DETAILED ACTION
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection.  Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114.  Applicant's submission filed on 10/5/22 has been entered.
 	Claims 1-6, 9-18, and 20-23 have been examined.  Claims 7-8 and 19 have been cancelled.

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .  In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  

Claim Objections
As per Applicant’s amendment, the objection to claims 1, 13, and 20 is withdrawn.  
  
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

The factual inquiries for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.

Claim(s) 1-6, 9-18, and 20 are rejected under 35 U.S.C. 103 as being unpatentable by Pavlovski (US 2013/0094451) hereafter Pav451 in view of Muhanna (US 2017/0078875) and further in view of Chang et al. (EP 2,648,391; included in IDS) hereafter Chang and also in view of Frost (US 2018/0373568).

Regarding Claim 1 (Currently Amended),
A system comprising: at least one processor; and memory coupled to the at least one processor, the memory comprising computer executable instructions that, when executed by the at least one processor, performs a method comprising: 

collecting data relating to two or more devices detected by a mobile network operator [Pav451: 0018; using the dual SIM technology described herein, a first physical device that attempts to register with a home location register (HLR) using the shared-identity SIM may be granted registration and provided with session information; the devices may then configure the shared-identity SIM with the obtained session information and switch to the shared-identity SIM for multiplexed communications as part of the respective logical device group; 0017; for cellular applications, physical devices are equipped with two subscriber identity module (SIM) cards; a first "shared-identity" SIM module in each physical device within a logical group is configured for shared communications over a wireless network via a shared logical device physical network address; multiple wireless communication sessions between an application-level device, such as an application server, and the physical devices within the logical group are multiplexed over a single wireless channel by a channel sharing gateway]; 

identifying an association between the two or more devices, wherein the association indicates the two or more devices share at least one of a common user [Pav451: 0019; each device within a logical group is assigned to a common logical device identity (i.e., shared logical device physical network address) for physical communications using the shared-identity SIM card; 0018; the devices may then configure the shared-identity SIM with the obtained session information and switch to the shared-identity SIM for multiplexed communications as part of the respective logical device group; 0017; the devices may then configure the shared-identity SIM with the obtained session information and switch to the shared-identity SIM for multiplexed communications as part of the respective logical device group; 0093; for purposes of the present example, it is assumed that the requesting device is registered with the channel sharing gateway 104 as part of the logical device group associated with the particular shared-identity SIM 216 and that the channel sharing gateway 104 will return the session information for use of the shared-identity SIM 216]; 
Note:
Shared-Identity SIM is for common use among members of a logical device group.  In other words, it is a group of devices sharing for use a common identity; thus shared-identity SIM within the logical device group indicates a common user.

grouping the two or more devices into a device group based on the identified association; assigning one or more personal gateways to the device group, wherein the one or more personal gateways are operated by the mobile network operator [Pav451: device group == logical device group; 0015; a shared logical device physical network address is assigned to each of a group of wireless physical devices and a single wireless communication channel is used to communicate with all devices in the group; the group of wireless physical devices forms a logical device group addressable via the shared logical device physical network address within a wireless network; 0019; the multi-device monitoring and control using intelligent device channel sharing is implemented by grouping wireless physical devices into logical device pools /groups; each device within a logical group is assigned to a common logical device identity (i.e., shared logical device physical network address) for physical communications using the shared-identity SIM card],

	wherein the one or more personal gateways establish a private area network … [Pav451: 0017; multiple wireless communication sessions between an application-level device, such as an application server, and the physical devices within the logical group are multiplexed over a single wireless channel by a channel sharing gateway; 0019; the channel sharing gateway interfaces between the application server and a wireless network element, such as a base station, that ultimately interconnects with the physical devices within the logical device group; the channel sharing gateway operates to multiplex the multiple wireless communication sessions over the single shared communication channel using the shared-identity SIM card],

