/or instructions 224a to Kitchen Controller 222c, as both user 218 and his controller may not have permission to affect Kitchen Controller 222c. Additionally, as unit controller 216c and main controller 216 may have a child-parent relationship, unit controller 216c may not be able to send settings and/or instructions 224b to main controller 216. However, lower-hierarchy controllers, such as room controllers 222a-c and unit controllers 216a-c, may be able to send logs, reports, and/or the like 226 to the main controller in order to allow the main controller to keep track of resource and/or appliance usage, local user settings, and/or the like. [0171] FIG. 25 shows a logic flow diagram illustrating adding a license to an account, in some embodiments. In some implementations, a user may log into her user account, e.g., via a process 2510-2528 similar to that in FIG. 23. A user may indicate to the building expert cloud web user interface 2502 account page that she would like to purchase a service license, at which point the building expert cloud web user interface may forward the user's data (e.g., credentials, selection for the license, and/or the like) to the building expert cloud application 2504).  In addition, Smith teaches this limitation ([0093] The relay server 564 may forward/relay the packet(s) from the worker to the controller 502. The controller 502 may validate the JWT 566 with an authorization/security public key. The controller 502 may inspect the JWT 566 ensuring the client device 520 has appropriate permission levels to execute the API. If the client device 520 has an invalid permission level, then the controller 502 may return a “403 NOT AUTHORIZED” response. In this case, the call stack unwinds, returning the response to the client device 520 (via the controller 502, relay server 564, REST forwarder 516, client device 520).  [0094] If the controller 502 determines that the client device 520 has a valid permission level, the controller 502 may execute the API 508. By executing the API 508, the controller 502 may produce an automation command 509. The controller 502 may then execute the automation command 509 or send the automation command 509 to an automation device 510 where the automation command 509 may be implemented. The controller 502 may return a response to client (e.g., the call stack unwinds: controller 502, relay server 564, REST forwarder 516, client device 520)).

In regards to Claim 16, Leblond, Smith and Sundaresan teach the system for registering an HVAC device as incorporated by claim 9 above.  Leblond further teaches “The system of claim 9... and wherein the HVAC device is configured to transmit time series data to the BMS upon the registration of the HVAC device” ([0040] the main controller may be a device particularly designed for detecting and/or monitoring a particular resource, appliance, and/or the like...The main controller may provide data such as the current date and/or time, resource usage, indoor and/or outdoor temperatures, humidity, weather data, custom utility logos, and/or like information. [0041] Main controllers may be configured for residential buildings, commercial buildings, hospitality locales (e.g., hotels and/or the like), and/or other such locations; [0050] Such unit controllers and/or appliances may also send data (e.g. usage logs, reports, confirmations, and/or the like) to the main controller to allow the main controller to determine usage patterns and/or other useful information in determining further settings, restrictions, and/or the like to issue to the devices and/or appliances; [0071] In order to know if and when a room's temperature has changed, the CASRM cloud server may use “watches” (e.g. oBix watch objects and/or the like) to monitor data in real-time. In some implementations, a client may create a watch object which may have a make operation on the CASRM cloud server's WatchServiceURI, and/or a like service. The CASRM cloud server may define a new Watch object and may provide a URI to access the new watch object. In some implementations the client may register or unregister objects to be watched using the Watch object provided by the CASRM cloud server. The client may also periodically poll the Watch URI via a pollChanges operation in order to determine what events have occurred since the URI was last polled...In some implementations Watches allow a client to maintain a substantially real-time cache and/or event history for one or more objects. They may also be used to access an event stream from a feed object).  Sundaresan teaches “wherein the unique device ID is one of a media access control address and a serial number of the HVAC device” ([col 11 line 30] When a network connected device (also referred to as a physical device) gains network access, is powered on, etc., that physical device may send a message to virtual device manager 250 notifying virtual device manager 250 of that device. The notification may include information identifying a particular device model, an OEM, a version number, a media access control (MAC) address, a serial number, a network address of the physical device, etc. For example, the notification may include a unique device identifier.  Template determiner 255 may use the provided information to determine a device type for the physical device. Template determiner 255 may additionally determine which device templates 232A-C are associated with that device type, where each of the device templates 232A-C includes different device attributes 240A-C.).

In regards to Claim 17, Leblond, Smith and Sundaresan teach the system for registering an HVAC device as incorporated by claim 9 above.  Leblond further teaches “The system of claim 9, wherein the distributed BMS device is one of a controller and a cloud-based server” ([0045] a user 102 may set up a new main controller device 126, e.g., via providing user information (e.g., name, address, correspondence address, and/or the like), authentication credentials (e.g., user name, user password, user activation code if applicable, and/or the like), and/or like information to a main controller 128, to an application interface linked to the CASRM cloud, and/or the like. The main controller may attempt to register on the cloud 130 using the user-provided input).

