DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . In communications filed on 10/27/2022. Claim 1 is amended. Claims 1-12 are pending in this examination.
 In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.   This examination is in response to US Patent Application No. 17/092,517.
Examiner Note
Applicant has not submitted any Argument/ Remarks based on the references examiner used in last office action. Examiner maintains his rejection.
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains.  Patentability shall not be negated by the manner in which the invention was made.


The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459 (1966), that are applied for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.
Claims 1-12 are rejected under 35 U.S.C. 103 as being unpatentable over US Patent No. (US20150215321) issued to Fries (cited in IDS filed on 04/23/2021) in view of application (DE112014006265 T5) issued to Mori Ikumi hereinafter, “Ikumi”.
Regarding claim 1, Fries discloses   a method for carrying out permission-dependent communication between at least one field device of automation technology and an operating device, wherein the field device and the operating device are 5connected to one another via a communication link and wherein the field device has an electronic field device identifier [¶11-12, the portable communications device acquires first information for identifying the field device. The portable communications device sends to a system the first information and sends second information for identifying the portable communications device or the user thereof. The system determines a first piece of access information on the basis of the first information and the second information, and sends the first access information to the portable communications device. The portable communications device transmits the second information and the first piece of access information to the field device. The field device determines a second piece of access information on the basis of the second information, and compares the first piece of access information with the second piece of access information. If the first piece of access information and the second piece of access information match, access to the field device is allowed.  In the present patent application, the first information and second information are understood to mean identifying information such as, for example, serial numbers of a field device or role information of a user. This information hence identifies the elements of a system that communicate with one another. For example, field devices of an automation system can communicate amongst one another, with a server, or with portable communications devices such as tablet PCs or smartphones that are used for maintenance purposes], and [Abstract, see FIGS 1-3 and corresponding text for more detail], and [¶44, example in the automation engineering sector (e.g., in the field of industrial automation or energy automation), with reference to FIG. 1. A field device FG inside an automation system has attached to it a sticker on which a quick response code (QR code) is depicted. Alternatively, this QR code can also be displayed by a display present on the field device]; and 
 in the event that the operating device has permission from a permission provider to communicate with the field device [¶11, the portable communications device acquires first information for identifying the field device. The portable communications device sends to a system (permission provider) the first information and sends second information for identifying the portable communications device or the user thereof. The system determines a first piece of access information on the basis of the first information and the second information, and sends the first access information to the portable communications device. The portable communications device transmits the second information and the first piece of access information to the field device. The field device determines a second piece of access information on the basis of the second information, and compares the first piece of access information with the second piece of access information. If the first piece of access information and the second piece of access information match, access to the field device is allowed], and [¶5]; and 
receiving at the operating device the field device identifier from the field device in preparation for communication with the field device [ see FIGS1-3 and corresponding text for more details, IDFG (The first information IDFG in the form of the serial number of the field device FG) send from FG (field device) to KG (communication/operating device)]; and 
performing a cryptographic comparison step on the operating device to check whether the verifi15cation datum depends, in an unambiguous manner, on the field device identifier which the operating device has received from the field device [¶11, the portable communications device acquires first information for identifying the field device. The portable communications device sends to a system the first information and sends second information for identifying the portable communications device or the user thereof. The system determines a first piece of access information on the basis of the first information and the second information, and sends the first access information to the portable communications device. The portable communications device transmits the second information and the first piece of access information to the field device. The field device determines a second piece of access information on the basis of the second information, and compares the first piece of access information with the second piece of access information. If the first piece of access information and the second piece of access information match, access to the field device is allowed], and [Abstract, see FIGS, 1-3 and corresponding text for more detail, ¶¶51-52]; and 
and that the operating device communicates with the field device in the event that the verification datum depends, in an unambiguous manner, 20on the field device identifier has received from the field device [¶57, Thus, for instance, by using a secret G shared by the server S and the field device FG, a first one-off password TAN1 and a second one-off password TAN2 are generated as the respective hash values. If the hash value generated on the server S does not match the hash value generated on the field device FG, it is indicating that the data (e.g., date D) communicated to the server S or the field device is incorrect or has been tampered with], and [¶11, Abstract, see FIGS, 1-3 and corresponding text for more detail].
storing on the operating device a cryptographic 10verification datum which is dependent on the field device identifier
Evan though Fires discloses this limitation as: [ see FIGS1-3 and corresponding text for more details, PW (password), TAN (one-off password), TANSE (session-specific one-off password), ¶¶ 19-20, shared secret (e.g. Triple Data Encryption Standard (3DES) or Advanced Encryption Standard (AES)].