	the private area network allowing devices in the device group to detect each other and send direct communications between the two or more devices … [Pav451: detect each other == broadcast to provide notifications; 0078; a broadcast message may be pending for broadcast and used, for example, to provide notifications to multiple physical devices associated with one or more logical device groups/pools; a broadcast message may originate from the channel sharing gateway 104 or elsewhere as appropriate for a given implementation; 0080; broadcast messaging may be distributed to multiple devices using a single wireless communication channel by embedding multiple device physical network addresses within a single data packet and sending the data packet to the shared logical device physical network address over the single channel; 0087; messaging between the wireless physical device and the process 500 occurs over a single communication channel per logical group; the process 500 performs broadcast messaging to wireless physical devices; 0019; the channel sharing gateway interfaces between the application server and a wireless network element, such as a base station, that ultimately interconnects with the physical devices within the logical device group; the channel sharing gateway operates to multiplex the multiple wireless communication sessions over the single shared communication channel using the shared-identity SIM card; 0021; the channel sharing gateway causes each physical device to initiate transmission of data packets generated by the physical device (e.g., monitored data, status, etc.) by sending a token to the respective physical devices within data packets that are logically addressed to the respective physical devices using the physical device identifiers encoded within the payload of the respective messages; each physical device responds with its physical device identifier encoded into a payload of a response data packet that is physically addressed to the channel sharing gateway using the common shared logical device identity]; and
Note:
A broadcast originating from a wireless physical device for providing notifications to multiple physical devices associated with one or more logical device groups/pools is a form of direct communication.
	
However, Pav451 does not teach enabling a private subnet for the two or more devices in the device group.

POSITA would have considered Muhanna’s use of private trust relationship with local IoT gateway and would have incorporated it in Pav451’s channel sharing gateway.

Muhanna teaches:
	wherein the one or more personal gateways … enabling a private subnet for the two or more devices in the device group … … allowing devices in the device group to detect each other and send direct communications between the two or more devices via the private subnet [Muhanna: private subnet == private trust relationship; 0054; each IoT device 411 in FIG. 4 includes two private trust relationships; for example, a first private trust relationship is for communications with the local IoT gateway device 412 and a second private trust relationship is for communications with the IoT application server 460; therefore, the local IoT gateway device 412 can uniquely identify the communicating IoT device 411 based on the first private trust relationship, and the IoT application server 460 can uniquely identify the communicating IoT device 411 based on the second private trust relationship; 0035; IoT devices 211 in the group of IoT devices 210 have a group trust relationship 221 (i.e. “Group-1 security trust”) with an access point 230 of the serving cellular network 240; the IoT devices 211 in the group of IoT devices 210 employ the group trust relationship 221 when communicating with the serving cellular network 240 via the access point 230; 0036; the access point 230 of the serving cellular network 240 stores the details of group trust relationships that correspond to each group of IoT devices 210; 0055; FIG. 5 is a protocol diagram 500 illustrating an embodiment of the establishment of a per-IoT group trust relationship. The per-IoT group trust relationship may be utilized, for example, within the security architecture 100, 200 or 300].

However, Pav451-Muhanna does not teach a user interface [that] is operable to … from the common user to associate a new device or disassociate an existing device from the private area network.

Chang teaches:
	providing a user interface, wherein the user interface is operable to … from the common user to associate a new device or disassociate an existing device from the private area network [0014; Fig. 2; the VM container or interface provides a means for the VM to access cloud data center 120 processing resources while protecting the cloud data center 120 from unauthorized access; in essence the VM shell is responsible for running the enterprise customer's VM as a guest VM, e.g., VMs 36(1)-36(m), and for providing a network overlay for connecting the guest VM to private networks in the enterprise, e.g., enterprise data center 110; Fig. 7; Figs. 8a, 8b; 0032; referring to FIG. 7, an example of a processing or server device that may host a cloud manager, e.g., cloud manager 22, is shown; 0033; the network interface device 710 is configured to enable communications over a network, e.g., network 130 from FIG. 1 and various networks internal to the data centers in the hybrid cloud, to, among other things, manage CNE components in system 100; 0035; referring to FIGs. 8a and 8b, a flowchart is shown that depict operations of the process logic 800 for automatic scaling and monitoring, i.e., management, of CNE components; at 840, one or more second messages are sent to the second virtual network, the one or more second messages comprising information configured to start a virtual machine and a first virtual machine interface configured to allow the virtual machine to access processing resources in the second virtual network; at 850, data are stored that associates the virtual machine with the first virtual switch; 0036; the above monitoring assumes that the VM is a guest VM running on the cloud inside another container VM, referred to at 860 as a virtual machine interface, since it provides an interface to cloud resources; For example, the virtual machine interface may operate as a thin Portable Operating System Interface (POSIX) process that gathers system statistics from the container VM, and may also communicate to the underlying hardware hypervisor through defined mechanisms, if available].