In regards to Claim 18, Leblond teaches “A method for registering an Internet of Things (IoT) HVAC device in a building management system (BMS), the method comprising” ([0039] FIG. 1A shows a block diagram illustrating example embodiments of the CASRM. In some implementations, a user 102 may wish to control resources within a home, building, and/or a similar site. In some implementations, a user may be a person living in a home, a landlord, superintendent, and/or a like entity, a resource company (e.g., an electric company), and/or the like. In some implementations, a user may wish to monitor electric, gas, water, oil, and/or like resources, and/or may wish to control electronic home and/or like appliances (including but not limited to kitchen appliances, lights, heating and air conditioning units, washing and drying machines, electronic showers and/or baths, electronic window shades and/or blinds, fans, bathroom resources, computer resources, and/or the like); [0042] In other implementations (referring to FIGS. 1B and 1C), the main and unit controllers may connect via a building automation management device (e.g., a cloud network controller, such as a device instantiating CASRM cloud 112a and/or 112b), which may facilitate a network connection between various controllers 122a-c, and/or the like in the network without physical network infrastructure at the controllers' sites. For example, in some implementations, rather than using a physical device (e.g., a BACnet IP switch, router, and/or the like) which communicates with the controllers via UDP, TCP, and/or a like protocol, and relays this information to other controllers, sites, a central processing location, and/or the like, the controllers may connect directly to the CASRM cloud, which may package the data and forward it to the appropriate recipients (e.g. an internet router 120a and/or 120b) in a format similar to that which would be sent from the physical device (e.g., via CASRM Virtual BACnet Router 116a and/or 116b and CASRM Virtual Network Proxy 118a and/or 118b)) “obtaining a firmware token for the HVAC device at a registration service...” (Fig. 1A-1E and [0045] in some implementations, a user 102 may set up a new main controller device 126, e.g., via providing user information (e.g., name, address, correspondence address, and/or the like), authentication credentials (e.g., user name, user password, user activation code if applicable, and/or the like), and/or like information to a main controller 128, to an application interface linked to the CASRM cloud, and/or the like. The main controller may attempt to register on the cloud 130 using the user-provided input, its controller information (e.g., controller ID, controller type, controller location, and/or the like), and/or any other information the cloud may need to facilitate authentication and registration of the main controller into the network, and/or the like.   In some implementations the controller may send a registration request 134 to the CASRM cloud 136 in order to be registered to the network. In some implementations, registration request 134 may take a form similar to the following: ...<user_password>********</user_password>...<controller_ID>12345678<controller_ID> ; [0047] In some implementations, if the user wishes to set up a new controller 148 (e.g., a unit controller 150, and/or the like), the user may again provide authentication credentials, user information, and/or the like to the unit controller, to a CASRM application interface, and/or the like, which may send a new registration request 152 to the CASRM cloud. In some implementations, a registration request 152 may take a form similar to registration request 134, and may comprise information about the user, the controller, and/or the like; [0129] Referring to FIG. 18, main controllers may also have device setup settings that the user may provide upon initial bootup of the main controller, and/or the like.  For example, the user may enter and/or view network settings 1804 (e.g., BACnet and/or ZigBee network settings), configuration settings 1806, setpoint and display settings for the main controller 1808, service and status view settings test outputs for the main controller 1810, and/or test outputs for the main controller 1812...[0132] Configuration settings 1806 can include...a main password for the main controller, a user password for the main controller; wherein a controller_ID is a unique device identifier and a user password or main controller password is considered a device key, as it is the authentication information used to allow access to the device and linking that device to said user) “authorizing the registration of the IoT HVAC device using the firmware token;” (Fig. 1A-1E and [0045] in some implementations, a user 102 may set up a new main controller device 126, e.g., via providing user information (e.g., name, address, correspondence address, and/or the like), authentication credentials (e.g., user name, user password, user activation code if applicable, and/or the like), and/or like information to a main controller 128, to an application interface linked to the CASRM cloud, and/or the like. The main controller may attempt to register on the cloud 130 using the user-provided input, its controller information (e.g., controller ID, controller type, controller location, and/or the like), and/or any other information the cloud may need to facilitate authentication and registration of the main controller into the network, and/or the like; [0047] if the user wishes to set up a new controller 148 (e.g., a unit controller 150, and/or the like), the user may again provide authentication credentials, user information, and/or the like to the unit controller, to a CASRM application interface, and/or the like, which may send a new registration request 152 to the CASRM cloud. In some implementations, a registration request 152 may take a form similar to registration request 134, and may comprise information about the user, the controller, and/or the like.)  “registering the IoT HVAC device into a database of the registration service using a unique device identifier” ([0045] the controller may send a registration request 134 to the CASRM cloud 136 in order to be registered to the network. In some implementations, registration request 134 may take a form similar to the following:TABLE-US-00001 POST /registration_message.php HTTP/1.1 Host: www.CASRMproccess.com Content-Type: Application/XML Content-Length: 788 <?XML version = “1.0” encoding = “UTF-8”?> <registration_message>...