DETAILED ACTION

Continued Examination Under 37 CFR 1.114

A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection.  Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114.  Applicant's submission filed on 15 August 2022 has been entered.
By the above submission, Claims 4, 5, 17, 22, 23, and 29-34 have been amended.  No claims have been added or canceled.  Claims 1-5 and 14-28 are currently pending in the present application.

Response to Arguments

Applicant's arguments filed 15 August 2022 have been fully considered but they are not persuasive.
Regarding the rejection of Claims 1-5 and 14-28 under 35 U.S.C. 103 as unpatentable over Zhang, US Patent Application Publication 2019/0020661, in view of Kalofonos et al, US Patent Application Publication 2009/0222517, and Berggren, US Patent 8374354, and with particular reference to independent Claim 1, Applicant argues that Zhang, individually, discloses address information for database records but does not disclose a locator of the resource server that corresponds to the claimed destination device (pages 9-10 of the present response, citing Zhang, paragraphs 0101, 0112, 0119, and 0121, and Figure 12).  In response to applicant's arguments against the references individually, one cannot show nonobviousness by attacking references individually where the rejections are based on combinations of references.  See In re Keller, 642 F.2d 413, 208 USPQ 871 (CCPA 1981); In re Merck & Co., 800 F.2d 1091, 231 USPQ 375 (Fed. Cir. 1986).  However, at least Zhang does suggest transmitting a locator of the destination device to the user device.  In particular, the previously cited portions of Zhang disclose a request to access data on a resource server (corresponding to the claimed destination device, see at least Zhang, paragraph 0112) and in further clarifying detail, Zhang more specifically discloses providing a data access credential that includes information including the target data to be accessed (i.e. a locator of the destination device) that is used to access the destination device (see paragraphs 0113-0126, especially noting paragraph 0119, data access credential, and paragraph 0121).  Zhang also discloses additional detail of how an access token is transmitted to the client for access to the destination device (see paragraphs 0082-0083, 0087, and 0089, for example).  Although Applicant argues that the target data identifier is not a locator of a destination device on a network, Applicant does not explain this distinction.  Identifying target data (as in paragraph 0119) would necessitate identifying where that target data is located, and further, Zhang explicitly discloses address information (paragraph 0121), which is a type of locator.  See also paragraph 0101, as previously cited, where location information for data is sent.  It is noted that Applicant has not provided any more explicit limitation on the locator in the claims.  Therefore, the combination of references at least suggests the claims as previously cited.
Therefore, for the reasons detailed above, the Examiner maintains the rejections as set forth below.

Claim Rejections - 35 USC § 112

The rejection of Claims 29, 31, and 33 under 35 U.S.C. 112(b) as indefinite is withdrawn in light of the amendments to the claims.

Claim Rejections - 35 USC § 103

In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1-5 and 14-28 are rejected under 35 U.S.C. 103 as being unpatentable over Zhang, US Patent Application Publication 2019/0020661, in view of Kalofonos et al, US Patent Application Publication 2009/0222517, and Berggren, US Patent 8374354.
In reference to Claim 1, Zhang discloses a method that includes receiving a request from a user device to access a destination device, where a computing device receiving the request has authority to grant access to the destination device and the request includes a digital certificate (see Figure 9; paragraph 0089, client requests authorization to access resource server 500, corresponding to the claimed destination device; see also paragraph 0112); determining to grant access to the destination device and, based on the determination to grant access, generating a distributed database entry including addresses of the user and destination devices and a digital signature (see Figure 9; paragraph 0089, request is recorded in blockchain); and transmitting a public key and locator to the user device (see paragraphs 0101, 0112; see also paragraphs 0113-0126, especially paragraph 0119, data access credential, and paragraph 0121, address; see further paragraphs 0082, 0083, 0087, 0089 for use of the access token for the destination).  However, Zhang does not explicitly disclose determining an address of the user device based on a certificate.
Kalofonos discloses a method that includes determining an address of a device based on a digital certificate (see paragraph 0035, hash of public key, where public key is part of digital certificate).  Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the method of Zhang to include the determination of the address as taught by Kalofonos, in order to allow an identifier to act as a permanent device address (see Kalofonos, paragraph 0035).
While Zhang and Kalofonos generally disclose a certificate and a certificate inherently includes a unique identifier (such as a public key), neither Zhang nor Kalofonos explicitly discloses validating the certificate based on the unique identifier.  However, Berggren discloses a digital certificate including one or more unique identifiers of a user device (Figure 2; column 3, line 50-column 4, line 3; identifier 52; see also column 9, lines 36-40) and validating the certificate based on the unique identifier (column 4, lines 15-25; see also column 4, line 54-column 5, line 3; column 19, lines 29-42).  Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to further modify the method of Zhang to include the certificate validation taught by Berggren, in order to use the certificate to validate a user’s identity (see Berggren, column 3, lines 10-15).
In reference to Claims 2 and 3, Zhang, Kalofonos, and Berggren further disclose a public key and applying a deterministic function to the public key (Kalofonos, paragraph 0035; see also Berggren, column 3, line 50-column 4, line 3).
In reference to Claim 4, Zhang, Kalofonos, and Berggren further disclose a blockchain transaction and transmitting the transaction to a blockchain network (Zhang, paragraph 0089, request is recorded in blockchain).
In reference to Claim 5, Zhang, Kalofonos, and Berggren further disclose a time limit on access (see Zhang, paragraph 0093; see also Berggren, column 3, line 50-column 4, line 3, validity period 54).
In reference to Claim 29, Zhang, Kalofonos, and Berggren further disclose storing information indicative of an association between the computing device and destination device (Zhang, paragraph 0089, permission is recorded in blockchain; see also paragraph 0069).
In reference to Claim 30, Zhang, Kalofonos, and Berggren further disclose that the computing device, destination device, and distributed database are associated with a common entity including a user, household, or service provider (Zhang, paragraph 0112, service provider; paragraph 0089, user).