However, Chang in Pav451-Muhanna-Chang combination does not explicitly teach that the user interface is operable to receive instructions from the common user.

Frost teaches:
	wherein the user interface is operable to receive instructions from the common user to associate a new device or disassociate an existing device from the private area network [Frost: 0071; FIG. 6A illustrates a first configuration for transferring a workflow task to a second device. A first device 620 may be executing a first application 625, and the first application 625 may be set to a state for performing a first task (e.g., a current task of a workflow). During user interaction with the first application 625, an event may cause the first application 625 to prepare to execute and/or begin executing a second task (e.g., a next task of the workflow). For example, a user interacting with the first device 620 and/or first application 625 may cause a selection of an option (e.g., via a user interface) to sign a document being viewed on the first device 620; The first device 620 may notify a task switch server 610 of task information (e.g., a current/first task and/or second/next task), and the task switch server 610 may detect an opportunity to perform a second task at a second device 630. The task switch server 610 may then instruct the second device 630 to perform the second task, including any additional data required to perform the task with the instruction (e.g., the document for signature); The task switch server 610 may then notify the first device 620 that the second device 630 has finished performing the task, and may include results associated with the task (e.g., the signed document). The first application 625 may then display and/or interact with the received results].

It would have been obvious for POSITA before the effective filing date of the invention to combine the teachings of Pav451, Muhanna, Chang, Frost in order to provide an architectural security solution involving differing deployment models, for example, direct access over the cellular access network or access through a local IoT gateway [Muhanna: 0006]; in order to better allocate resources across the hybrid cloud [Chang: 0025]; and in order to automatically selecting devices to perform different tasks of user workflows [Frost: 0004].



Regarding Claim 2,
wherein the data comprises at least one of account information, billing information, device information, or behavioral data [Pav451: 0017; a first "shared-identity" SIM module in each physical device within a logical group is configured for shared communications over a wireless network via a shared logical device physical network address; multiple wireless communication sessions between an application-level device, such as an application server, and the physical devices within the logical group are multiplexed over a single wireless channel by a channel sharing gateway]. 

Regarding Claim 3,
wherein at least a portion of the data is collected from a data source external to the mobile network operator [Pav451: external data source == shared-identity SIM; 0017; A first "shared-identity" SIM module in each physical device within a logical group is configured for shared communications over a wireless network via a shared logical device physical network address; 0018; using the dual SIM technology described herein, a first physical device that attempts to register with a home location register (HLR) using the shared-identity SIM may be granted registration and provided with session information]. 

Regarding Claim 4,
wherein identifying the association between the two or more devices comprises applying to the data at least one of machine learning techniques, pattern matching techniques, a fuzzy logic algorithm, one or more rule sets, an association model, a set of heuristics, or entity mapping techniques [Pav451: 0018; such devices may then register with the HLR using the individual-identity SIM to allow communications with the channel sharing gateway and may obtain the session information for use with the shared-identity SIM from the channel sharing gateway; the devices may then configure the shared-identity SIM with the obtained session information and switch to the shared-identity SIM for multiplexed communications as part of the respective logical device group. 

Regarding Claim 5,
wherein grouping the two or more devices comprises recording at least the two or more devices and the identified association in a storage location [Pav451: 0032; the channel sharing gateway maintains a register of physical devices and logical device associations using a data structure stored within a memory, as appropriate for a given implementation; 0042; the channel sharing gateway 104 maintains a register of physical devices and the logical device pool/group (e.g., the logical device_1 112 through the logical device_X 114) with which each physical device is associated]. 

Regarding Claim 6,
wherein assigning the one or more personal gateways comprise generating, by the mobile network operator, at least one logical gateway [Pav451: 0017; multiple wireless communication sessions between an application-level device, such as an application server, and the physical devices within the logical group are multiplexed over a single wireless channel by a channel sharing gateway]. 

Regarding Claim 9 (Previously Presented),
wherein the one or more personal gateways further provide at least one of DHCP assignment of IP addresses, NAT, DNS functions, port forwarding, or port blocking [Pav451: 0032; the channel sharing gateway uses NAT to manipulate data packets/messages communicated between the application server and the respective wireless physical devices by encapsulating the data packet for the physical device into a packet for the logical device physical address with which the physical device is logically associated]. 