<controller_ID>12345678<controller_ID> ; wherein the cloud is well-known to be a server that stores databases; [0046] The CASRM cloud may be able to authenticate the user-provided credentials 138, and may generate a new local virtual network for the user for the new main controller 140. The new local virtual network may be stored as a new record for a virtual network in the CASRM database, and the record may be linked to and/or otherwise associated with that of the user account record; [0047] a registration request 152 may take a form similar to registration request 134, and may comprise information about the user, the controller, and/or the like. In some implementations, the CASRM cloud may use the information to create a local virtual network node 154 (e.g., a non-edge node, and/or the like) corresponding to the new unit controller, and based on the data provided to the cloud; [0055]  In some implementations, the CASRM may also receive a registration request for a secondary resource device, may authenticate the registration request, and may generate a new virtual network node with a new virtual local address, the new virtual local address corresponding to a location of the new virtual network node within the first virtual local network. The CASRM may map the new virtual network node to the secondary resource device, and may link the new virtual network node to the virtual network node corresponding to the resource management device within the first virtual local network. The CASRM may store new virtual network node information in the database, and may store permissions in the database to allow the secondary resource device to be issued instructions from the resource management device, the instructions issued from the resource management device including instructions to alter the settings on the secondary resource device; [0217] In one embodiment, the database component 3019 includes several tables 3019a-i. A user account table 3019a includes fields such as, but not limited to: user_ID, user_name, user_password, user_fname, user_lname, user_address, user_devices, user_email, user_date_added, user_controllers, user_buildings, and/or the like. The user account table may support and/or track multiple user accounts on a CASRM.[0218] A controller table 3019b includes fields such as, but not limited to: controller_ID, controller_type, controller_make, controller_model, controller_version, controller_location, controller_settings_current, controller_settings_history, controller_child_controllers, controller_initiated, controller_last_updated, and/or the like. The controller table may support and/or track multiple controllers on a CASRM.) “determining credentials associated with the IoT HVAC device in the database of the registration service...” ([0049]the CASRM cloud may accessed off-site from the user via CASRM application 110 a and/or 110b, which may allow the user to access and/or control various controller and/or like devices; in other implementations, the user may be able to host CASRM infrastructure on-site as an application and/or software service via CASRM application 110.  In some implementations, the user may pay a subscription fee and/or the like for accessing the service, and the fee amount and/or method of payment may depend on the method of use that the user chooses. In some implementations a different service may be provided to the user based on the user's current infrastructure, management needs, and/or the like (e.g., a homeowner may obtain a different service than a landlord of multiple properties, and/or the like). In some implementations, for example, a homeowner may obtain a service which allows them to control a specified number of controllers at one site, while a landlord of multiple properties may need a more complete version of the service, e.g., one which supports multiple controllers on multiple sites, and/or the like. In some implementations settings and/or service changes may be implemented via using the user's account credentials and/or service access permissions to grant access to certain portions of the platform to the user. In some implementations the user may be able to designate sub-accounts to users of controllers at a site and/or the like, and may be able to forward subscription costs and/or the like to the sub-accounts, may be able to receive monetary incentives for signing up sub-accounts with CASRM, and/or the like. In some implementations, users may be able to reassign device addresses, ownership, and/or the like on the fly in order to adapt to temporary conditions within a building (e.g. conventions, parties, guests, and/or the like; e.g., see FIGS. 12A-B); [0080] Although only unit controllers are discussed hereinafter, it is to be understood that settings, instructions, and/or the like could also be sent to appliances and/or like devices. Moreover, in some embodiments, these settings include but are not limited to instructions to change user preferences; functions to manage site addresses; functions to manage user credentials and/or like system properties and functions; [0092] FIG. 4 shows a logic flow diagram illustrating initiating a new controller in some embodiments of the CASRM. In some implementations, the user may connect 402 to the new CASRM main controller, or may connect to a controller interface via her electronic device, and may provide user login credentials (e.g. a username and passport), new user information (e.g. name, address, username, password, email, phone number, map of home, office/and or the like layout, and/or the like), and/or like information. In some implementations, the main controller may receive the user's input and generate a setup request 404 to the cloud containing the user input, controller information (e.g. the controller ID, the controller location, and/or the like; [0217] In one embodiment, the database component 3019 includes several tables 3019a-i. A user account table 3019a includes fields such as, but not limited to: user_ID, user_name, user_password, user_fname, user_lname, user_address, user_devices, user_email, user_date_added, user_controllers, user_buildings, and/or the like. The user account table may support and/or track multiple user accounts on a CASRM.) “providing the credentials to the IoT HVAC device for operation of the HVAC device in accordance with one or more permissions” (Fig. 3-6 and [0086] In some implementations, the cloud may send a controller setup response 326 back to the main controller, indicating that the database has successfully initialized the new user-controller relationship in the cloud. In some implementations, the user may then start to provide controller