Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Drawing
	Applicant has filed on 9/26/2022 replacement drawing for Figs 1  2, which are accepted. Drawing objection issued in previous office action has been withdrawn.
Response to Amendments and Arguments
	The Applicant has amended independent claims 26, 39 & 47 and argued in the Remarks dated 9/26/2022 that these amendment has overcome both rejections 112 (a) for claims 26-38 and rejections 101 for claims 47-48 issued in the previous office action. The amendment and arguments has been considered and found persuasive. Hence, rejections 112 ( a) for claims 26-38 and rejections 101 for claims 47-48 has been withdrawn.
	 The Applicant further argued that amendment to claims 26, 39 & 47, by incorporating partially limitations of claim 29 which has been objected to in the previous office action, has also overcome art rejections issued for claims 26-48 in the previous office action. Examiner reviewed these arguments but found them unpersuasive as primary art Schmidt teaches the amended limitation ”and when a change to the approved product list is identified for the device, dynamically change a certification status of the device”, in paragraph 0339 as illustrated below in this office action..
 Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains.  Patentability shall not be negated by the manner in which the invention was made.
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  

Claims 26, 30, 33, 39, 43 & 46-47 are rejected under 35 USC 103 as being unpatentable over Schmidt (US20150237502) in view of  Barritz (WO0179970A2 – original in English has been attached) and Ameling (US20160308861).
Regarding claim 26. Schmidt teaches:
 a system for using platform certificates to verify compliance and compatibility of a device when onboarding the device into an internet of things (IoT) network, (please see paragraph 0133)
 the system comprising: memory, including a policy data store; (please see paragraph 0111)
 and processing circuitry of an onboarding tool device, (please see paragraph 0071)
  receive a request to be onboarded from the device, wherein the request includes a platform certificate of the device; 
use the policy data store to determine whether the device is trusted for onboarding on the network by determining whether the elements from the device match the corresponding elements in the corresponding white list;  (please see paragraphs 0243 & 0249)
onboard the device to the  network in response to a determination that the elements from the device  correspond to the elements in the white list.  (please see paragraphs 0243 & 0249)
and when a change to the approved product list is identified for the device, dynamically change a certification status of the device. [0339] If verification data is stored inside the authentication certificate, a new combined authentication/validation certificate must be issued every time the device configuration (product list) changes. The generation of the certificate must be controlled by the SeGW, since it is the entity in charge of authenticating Dev_ID for the purpose of PVM. This may be done in at least two ways. First, the SeGW, or a subordinate entity may generate the new certificate after receiving an updated Clist from DMS. Second, the device may generate the certificate itself, send this to the SeGW and PVE, which then signs it and sends it back to the device.]
Although Schmidt teaches onboarding  remote devices, he does not teach expclitly, however, Barritz teaches:
compare elements in the platform certificate with elements from a corresponding approved product list; (please see pages 19 & 20, lines 25-30 & 1-10 respectively)
determination that the elements from the device  platform certificate correspond to the elements in the approved product list. (please see pages 19 & 20, lines 25-30 & 
1-10 respectively)
Before the effective filing date of the claimed invention, it would have been obvious to one with ordinary skill in the art to combine the teachings of Schmidt with the disclosure of Barritz. The motivation or suggestion would have been to implement a system that will provide efficient techniques for dynamically managing various types of changes in certificates. (pages 3 && 4, lines 20-30 &  1-15 respectively, Barritz)  
Although Schmidt and Barritz teach onboarding remote device , they do not teach expclitly, however, Ameling teaches onboarding iot device.(please see paragraph 0035)
Before the effective filing date of the claimed invention, it would have been obvious to one with ordinary skill in the art to combine the teachings of Schmidt and Barritz with the disclosure of Ameling. The motivation or suggestion would have been to implement a system that will provide efficient techniques for  maintaining and onboarding an IoT device., (para 0001-003, Ameling)  
and when a change to the approved product list is identified for the device, dynamically change a certification status of the device.
Regarding claims 30 & 43, Schmidt teaches wherein the onboarding tool is further to verify that the approved product list applies to the device using a local management console, a blockchain, or a blacklist.  (please paragraphs 0243 & 0249)
Regarding claims 33 & 46, Schmidt, Barritz & Ameling teach wherein to verify that the approved product list applies to the device, and  the onboarding tool as illustrated above in claim 26 and additionally, Schmidt teaches to verify a manufacturing key that was embedded, by a platform vendor, in secure hardware of the device. (please e para 0075)
Regarding claims 39 & 47, these claims are interpreted to be same as claim 1 and rejected for the same reasons as set forth for claim 1.

Claims 27, 40 & 48 are rejected under 35 USC 103 as being unpatentable over Schmidt  in view of  Barritz, Ameling and Proudler ( WO 0048063 A1).     
Regarding claim 27, although Schmidt, Barritz and Ameling teach platform certificate, they do not teach, however, Proudler teaches wherein the elements in the platform certificate comprise platform attributes, container attributes, device attributes, conformance status, or security profile attributes.  (please see paragraphs 0142-0143)
Before the effective filing date of the claimed invention, it would have been obvious to one with ordinary skill in the art to combine the teachings of Schmidt, Barritz and Ameling with the disclosure of Proudler. The motivation or suggestion would have been to implement a system that will provide efficient techniques for increasing the level of trust in platforms to enables greater user confidence that the platform and operating system environment behave in a known manner.(para 0001-0006, Proudler)  
Regarding claims 40 & 48, although Schmidt, Barritz and Ameling teach platform certificate, they do not teach, however, Proudler teaches wherein the elements in the platform certificate comprise platform attributes, container attributes, device attributes, conformance status, or security profile attributes, wherein the platform certificate is arranged according to a specification of a Trusted Computing Group (TCG) standards family.  (please see paragraphs 0142-0143)
Before the effective filing date of the claimed invention, it would have been obvious to one with ordinary skill in the art to combine the teachings of Schmidt, Barritz and Ameling with the disclosure of Proudler. The motivation or suggestion would have been to implement a system that will provide efficient techniques for increasing the level of trust in platforms to enables greater user confidence that the platform and operating system environment behave in a known manner.(para 0001-0006, Proudler)  