Regarding Claim 10 (Previously Presented),
wherein the one or more personal gateways further provide at least one of IP address binding, MAC address binding, broadcast message delivery to the device group, or an interface for configuring the one or more personal gateways [Pav451: 0026; between the channel sharing gateway and the logical group, the physical address of the logical group that is used by the channel sharing gateway for communicating via the wireless channel represents a logical address for the group of devices; 0025; multiple physical devices may be addressed within a payload of a single logical message. For example, broadcast messages may be used to configure, reset, or otherwise interact with a number of devices within a logical group]. 

Regarding Claim 11 (Previously Presented), 
Pav451 teaches:
wherein each of the one or more personal gateways is assigned … subnet, and wherein the each of the two or more devices in the device group are assigned a private IP address on the … subnet [Pav451: 0041; the channel sharing gateway 104 interfaces with a base station 106 to communicate, via multiple communication channels represented as a communication channel 108 through a communication channel 110, with physical devices that are organized into logical pools/groups represented as a logical device_1 112 through a logical device_X 114; 0034; the channel sharing gateway may use an Internet protocol (IP) addressing scheme to ensure devices do not send IP packets at the same time using the token-based techniques described herein]. 

However, Pav451 does not teach a private subnet.

Muhanna teaches:
	wherein each of the one or more personal gateways is assigned the private subnet, and wherein the each of the two or more devices in the device group are assigned … on the private subnet [Muhanna: private subnet == private trust relationship; 0054; each IoT device 411 in FIG. 4 includes two private trust relationships; for example, a first private trust relationship is for communications with the local IoT gateway device 412 and a second private trust relationship is for communications with the IoT application server 460; therefore, the local IoT gateway device 412 can uniquely identify the communicating IoT device 411 based on the first private trust relationship, and the IoT application server 460 can uniquely identify the communicating IoT device 411 based on the second private trust relationship].

It would have been obvious for POSITA before the effective filing date of the invention to combine the teachings of Pav451 and Muhanna in order to provide an architectural security solution involving differing deployment models, for example, direct access over the cellular access network or access through a local IoT gateway [Muhanna: 0006].

Regarding Claim 12,
wherein the one or more personal gateways provide access control for the two or more devices in the device group, wherein the access control is defined using one or more access policies stored by the mobile network operator [Pav451: 0095; the process 600 makes a determination at decision point 628 as to whether a message has been received via the single wireless communication channel via the shared-identity SIM 216 from the channel sharing gateway 104; 0097; in response to determining at decision point 634 that there is an address match between the local physical address and one of the extracted embedded addresses, the process 600 makes a determination at decision point 636 as to whether a token is included in the message received from the channel sharing gateway 104; 0098; in response to determining that a token is included within the message, the process 600 sends a data collection message, including any collected data requested via the respective token, to the channel sharing gateway 104 at block 638 using the shared logical device physical network address as the source address and the physical network address of the respective physical device embedded into the message]. 

Regarding Claims 13-14 and 17-18, which recite the same claim limitations as those in claims 1-3 and 5-6 above, the same rationale of rejection as presented in claims 1-3 and 5-6 is applicable. 

Regarding Claim 15,
wherein the common user associated with the one or more devices is further associated with a plurality of user accounts, wherein at least one of the one or more devices is registered to each of the plurality of user accounts [Pav451: 0019; the multi-device monitoring and control using intelligent device channel sharing is implemented by grouping wireless physical devices into logical device pools /groups; each device within a logical group is assigned to a common logical device identity (i.e., shared logical device physical network address) for physical communications using the shared-identity SIM card; 0015; wireless physical devices, as described herein, may be used for example in monitoring and control of smart grid applications, such as monitoring and controlling electrical power distribution networks, and other networks including water distribution networks, and gas distribution networks; 0036; Within a smart grid implementation, electricity power network components include devices such as transformers, switches, cables, and other componentry; these electricity power network components are monitored by intelligent devices, such as application servers, that gather and communicate electrical status, such as voltage, current, and power over an Internet protocol-based (IP-based) data communications network to remote servers; smart grid also incorporates network communications and processing features within customer premise-based meters, referred to herein as "smart meters," that relay electricity consumption data and alarms to the electricity supplier]. 