settings, instructions, restrictions, controls, and/or the like 328 to the main controller. The main controller may update itself with those settings 329, and may also send a controller update message 330 to the cloud in order to indicate that a change in settings has been made to the main controller; [0095] In some implementations, a user may subsequently update 418 the main controller's settings. The main controller may configure its internal settings 420 based on the user-provided settings data, and then may generate and send a controller setting update message to the CASRM cloud. In some implementations, the user may instead provide the settings information (e.g., to the controller and/or directly to the cloud), and the cloud, after receiving the controller settings 424 and storing the updated settings in the controller's update history, [0097] FIG. 5 shows a data flow diagram illustrating updating controller settings in some embodiments of the CASRM. In some implementations, a user 502 may user her electronic device 504 in order to provide settings input 506 to a CASRM main controller 508. In some implementations, the settings input may include aggregate settings for a plurality of unit controllers and/or like devices. The main controller may send these settings and authentication information to the CASRM cloud via a settings authentication request 510.  In some implementations, settings authentication request 510 may be an XML-encoded HTTP(S) POST message that may take a form similar to the following: [0098] In some implementations, the cloud may authenticate 516 the request to change controller settings via querying 518 the database 520 to ensure the user provided the correct credentials for the main controller and for the unit controllers. If the user is authenticated, the cloud may send a settings authentication response 522 to the main controller indicating that it has permission to forward 524 the settings to the unit controllers...In some implementations, the settings update messages 526a-c may be XML-encoded HTTP(S) POST messages that may take a form similar to the following:...user password; [0100] a user may provide controller settings 602 to her main controller. Said settings may include temperature changes (e.g. lowering/raising temperatures, setting minimum/maximum temperatures, and/or the like), setting resource schedules, and/or like settings. Once the main controller receives the settings 604 from the user, the main controller may generate and send a settings authentication request to the CASRM cloud 606 via a TCP or UDP NAT traversal connection (e.g. TCP/UDP hole punching). The cloud, after receiving 608 the settings authentication request, may authenticate the user's request to change her controller settings 610 based on the user's provided credentials and based on which of the controllers the user wishes to update have records which are linked to her account. If the authentication is successful 612, then the cloud may generate and send an authentication response to the main controller 616 indicating that the authentication was successful; wherein because the user is sending the credentials (user name and password) to the main controller for changing settings it is considered providing them, and operates in accordance with the permissions when the user name and password has the authority to change settings) “claiming, by a user, the IoT HVAC device, wherein claiming the IoT HVAC device allows the user to manage the IoT HVAC device within the BMS” ([0049] In some implementations, users may be able to reassign device addresses, ownership, and/or the like on the fly in order to adapt to temporary conditions within a building (e.g. conventions, parties, guests, and/or the like; e.g., see FIGS. 12A-B).  [0058] A user may use a web application and/or a like user interface in order to obtain information from the main controller and/or other network-enabled devices. In some implementations the web application can provide a user with a dashboard which enables the user to manage and/or modified the settings of the devices installed in different sites. For example, a user can view all metering devices on a site and/or can view detailed metering information corresponding to a specific device; [0082] unit controllers may also receive settings 220a-c from users 218a-b who are only in control of local controllers (e.g. an employee in control of a thermostat in his office, a homeowner in control of a control device in her home, and/or the like). These users may be able to send settings to controllers they own (e.g. 216a-c), and may also be able to forward those settings to other controllers in their possession that can be controlled through their unit controllers (e.g. controllers 222a-c, which may control particular rooms in a multi-room home). However, in some implementations, restrictions may be placed on who may be allowed to send instructions, settings, and/or the like to other unit controllers under the control of the main controller, and/or the like. For example, user 218c may be able to send settings and/or instructions 220c to unit controller 216c, but may not be able to send settings and/or instructions 224a to Kitchen Controller 222c, as both user 218 and his controller may not have permission to affect Kitchen Controller 222c; [0085] In some implementations, a CASRM server 314 in the cloud may parse 316 controller, user, and/or like data from the controller setup request. The server may also update the controller's data to indicate new ownership, create or update a user record for the user initializing the controller, and/or the like 318 [0127]  the user may also be able to set permissions 1602 for the controllers, e.g., in order to determine who may change settings and/or like aspects of the user's local network, and/or the like. In some implementations the user may set permissions for controllers, resource management devices, network settings, input and/or output settings, and/or like settings, based on the type of user 1604 (e.g., based on whether the user is an administrative user, regular user, maintenance user, and/or the like) “and generating a device shadow... one or more data points associated with the HVAC device, wherein the device shadow provides a virtual representation of the HVAC device within the BMS” ([0046] The CASRM cloud may also create a new local virtual network edge node for the main controller to 142 to add to the local virtual network. In some implementation the node may contain information corresponding to the main controller (e.g., controller data and/or the like), and may also be linked