Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
DETAILED ACTION
Claims 1-22 are pending in this office action.

This office action is sent in response to mailing an office action on July 6, 2022, that was missing two claims.  This office action serves to replace the prior office action and includes missing claims 21 and 22.

Information Disclosure Statement
The information disclosure statement (IDS) submitted on April 26, 2022, is in compliance with the provisions of 37 CFR 1.97.  Accordingly, the information disclosure statement is being considered by the examiner.

Applicant’s Arguments
Applicant’s arguments, filed April 25, 2022, have been fully considered but they are moot in view of the new ground of rejection.

Claim Rejections - 35 USC § 102
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –

(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale, or otherwise available to the public before the effective filing date of the claimed invention.

Claims 1-22 are rejected under 35 U.S.C. 102(a)(1) as being anticipated by Marktscheffel et al. (QR Code Based Mutual Authentication Protocol for Internet of Things, 2016).

Regarding claim 1, Marktscheffel et al. teaches a method of authenticating a device on a system, the method comprising: generating a random token (section V.C, steps 1 and 2); displaying the random token to a user (section V.C, step 3); communicating the random token to an authentication system portal (section V.C, steps 5-7); in response the authentication system portal validating the random token: receiving a PIN from the user (section V.C, “the mutual authentication sequence is initiated by the master who sends a challenge to the new device. The challenge is a randomly generated byte sequence used as nonce.”), and communicating the PIN to the authentication system portal (section V.C, step 13); and receiving a portal IP address and a certificate of authentication from the authentication system portal (section V.C, step 18).

Regarding claim 2, Marktscheffel et al. teaches wherein the certificate of authentication is associated with a predetermined amount of time (section V.C, step 10).

Regarding claim 3, Marktscheffel et al. teaches wherein communicating the PIN to the authentication system portal further comprising encrypting the PIN using a private key of the device and communicating the encrypted PIN (section V.C, step 13).
Regarding claim 4, Marktscheffel et al. teaches wherein receiving the portal IP address and the certificate of authentication further comprises receiving the portal IP address and a certificate of authentication in response to the authentication system portal decrypting the PIN using a public key of the device (section V.C, “after receiving the message, the master first decrypts the message with its private key and then proceeds to verify the signature with the public key of the new device).

Regarding claim 5, Marktscheffel et al. teaches wherein the random token is a unique alpha-numeric string (section V.A, “the following information is encoded in the QR code: token, an array of random bytes.”).

Regarding claim 6, Marktscheffel et al. teaches wherein the random token is represented by a visual identifier (section V.A, “the following information is encoded in the QR code: token, an array of random bytes.”).

Regarding claim 7, Marktscheffel et al. teaches further comprising: in response to the visual identifier being captured by a mobile phone, generating a communication message from the mobile phone to the authentication system portal (fig. 4, step 7).

Regarding claims 8 and 15, Marktscheffel et al. teaches a method of authenticating an external device, the method comprising: receiving a random token generated by the external device from a user at an authentication system portal (section V.C, steps 5-7); validating the random token (section V.B, step 3); in response to validating the random token at the authentication system portal: generating an external device PIN (section V.C, “the mutual authentication sequence is initiated by the master who sends a challenge to the new device. The challenge is a randomly generated byte sequence used as nonce.”), and displaying the external device PIN to the user (paragraph 0068); receiving an encrypted version of the external device PIN from the external device (section V.C, step 13); decrypting the encrypted version of the external device PIN (section V.C, step 13); and validating the external device by comparing the decrypted external device PIN with the generated external device PIN (section V.C, step 14).

Regarding claims 9 and 16, Marktscheffel et al. teaches wherein the random token is an alphanumeric string input at the authentication system portal by the user (section V.A, “the following information is encoded in the QR code: token, an array of random bytes.”).

Regarding claims 10 and 17, Marktscheffel et al. teaches wherein the random token is a message received from a mobile device of the user in response to scanning of a visual identifier representing the alphanumeric string (fig. 4, steps 5-7).

Regarding claims 11 and 18, Marktscheffel et al. teaches further comprising generating an IP address and a certificate of authentication in response to validating the external device (section V.B, steps 11-12).

Regarding claims 12 and 19, Marktscheffel et al. teaches further comprising associating an expiration time period to the certificate of authentication (section V.C, step 10).

Regarding claims 13 and 20, Marktscheffel et al. teaches further comprising communicating the IP address and a certificate of authentication to the external device (section V.B, steps 11-12).

Regarding claim 14, Marktscheffel et al. teaches further comprising: receiving an access request from the external device at the IP address with the certificate of authentication; and providing access to the external device in response to determining that the expiration time period associated with the certificate of authentication has not expired (section V.C, step 8).

Regarding claim 21, Marktscheffel et al. teaches wherein the received PIN is generated by the authentication system portal in response to the authentication system portal validating the random token (section V.C, step 11).

Regarding claim 22, Marktscheffel et al. teaches receiving the random token from the external device at the authentication system portal, wherein the validating is based at least in part on the receipt of the random token from the user and receipt of the random token from the external device (section V.C, step 10).
 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to BRANDON HOFFMAN whose telephone number is (571)272-3863.  The examiner can normally be reached on Monday-Friday 8:30AM-5:00PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.  
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jeffrey Pwu can be reached on (571)272-6798.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/BRANDON HOFFMAN/Primary Examiner, Art Unit 2433