Regarding Claim 16,
Pav451 teaches:
wherein a separate device group is created for each of the plurality of user accounts [Pav451: 0100; At decision point 702, the process 700 makes a determination as to whether session information for a shared-identity SIM, such as the shared-identity SIM 216, for a logical device group/pool has been received; the process 700 receives the session information from authorized physical devices via the shared-identity SIM 216; as such, the process 700 may receive wireless session information for cellular communication with the logical device group from the one of the wireless physical devices in the logical device group; 0036; smart grid also incorporates network communications and processing features within customer premise-based meters, referred to herein as "smart meters," that relay electricity consumption data and alarms to the electricity supplier], and 

However, Pav451 does not teach that a separate personal gateway is assigned to each separate device group.

Muhanna teaches:
wherein a separate personal gateway is assigned to each separate device group [Muhanna: 0053; the group of IoT devices 410, IoT devices 411, access point 430, serving cellular network 440, MME 450, an IoT application server 460, and IoT gateway 470 of FIG. 4 are similar to the groups of IoT devices 110, 210, 310, IoT devices 411, access points 130, 230, 330, serving cellular networks 140, 240, 340, MME 150, 250, 350, the IoT application server 160, 260, 360, 460, and the IoT gateway 170, 270, 370, 470, respectively, of FIGS. 1-4. However, in FIG. 4 one of the IoT devices 411 serves as a local IoT gateway 412]. 

It would have been obvious for POSITA before the effective filing date of the invention to combine the teachings of Pav451 and Muhanna in order to provide an architectural security solution involving differing deployment models, for example, direct access over the cellular access network or access through a local IoT gateway [Muhanna: 0006].

Regarding Claim 20, which recites a computer storage media storing computer executable instructions that when executed cause a computing system to perform a method having the same claim limitations as those in claim 1 above, the same rationale of rejection as presented in claim 1 is applicable.

Claim 21-23 are rejected under 35 U.S.C. 103 as being unpatentable over Pav451-Muhanna-Chang-Frost in view of Kuo (US 10,116,739).

Regarding Claim 21 (Previously Presented),
In Pav451-Muhanna-Chang-Frost, Pav451 teaches that a broadcast message may be pending for broadcast and used, for example, to provide notifications to multiple physical devices associated with one or more logical device groups/pools, where a broadcast message may originate from the channel sharing gateway 104 or elsewhere as appropriate for a given implementation [Pav451: 0078].

However, Pav451-Muhanna-Chang-Frost does not teach that the private area network allows the devices in the device group to communicate via unicast messages.

POSITA would have considered Kuo’s point-to-point messaging among devices in a group that share a unique identification and would have incorporated that in Pav451’s providing notifications to multiple physical devices associated with one or more logical device groups/pools.

Kuo teaches:
	wherein the private area network allows the devices in the device group to communicate via unicast messages [Kuo: unicast == point-to-point; Col. 7 / lines 14-19; a device may be assigned a first unique identification for its own use while also being assigned a second unique identification that is shared with other point-to-point devices in a group; when other point-to-point devices sends messages to either the first unique identification or the second unique identification, the device can receive such messages; Col. 6 / lines 50-56; when the point-to-point device 72 requests to connect to the point-to-point device 73, it sends a connection request to the main server 71; the main server 71 selects a point-to-point server 74 from multiple candidates according to different circumstances; next, the point-to-point server 74 assists the point-to-point device 72 to connect to the point-to-point device 73].

It would have been obvious for POSITA before the effective filing date of the invention to combine the teachings of Pav451-Muhanna-Chang-Frost and Kuo in order to simplify network connection establishment as well as connection efficiency [Kuo: Col. 1 / lines 31-33].

Regarding Claims 22 and 23, which recites the same claim limitations as those in claim 21 above, the same rationale of rejection as presented in claim 21 is applicable.
Response to Arguments
Applicant's arguments filed 10/5/22 have been fully considered but they are not persuasive. 

I.	Applicant argues regarding claims 1, 13, and 20 on pages 7-8 of the Remarks section that in Pav451-Muhanna-Chang combination, Chang does not teach “providing a user interface, wherein the user interface is operable to receive instructions from the common user to associate a new device or disassociate an existing device from the private are network.”
Examiner’s Response:
For purposes of brevity, please see the Office Action above, where Frost in Pav451-Muhanna-Chang-Frost combination teaches the limitation at issue.

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to SAAD A WAQAS whose telephone number is (571)270-5642. The examiner can normally be reached 8:30 - 5:00 PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Asad M Nawaz can be reached on (571) 272-3988. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

SAAD A. WAQAS
Primary Examiner
Art Unit 2468



/Saad A. Waqas/Primary Examiner, Art Unit 2468