to the user (e.g., may also contain user-provided information, and/or the like), and may be assigned a virtual IP and/or like network address which is mapped onto the physical main controller device, and/or the like. The node may also be configured to have particular relationships with other nodes already in the network, if applicable (e.g., may be designated as a node through which other nodes within the network must interface with in order to communicate with the CASRM cloud, or a node which only communicates with certain other nodes within the network, and/or the like). The CASRM cloud may store routing tables and/or the like corresponding to the virtual network, and/or the like. In some implementations the CASRM cloud may then instantiate the virtual network node within the virtual network 144 (e.g., may modify the virtual network record to include the node and to include its connections to other nodes within the network, and/or the like), and may send a registration response 146 to the main controller, user, and/or the like, which may provide a confirmation that the controller has been added to the virtual network, and/or the like; [0125] In some implementations, referring to FIG. 14, the user may be able to edit settings for her controllers, including the time, time zone, date, and/or the like for the controllers 1402, the network settings for the controller 1404, particular network layer (e.g., Ethernet, CANbus, Zigbee, and/or the like) settings 1406, and/or the like. [0126] In some implementations, referring to FIG. 15, the user may also be able to view a list 1502 of all of her devices and/or the like which have been added to her account, and may be able to search for 1504 and/or select any of the devices (which, in some implementations, may also be referred to as nodes within the user's local network) in order to edit the settings of the devices, viewing the status of the devices, and/or the like; [0128] In some implementations, referring to FIG. 17, the user may also be able to view her controllers and/or like devices via a map interface 1702 which may mark the user's devices (e.g., via green markers on the map 1704), may provide sensor and/or like data from each device 1706, units for the data provided by each device 1708, and/or the like) “and passing values of the one or more data points from the device shadow to the IoT HVAC device to change one or more parameters within the IoT HVAC device” ([0043] In some implementations, the CASRM cloud may also be able to facilitate the virtualization of a local network of physical devices (e.g., a user-specified local network of unit controllers 124a-124c, and/or the like). In some implementations, the virtual network architecture implemented by the CASRM cloud may also be able to provide security to communications between controllers and/or control devices that may not be able to be handled by a traditional BACnet and/or the like infrastructure (e.g., may be able to provide a way of granting varying user access privileges, providing a secure form of communication between controllers via providing an extra layer of security with regards to communications between devices, and/or the like). [0046] In some implementations the CASRM cloud may generate and/or modify rules for the virtual network (e.g., may specify how nodes within the virtual network interact with each other, with other nodes in other virtual networks, with the CASRM cloud, and/or like entities)... The node may also be configured to have particular relationships with other nodes already in the network, if applicable (e.g., may be designated as a node through which other nodes within the network must interface with in order to communicate with the CASRM cloud, or a node which only communicates with certain other nodes within the network, and/or the like). The CASRM cloud may store routing tables and/or the like corresponding to the virtual network, and/or the like. In some implementations the CASRM cloud may then instantiate the virtual network node within the virtual network 144 (e.g., may modify the virtual network record to include the node and to include its connections to other nodes within the network, and/or the like); [0055] In some implementations, the CASRM may also receive a registration request for a secondary resource device, may authenticate the registration request, and may generate a new virtual network node with a new virtual local address, the new virtual local address corresponding to a location of the new virtual network node within the first virtual local network. The CASRM may map the new virtual network node to the secondary resource device, and may link the new virtual network node to the virtual network node corresponding to the resource management device within the first virtual local network. The CASRM may store new virtual network node information in the database, and may store permissions in the database to allow the secondary resource device to be issued instructions from the resource management device, the instructions issued from the resource management device including instructions to alter the settings on the secondary resource device; [0056] the secondary resource device may be a Heating, Ventilation, and Air Conditioning (HVAC) device, and the settings altered may be one of heating, ventilation, or air conditioning settings. Examples of such instructions and settings include but are not limited to: instructions for retrieving different rooms' or areas' temperature, humidity and occupancy; instructions for changing a thermostat set point; instructions for retrieving and changing predefined set points on a thermostat; instructions to copy set points from one HVAC device to another HVAC device; instructions to copy all the changes performed to one HVAC device to another HVAC device; and/or like instructions; [0126] In some implementations, referring to FIG. 15, the user may also be able to view a list 1502 of all of her devices and/or the like which have been added to her account, and may be able to search for 1504 and/or select any of the devices (which, in some implementations, may also be referred to as nodes within the user's local network) in order to edit the settings of the devices, viewing the status of the devices, and/or the like. The user may be able to view, for example, the object name and/or ID 1506, a value and/or setting for the device 1508, the name of the device 1510, a description of the device 1512, units that the device's sensors, and/or the like utilize 1514, the status of the device 1516 (e.g. on, off, inerror, and/or the like), and/or the like).