However, Fries does not explicitly disclose the limitation and Ikumi discloses  [¶117, the certificate output unit 111 of the certification authority server 110 receives the certificate request, detects the public device key 492 and device information 292 from the certificate request, and generates a digital signature (also referred to below as a certification authority signature) from the certification authority server 110 using the public device key 492, the device information server 292 and the secret certificate authority key], and [¶83, For example, the device storage unit stores 490 a device ID 491 , the public device key 492 , the secret device key 493 and the device certificate 494 , The device storage unit 490 also stores the digital certificate of the communication partner, which contains the public key of the communication partner].
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teaching of Fries with the teaching of Ikumi in order to enable a secure installing of a digital certificate on a combination device [ Ikumi, ¶11].
Regarding claim 2,  Fries does not explicitly disclose, however, Ikumi discloses  further comprising calculating as verification datum, a first license key with a cryptographic license algorithm in dependence on the field device identifier and in dependence on a secret key [¶117, the certificate output unit 111 of the certification authority server 110 receives the certificate request, detects the public device key 492 and device information 292 from the certificate request, and generates a digital signature (also referred to below as a certification authority signature) from the certification authority server 110 using the public device key 492, the device information server 292 and the secret certificate authority key], and [¶83, For example, the device storage unit stores 490 a device ID 491 , the public device key 492 , the secret device key 493 and the device certificate 494 , The device storage unit 490 also stores the digital certificate of the communication partner, which contains the public key of the communication partner].
Regarding claim 3, fires discloses   further comprising the cryptographic 5license algorithm  to carry out the calculation of a hash value from the field device identifier and the secret key[¶20, The shared secret may be a one-way function such as, for instance, a hash function (SHA-1, SHA-256 etc.) or a keyed hash function, also known as a message authentication code (MAC) (HMAC-SHA-1, HMAC-SHA-256, etc.)], and [ ¶¶55-57, The calculation that incorporates the shared secret G can be a one-way function such as, for instance a hash function (SHA-1, SHA-256 etc.) or a keyed hash function, also known as a message authentication code (MAC) (HMAC-SHA-1, HMAC-SHA-256, etc.)… for instance, by using a secret G shared by the server S and the field device FG, a first one-off password TAN1 and a second one-off password TAN2 are generated as the respective hash values. If the hash value generated on the server S does not match the hash value generated on the field device FG, it is indicating that the data (e.g., date D) communicated to the server S or the field device is incorrect or has been tampered with].
Regarding claim 4, Regarding claim 2, fries does not explicitly disclose, however, Ikumi discloses further comprising storing the secret key is stored on the operating device
[¶117, the certificate output unit 111 of the certification authority server 110 receives the certificate request, detects the public device key 492 and device information 292 from the certificate request, and generates a digital signature (also referred to below as a certification authority signature) from the certification authority server 110 using the public device key 492, the device information server 292 and the secret certificate authority key], and [¶83, For example, the device storage unit stores 490 a device ID 491 , the public device key 492 , the secret device key 493 and the device certificate 494 , The device storage unit 490 also stores the digital certificate of the communication partner, which contains the public key of the communication partner].
Regarding claim 5,  the combination of Fries and Ikumi disclose calculating  a second license key in the cryptographic comparison step with the cryptographic license algorithm  in dependence on the field device identifier obtained from the field device  and in dependence on 15the secret key stored on the operating device, and to prove whether the verification datum depends, in an unambiguous manner, on the field device identifier, checking  whether the first license key matches the second license key. 