Claims 31 & 44 are rejected under 35 USC 103 as being unpatentable over Schmidt  in view of  Barritz, Ameling and Zheng (WO2012040393A2-translation and original is attached)
Regarding claims 31 & 44, although Schmidt, Barritz and Ameling teach to verify that the approved product list applies to the device, they do not teach explicitly, however, Zheng teaches the tool is further configured to verify a digital signature of the product list. (please see paragraph 0016)
Before the effective filing date of the claimed invention, it would have been obvious to one with ordinary skill in the art to combine the teachings of Schmidt, Barritz and Ameling with the disclosure of Zheng. The motivation or suggestion would have been to implement a system that will provide efficient techniques for generation and verification of digital signature..(para 0089-0091, Zheng)  

Claims 32 & 45 are rejected under 35 USC 103 as being unpatentable over Schmidt  in view of  Barritz, Ameling and Baldwin (US 20100082991)
Regarding claims 32 & 45, although Schmidt, Barritz and Ameling teach to verify that the approved product list applies to the device, they do not teach explicitly, however, Baldwin teaches tool to use a hash-tree structure; (please see paragraphs 0073 & 0129).  
Before the effective filing date of the claimed invention, it would have been obvious to one with ordinary skill in the art to combine the teachings of Schmidt, Barritz and Ameling with the disclosure of  Baldwin. The motivation or suggestion would have been to implement a system that will provide efficient techniques for protecting data against internal and external attacks as well as accidental leaks.(para 0001-0003, Baldwin)  
	
Claims 37-38 are rejected under 35 USC 103 as being unpatentable over Schmidt  in view of  Barritz, Ameling and Doliwa (US 20190052464)
Regarding claim 37, although Schmidt, Barritz and Ameling teach approved product list as illustrated in claim 26, they do not teach expclitly, however, Doliwa teaches wherein the list is maintained by an IoT device certifying entity.  (please see paragraph 0028)
Before the effective filing date of the claimed invention, it would have been obvious to one with ordinary skill in the art to combine the teachings of Schmidt, Barritz and Ameling with the disclosure of  Doliwa. The motivation or suggestion would have been to implement a system that will provide efficient techniques for a secure approach to provision ICs for IoT devices that use un-customized “off-the-shelf” ICs to allow provisioning of an IoT device in an unsecure environment by untrusted third parties, as well as distribution over standard distribution channels.(para 0001-0011, Doliwa)  
Regarding claim 38, although Schmidt, Barritz and Ameling teach the platform certificate as illustrated in claim 26, they do not teach expclitly, however, Doliwa teaches wherein a configuration is maintained by a vendor that assembled components of the device.  (please see paragraph 0028)
Before the effective filing date of the claimed invention, it would have been obvious to one with ordinary skill in the art to combine the teachings of Schmidt, Barritz and Ameling with the disclosure of  Doliwa. The motivation or suggestion would have been to implement a system that will provide efficient techniques for a secure approach to provision ICs for IoT devices that use un-customized “off-the-shelf” ICs to allow provisioning of an IoT device in an unsecure environment by untrusted third parties, as well as distribution over standard distribution channels.(para 0001-0011, Doliwa)  

Allowable Subject Matter
	Claims 28-29 & 34-36, are objected to but would be allowable if incorporated with their base claim including any intervening claim or claims. 
	Claims 41-42 are objected to but would be allowable if incorporated with their base claim including any intervening claim or claims. 
Relevant arts cited in pto-892 but not used in the instant office action are as follows:
1. Sheridan (US20160063466) discloses Providing backup digital certificates comprises an application provider, such as a digital wallet system, that obtains signed digital certificates from a certificate authority. The digital wallet system provides an application, such as a digital wallet application, to a user computing devise along with a primary digital certificate and a backup digital certificate. The user computing device utilizes the primary digital certificate to ensure a secure connection with the digital wallet system. If the primary digital certificate is compromised, the digital wallet system may communicate the backup digital certificate to the digital wallet system when a subsequent secure connection is requested. The user computing device may access the backup digital certificate and verify the provided digital certificate. The digital wallet system provides a new backup digital certificate to the user computing device, and the user computing device deletes the compromised digital certificate.
2. Xiao (US20020152382) describes A unique TIO based trust information delivery scheme is disclosed that allows clients to verify received certificates and to control Java and Javascript access efficiently. This scheme fits into the certificate verification process in SSL to provide a secure connection between a client and a Web server. In particular, the scheme is well suited for incorporation into consumer devices that have a limited footprint, such as set-top boxes, cell phones, and handheld computers. Furthermore, the TIO update scheme disclosed herein allows clients to update certificates securely and dynamically.
Conclusion
THIS ACTION IS MADE FINAL.  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to SHER A KHAN whose telephone number is (571)272-8574. The examiner can normally be reached M-F 8:00 am-5:00pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Eleni A Shiferaw can be reached on 571-272-3867. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/SHER A KHAN/Primary Examiner, Art Unit 2497