Leblond fails to teach “...wherein the firmware token establishes one or more permissions of the IoT HVAC device; determining credentials associated with the IoT HVAC device in the database of the registration service based on the one or more permissions of the HVAC device established by the firmware token; and generating a device shadow based on a device template, the device template comprising one or more data points associated with the HVAC device...”.
Smith teaches “obtaining a firmware token for the HVAC device at a registration service, wherein the firmware token establishes one or more permissions of the HVAC device” ([0085] The authentication service 532 may generate a JSON Web Token (JWT) 566 that includes application and user permissions. The authentication service 532 may sign the JWT 566 with a private key and may append the signature to the JWT 566. The authentication service 532 may return JWT 566 to the client device 520. It should be noted that the authentication service 532 may combine the authentication and authorization processes into a single process resulting in a JWT 566 being returned to the client device 520; [0028] Examples of automation tasks include adjusting lighting, operating and monitoring security systems, controlling heating and air conditioning, scheduling and operating water sprinkling, adjusting window coverings, controlling entertainment devices and controlling food preparation appliances, etc. Examples of the one or more automation devices 110 include lights and/or lighting systems, thermostats, audio systems, security cameras, web cameras, sprinkling systems, security systems, televisions, game consoles, computers, etc.; [0034] A direct link between the client device 120 and the controller 102 may be more efficient and reduce the chance of errors occurring during communication. A direct link may be achieved by including the API 108 in the controller 102 and using a reflector service 116 on the cloud server 114. The link between the client device 120, cloud server 114 and the controller 102 may be established based on a security token 124 sent by the client device 120. [0035] The security token 124 may allow the link to traverse the security service 112. For example, the cloud server 114 may validate the security token 124 and create a session for the client device 120 and the controller 102. It should be noted that a web service may issue JSON Web Token (JWT) given proper credentials. The JWT itself can be validated independently of a cloud server if the correct public key is present where it is being validated; [0043] The cloud server 114 may include a reflector service 116. The reflector service 116 may also be referred to as a “Representational State Transfer (REST) Reflector/Forwarder,” or simply “reflector.” The cloud server 114 may establish a link with the controller 102 by forwarding the security token 124 sent by the client device 120. For example, the security token 124 may be a JWT that is used to direct a request received by the reflector (e.g., reflector service 116) to the controller 102 referenced in the validated JWT; [0090] The client device 520 may make an API call by sending an API request 528, parameters 568 and the JWT 566 to the REST forwarder 516. The REST forwarder 516 may validate the JWT 566 signature using an authorization/security public key. The REST forwarder 516 may inspect the JWT 566 ensuring that the client device 520 has remote access permissions; [0092] The REST forwarder 516 may retrieve an available worker from the session worker pool using the API request 528, parameters 568 and JWT 566. A worker sends the API request 528 and the JWT 566 to the controller 502 through the pre-allocated relay server 564 IP and port. [0093] The relay server 564 may forward/relay the packet(s) from the worker to the controller 502. The controller 502 may validate the JWT 566 with an authorization/security public key. The controller 502 may inspect the JWT 566 ensuring the client device 520 has appropriate permission levels to execute the API. If the client device 520 has an invalid permission level, then the controller 502 may return a “403 NOT AUTHORIZED” response) “registering the IoT HVAC device into a database of the registration service...” ([0086] The controller 502 may contact the connection service 534 in order to register the location of the controller 502. The connection service 534 may comprise a service with which the controller 502 may communicate over the network using a communication protocol. The connection service 534 may negotiate a link between the controller 502 and the cloud server 514.) “determining credentials associated with the IoT HVAC device in the database of the registration service based on the one or more permissions of the HVAC device established by the firmware token;” ([0090] The client device 520 may make an API call by sending an API request 528, parameters 568 and the JWT 566 to the REST forwarder 516. The REST forwarder 516 may validate the JWT 566 signature using an authorization/security public key. The REST forwarder 516 may inspect the JWT 566 ensuring that the client device 520 has remote access permissions; [0092] The REST forwarder 516 may retrieve an available worker from the session worker pool using the API request 528, parameters 568 and JWT 566. A worker sends the API request 528 and the JWT 566 to the controller 502 through the pre-allocated relay server 564 IP and port. [0093] The relay server 564 may forward/relay the packet(s) from the worker to the controller 502. The controller 502 may validate the JWT 566 with an authorization/security public key. The controller 502 may inspect the JWT 566 ensuring the client device 520 has appropriate permission levels to execute the API. If the client device 520 has an invalid permission level, then the controller 502 may return a “403 NOT AUTHORIZED” response).
