Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

DETAILED ACTION
Response to Amendment
This action is in response to an amendment filed July 12, 2022. Claims 1-4, 8-15, and 19 have been amended. Claims 1-4, 8-15, and 19 remain pending in this application.

Response to Arguments
Applicant’s arguments, see Remarks, filed July 12, 2022, with respect to the rejection(s) of the claim(s) have been fully considered and are persuasive.  Therefore, the rejection has been withdrawn.  However, upon further consideration, a new ground(s) of rejection is made in view of Sharifi Mehr at al. (US 9,923,923 B1).

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claim(s) 1-4, 8-15, and 19 is/are rejected under 35 U.S.C. 103 as being unpatentable over Choyi et al. (US 2018/0183802 A1), in view of Sharifi Mehr at al. (US 9,923,923 B1).

With respect to claim 1, Choyi discloses a method performed by a client node configured to assume a client role in a particular message exchange with a server node (Abstract), the method comprising: 
determining, from a resource directory node that stores information about resources ([0317]-[0318], Figure 24, resource directory creates entries for resources, which includes data such as ID and certificate of resource), security capabilities and security preferences of the server node that hosts a resource ([0061] and [0121], client evaluates security mechanism needed to access resource); and 
setting up a secured connection with the server node using the determined at least one of security capabilities and security preferences ([0122], obtaining resource in a seamless manner);
Choyi does not explicitly teach wherein the at least one of security capabilities and security preferences indicates one or more cipher suites preferred by the server node; 
However, Sharifi Mehr discloses wherein the at least one of security capabilities and security preferences indicates one or more cipher suites preferred by the server node (Col. 2, lines 64-66 and Col. 3, lines 23-48, where server selects mutually acceptable cipher suites for server-to-client communications);
Therefore, it would have been obvious to one of ordinary skill in the art, at the time the invention was filed, to combine the teachings of Choyi with the teachings of Sharifi Mehr and allow a server node to select a preferred cipher suite, in order to adjust security capabilities and preferences during a communication session, and also provide improved and adaptable security protection within the session.
With respect to claim 2, the combination of Choyi and Sharifi Mehr discloses the method of claim 1, wherein Choyi discloses setting up the secured connection comprises initiating setup of the secured connection according to the at least one of security capabilities and security preferences of the server node ([0121]-[0122], evaluated security mechanism is used for allowing access to resources).
With respect to claim 3, the combination of Choyi and Sharifi Mehr discloses the method of claim 1, wherein Choyi discloses said determining comprises:
transmitting, from the client node to the resource directory node, a request for information about resources or server node associated with one or more certain target attributes ([0158], client queries resource listing entity for location information of resource and security mechanism), wherein the target attributes include the at least one of certain security capabilities and/or security preferences ([0158]); and 
receiving a response from the resource directory node identifying the server node, or one or more resources hosted by the server node, as being associated with the one or more certain target attributes ([0158]).
With respect to claim 4, the combination of Choyi and Sharifi Mehr discloses the method of claim 1, wherein Choyi discloses said determining comprises: 
transmitting, from the client node to the resource directory node, a request for information about resources or server nodes associated with one or more certain target attributes ([0158]); and 
receiving a response from the resource directory node that identifies the server node, or one or more resources hosted by the server node, as being associated with the one or more certain target attributes and that includes information indicating the at least one of security capabilities and security preferences of the server node ([0158]).
With respect to claim 8, the combination of Choyi and Sharifi Mehr discloses the method of claim 1, wherein Choyi discloses the at least one of client node and the server node is a machine-to-machine device or an internet-of-things (IoT) node ([0003] and [0054]).
With respect to claim 9, the combination of Choyi and Sharifi Mehr discloses the method of claim 1, wherein Choyi discloses the client node and the server node are configured to communicate using a constrained application protocol (CoAP) ([0085]).
With respect to claim 10, Choyi discloses a method performed by a server node configured to assume a server role in a particular message exchange with a client node (Abstract), the method comprising:
registering, with a resource directory node, at least one of security capabilities and security preferences of the server node, as well as information about a resource that the server node hosts (Abstract, [0061], and [0317], security mechanism (SAM) is registered and established for providing access to resources);
Choyi does not explicitly teach wherein the at least one of security capabilities and security preferences indicates one or more cipher suites preferred by the server node; 
However, Sharifi Mehr discloses wherein the at least one of security capabilities and security preferences indicates one or more cipher suites preferred by the server node (Col. 2, lines 64-66 and Col. 3, lines 23-48, where server selects mutually acceptable cipher suites for server-to-client communications);
Therefore, it would have been obvious to one of ordinary skill in the art, at the time the invention was filed, to combine the teachings of Choyi with the teachings of Sharifi Mehr and allow a server node to select a preferred cipher suite, in order to adjust security capabilities and preferences during a communication session, and also provide improved and adaptable security protection within the session.
With respect to claim 11, the combination of Choyi and Sharifi Mehr discloses the method of claim 10, wherein Choyi discloses the at least one of security capabilities and security preferences indicate at least one of a type or a version of a security protocol that the server node supports ([0274]).
With respect to claim 12, the combination of Choyi and Sharifi Mehr discloses the method of claim 10, wherein Choyi discloses the at least one of security capabilities and security preferences indicate a version of a Transport Layer Security (TLS) protocol or Datagram TLS (DTLS) protocol that the server node supports ([0154]).
With respect to claim 13, the combination of Choyi and Sharifi Mehr discloses the method of claim 10, wherein Choyi discloses the at least one of security capabilities and/or security preferences indicate one or more key agreement protocols preferred by the server node ([0173]-[0174], security requirements define supported protocols).
With respect to claim 14, the combination of Choyi and Sharifi Mehr discloses the method of claim 10, wherein Choyi discloses the at least one of security capabilities and security preferences indicate at least one of one or more key exchange algorithms, one or more encryption algorithms, one or more signature algorithms, or one or more message authentication code (MAC) algorithms ([0173]-[0174] and [0268]).
	With respect to claim(s) 15 and 19, the client node and server node of claim(s) 15 and 19 does/do not limit or further define over the method of claim(s) 1. The limitations of claim(s) 15 and 19 is/are essentially similar to the limitations of claim(s) 1. Therefore, claim(s) 15 and 19 is/are rejected for the same reasons as claim(s) 1. Please see rejection above.	



Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to ESTHER B. HENDERSON whose telephone number is (571)270-3807. The examiner can normally be reached Monday-Friday 6a-2p ET.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Kevin T. Bates can be reached on 571-272-3980. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 
/ESTHER B. HENDERSON/Primary Examiner, Art Unit 2458                                                                                                                                                                                                        October 6, 2022