In reference to Claim 14, Zhang discloses a system that includes an intermediary device (Figure 8, authorization server 400) and a destination device (Figure 8, resource server 500), where the intermediary device is configured to receive a request from a user device to access a destination device (see Figure 9; paragraph 0089, client requests authorization to access resource server 500, corresponding to the claimed destination device; see also paragraph 0112); grant access to the destination device and generate, based on the grant of access, a distributed database entry including addresses of the user and destination devices and a digital signature (see Figure 9; paragraph 0089, request is recorded in blockchain); and transmit a public key and locator to the user device (see paragraphs 0101, 0112; see also paragraphs 0113-0126, especially paragraph 0119, data access credential, and paragraph 0121, address; see further paragraphs 0082, 0083, 0087, 0089 for use of the access token for the destination), and the destination device is configured to receive a second request for access, access the distributed database entry, and grant the user device access (see Figure 9; paragraph 0089).  However, Zhang does not explicitly disclose determining an address of the user device based on a public key or verifying the address.
Kalofonos discloses a method that includes determining an address of a device by applying a deterministic function to a public key (see paragraph 0035).  Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the system of Zhang to include the determination of the address as taught by Kalofonos, in order to allow an identifier to act as a permanent device address (see Kalofonos, paragraph 0035).
While Zhang and Kalofonos generally disclose a certificate and a certificate inherently includes a unique identifier (such as a public key), neither Zhang nor Kalofonos explicitly discloses validating the certificate based on the unique identifier.  However, Berggren discloses a digital certificate including one or more unique identifiers of a user device (Figure 2; column 3, line 50-column 4, line 3; identifier 52; see also column 9, lines 36-40) and validating the certificate based on the unique identifier (column 4, lines 15-25; see also column 4, line 54-column 5, line 3; column 19, lines 29-42).  Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to further modify the system of Zhang to include the certificate validation taught by Berggren, in order to use the certificate to validate a user’s identity (see Berggren, column 3, lines 10-15).
In reference to Claim 15, Zhang, Kalofonos, and Berggren further disclose granting access based on an entry in the distributed database (see Zhang, paragraph 0089).
In reference to Claim 16, Zhang, Kalofonos, and Berggren further disclose creating distributed database entries including identifiers of devices (see Zhang, paragraphs 0089 and 0095; Kalofonos, paragraph 0035).
In reference to Claim 17, Zhang, Kalofonos, and Berggren further disclose granting access to the destination device (Zhang, paragraph 0089).
In reference to Claim 18, Zhang, Kalofonos, and Berggren further disclose receiving an indication of a device, generating a private and public key, and generating a new entry for the device (see Zhang, paragraphs 0101, 0112; Kalofonos, paragraph 0035; see also Berggren, column 3, line 50-column 4, line 3).
In reference to Claim 19, Zhang, Kalofonos, and Berggren further disclose transmitting the first request including the public key of the user device, receiving the public key of the destination device, and connecting to and accessing the destination device (Zhang, paragraphs 0089, 0101, 0112; see also Berggren, column 3, line 50-column 4, line 3).
In reference to Claim 20, Zhang, Kalofonos, and Berggren further disclose an IoT device (see Zhang, paragraph 0140).
In reference to Claim 31, Zhang, Kalofonos, and Berggren further disclose storing information indicative of an association between the computing device and destination device (Zhang, paragraph 0089, permission is recorded in blockchain; see also paragraph 0069).
In reference to Claim 32, Zhang, Kalofonos, and Berggren further disclose that the computing device, destination device, and distributed database are associated with a common entity including a user, household, or service provider (Zhang, paragraph 0112, service provider; paragraph 0089, user).

Claims 21-28, 33, and 34 are directed to devices having functionality corresponding to the methods of Claims 1-5, 16, 29, and 30, and are rejected by a similar rationale, mutatis mutandis.

Conclusion

Any inquiry concerning this communication or earlier communications from the examiner should be directed to Zachary A Davis whose telephone number is (571)272-3870. The examiner can normally be reached Monday-Friday, 9:30am-6:00pm, Eastern Time.
Examiner interviews are available via telephone and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Saleh Najjar can be reached on (571) 272-4006. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/Zachary A. Davis/Primary Examiner, Art Unit 2492