It would have been obvious to a person having ordinary skill in the art before the effective file date of the claimed invention to have modified the system that uses a token to register an HVAC device to a building automation/management system using a cloud service with the use of permissions that are included in the token so that certain permissions are checked to ensure devices that have proper security credentials and permissions are allowed to access the HVAC device because by including the permissions in the token it would prevent unauthorized access and usage of the HVAC device.  Furthermore, both Leblond and Smith can be considered in the same field of use, as both deal with automation systems/building management systems that use tokens to authorize access to HVAC devices so that only authorized persons and devices are able to access that HVAC device, thus making their combination more obvious.  By combining these elements, it can be considered taking the known HVAC device token that contains a unique ID and credentials, and modifying it by including permissions in the token in a known way to achieve predictable results. 
The combination of Leblond and Smith fail to teach “and generating a device shadow based on a device template, the device template comprising one or more data points associated with the HVAC device...”
Sundaresan teaches “and generating a device shadow based on a device template, the device template comprising one or more data points associated with the HVAC device, wherein the device shadow provides a virtual representation of the HVAC device within the BMS” ([col 2 line 20] The templating framework uses one or multiple device templates to define and generate virtual devices; [col 10 line 31] Template association module 215 associates specific devices and/or types of devices to device templates 232A-C. A single device (e.g., a particular product of an OEM) may be associated with a single device template or with multiple different device templates. The device may be identified by a product identifier assigned to that device; [col 5 line 1] Status updates received from the embedded systems 150A-C may identify values or states of some or all detectable parameters of devices 135A-C that the embedded systems are included in. Status updates may also include fault information, statistical device usage information, trace data and/or other information. Such values, states and/or other information may change based on direct user interaction with the devices. Such values, states and/or other information may also change responsive to commands sent to the embedded systems 150A-C by the WAN accessible service 130 and/or by computing devices 105A-C via an appropriate virtual device 185A-C; [col 3 line 17] The devices 135A-C may also include consumer devices such as...HVAC systems) “and passing values of the one or more data points from the device shadow to the IoT HVAC device to change one or more parameters within the IoT HVAC device” ([col 6 line 17] The virtual device 185A-C is then connected to a particular physical device 135A-C (e.g., to an embedded system 150A-C of a particular physical device 135A-C), and may be used to monitor, interface with, and control that physical device; [col 6 line 55] Computing devices 105 may include a remote control application (or multiple remote control applications) 115 that can receive information for devices 135A-C and control the devices 135A-C via virtual devices 185A-C. The remote control application 115 is configured to interface with one or more virtual devices 185A-C, and may issue commands to the connected virtual devices 185A-C. The virtual devices 185A-C may then format the commands into a protocol used by associated physical devices 185A-C and/or generate new commands in such a protocol. The virtual devices 185A-C may then send the new or modified commands to associated physical devices 135A-C (e.g., via the devices' embedded systems 150A-C) to control the physical devices 135A-C; [col 12 line 65] physical device 366A may be a thermostat from a first manufacturer with a distinct set of physical attributes 374A. First level virtual device 380A may be configured with the physical attributes 374A of the physical device 366A and with logical attributes 384A specific to that physical device 366A... Second level virtual device 378A and second level virtual device 378B may be separate instances of virtual devices generated from the same templates. Each of the second level virtual devices 378A-B may include a common API that remote control applications 370A-B can use to communicate with the second level virtual devices 378A-B. The second level virtual devices 378A-B include application interfaces 395A-B that translate commands from the remote control applications 370A-B into commands that can be acted on by the specific first level virtual devices 380A-B. Additionally, the second level virtual devices 378A-B may translate data from the first level virtual devices 380A-B into a common format that can be used by the remote control applications 370A-B. This enables a single remote control application 370A-B to be used to interface with and control multiple different types of devices; [col 14 line 7] processing logic controls the physical device using the virtual device (or the multiple virtual devices). Controlling the physical device may include determining values to assign to parameters and/or settings of the physical device based on logical rules resident in the virtual device, and then sending controls to implement the determined values for the parameters and/or settings to the physical device. Controlling the physical device may additionally include receiving commands at the virtual device from a remote control application and forwarding those commands to the physical device (potentially after translating the commands into a format understandable to the physical device).
It would have been obvious to a person having ordinary skill in the art before the effective file date of the claimed invention to have modified the system that registers Internet of Thing devices that include functionality for controlling HVAC systems, the registration providing unique identifiers and keys that allow authentication the device with a cloud-based service and credentials that include permissions that allow different users to access and modify settings such that virtual nodes are creating that offering a virtual representation of a device to a building management system that manages devices in a building as taught by Leblond with the use of the templates that allow creation of virtual devices for representation in a building management system, the templates including data points associated with HVAC devices as taught by Sundaresan because by using templates for creating virtual representation of devices would offer the added benefit noted by Sundaresan “[col 1 line 60] Embodiments are directed to a network-connected device platform (also referred to as an internet-of-things (IoT) cloud platform or simply an IoT platform) having an agile templating framework that provides flexible generation and modification of virtual devices that can be used to facilitate, supplement and modify the functionality of physical devices”.  By using templates to generate the device nodes it would gain the inherent benefit of having the user enter less information during the setup of the node, because certain data points would have values or parameters already defined as opposed to having to be individually created for each new controller and device.  Additional benefits noted by Sundaresan include “[col 2 line 38] The agile templating framework enables the functionality, attributes and/or behaviors of a physical device to change over time. Such changes may occur even to physical devices that have been deployed to customer locations. In many instances, changes may be implemented based on updating business logic executed at a server (e.g., a cloud based server) without writing new software code for execution on the physical device or for execution on a server. This shortens and simplifies a product development cycle”.  Furthermore, both Leblond and Sundaresan can be considered in a related field, as both deal with internet of things devices being registered via a cloud-based service, thus obviating the use of the templates from Sundaresan into the system of Leblond.  By combining these elements, it can be considered taking the known method of providing templates for registering devices in a cloud system so that the template provides a data point associated with an internet of things HVAC device, and using it to improve the internet of things HVAC device registration system of Leblond such that when a virtual representation of an internet of things HVAC device is created, it is based on a template so that certain specific data points are created in the virtual representation, including certain settings and feedback values.  

In regards to Claim 19, Leblond, Smith and Sundaresan teach the method of registering an IoT HVAC device as incorporated by claim 18 above.  Sundaresan further teaches “The method of claim 18, wherein the  device template is associated with the unique device identifier” ([col 2 line 20] The templating framework uses one or multiple device templates to define and generate virtual devices; [col 10 line 31] Template association module 215 associates specific devices and/or types of devices to device templates 232A-C. A single device (e.g., a particular product of an OEM) may be associated with a single device template or with multiple different device templates. The device may be identified by a product identifier assigned to that device).

In regards to Claim 20, Leblond, Smith and Sundaresan teach the method of registering an IoT HVAC device as incorporated by claim 18 above.  Sundaresan further teaches “The method of claim 18, further comprising comparing the data points of the device template against one or more data points of the IoT HVAC device and updating the device shadow with at least one data point of the IoT HVAC device that is different from data points of the device shadow” ([col 2 line 38] The agile templating framework enables the functionality, attributes and/or behaviors of a physical device to change over time. Such changes may occur even to physical devices that have been deployed to customer locations. In many instances, changes may be implemented based on updating business logic executed at a server (e.g., a cloud based server) without writing new software code for execution on the physical device or for execution on a server. This shortens and simplifies a product development cycle, and enables additional tools such as A-B testing between different versions of physical devices, where each version may have the same hardware and the same software but a different virtual device and business logic executed on a remote server. Additionally, templates may be used to quickly and easily define the functionality of a new product based on modifying and/or reusing device templates formerly created for other devices. This can further simplify product design and shorten the product development cycle. [col 7 line 34] (41) Template editor 210 is responsible for creating new device templates and editing existing templates. Template editor 210 may create a blank template or may create a new template based on an existing template. Template editor 210 may receive template data 220 that is used to populate fields and/or entries in the template, where each field or entry may be for a particular device attribute. Template data 220 may be input or selected by a user via a user interface 218. Alternatively, or additionally, template data 220 may be imported from existing templates and/or from other sources).

Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to JONATHAN M SKRZYCKI whose telephone number is (571)272-0933. The examiner can normally be reached M-F 7:30-5.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Kenneth Lo can be reached on (571) 272-9774. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.


/JONATHAN MICHAEL SKRZYCKI/Examiner, Art Unit 2116                                                                                                                                                                                                        

/KENNETH M LO/Supervisory Patent Examiner, Art Unit 2116