Fries discloses: [¶11, the portable communications device acquires first information for identifying the field device. The portable communications device sends to a system the first information and sends second information for identifying the portable communications device or the user thereof. The system determines a first piece of access information on the basis of the first information and the second information, and sends the first access information to the portable communications device. The portable communications device transmits the second information and the first piece of access information to the field device. The field device determines a second piece of access information on the basis of the second information, and compares the first piece of access information with the second piece of access information. If the first piece of access information and the second piece of access information match, access to the field device is allowed], and [¶12, In the present patent application, the first information and second information are understood to mean identifying information such as, for example, serial numbers of a field device or role information of a user. This information hence identifies the elements of a system that communicate with one another. For example, field devices of an automation system can communicate amongst one another, with a server, or with portable communications devices such as tablet PCs or smartphones that are used for maintenance purposes], and [¶¶19-20, the system and the field device are provided with a shared secret….], and [¶¶51-55, Abstract, see FIGS, 1-3 and corresponding text for more detail].
And Ikumi discloses: [¶117, the certificate output unit 111 of the certification authority server 110 receives the certificate request, detects the public device key 492 and device information 292 from the certificate request, and generates a digital signature (also referred to below as a certification authority signature) from the certification authority server 110 using the public device key 492, the device information server 292 and the secret certificate authority key], and [¶83, For example, the device storage unit stores 490 a device ID 491 , the public device key 492 , the secret device key 493 and the device certificate 494 , The device storage unit 490 also stores the digital certificate of the communication partner, which contains the public key of the communication partner].
Regarding claim 6, Fries does not explicitly disclose, however, Ikumi discloses   further comprising  carrying out the calculation 20of the second license key on the operating device [¶117, the certificate output unit 111 of the certification authority server 110 receives the certificate request, detects the public device key 492 and device information 292 from the certificate request, and generates a digital signature (also referred to below as a certification authority signature) from the certification authority server 110 using the public device key 492, the device information server 292 and the secret certificate authority key], and [¶83, For example, the device storage unit stores 490 a device ID 491 , the public device key 492 , the secret device key 493 and the device certificate 494 , The device storage unit 490 also stores the digital certificate of the communication partner, which contains the public key of the communication partner].
Regarding claim 7, Fries does not explicitly disclose, however, Ikumi discloses   further comprising a digital certificate as the verification datum, wherein, in a first certificate part, the digital certificate contains a public cryptographic key of the permission provider and the at least one field device identifier of those field devices , for which the operating device has permission to communicate, and wherein, in a second certificate part, the digital certificate includes a digital signature calculated from the first certificate part, wherein the digital signature is calculated with a private cryptographic certificate key 30of an asymmetric cryptographic certificate key pair[¶117, the certificate output unit 111 of the certification authority server 110 receives the certificate request, detects the public device key 492 and device information 292 from the certificate request, and generates a digital signature (also referred to below as a certification authority signature) from the certification authority server 110 using the public device key 492, the device information server 292 and the secret certificate authority key], and [¶83, For example, the device storage unit stores 490 a device ID 491 , the public device key 492 , the secret device key 493 and the device certificate 494 , The device storage unit 490 also stores the digital certificate of the communication partner, which contains the public key of the communication partner].
Regarding claim 8,  Fries does not explicitly disclose, however, Ikumi discloses wherein the digital certificate is generated manufacturer of the operating device  and by the manufacturer of- 14 - a communication software for execution on the operating device  for communication with the field device [¶117, the certificate output unit 111 of the certification authority server 110 receives the certificate request, detects the public device key 492 and device information 292 from the certificate request, and generates a digital signature (also referred to below as a certification authority signature) from the certification authority server 110 using the public device key 492, the device information server 292 and the secret certificate authority key], and [¶83, For example, the device storage unit stores 490 a device ID 491 , the public device key 492 , the secret device key 493 and the device certificate 494 , The device storage unit 490 also stores the digital certificate of the communication partner, which contains the public key of the communication partner].
Regarding claim 9, the combination of Fries and Ikumi disclose further comprising  determining the at least one field device identifier contained in the digital certificate 5 in the cryptographic comparison step  on the operating device, comparing at least one determined field device identifier with the at least one field device identifier , and, in the case of matching field device identifiers, providing proof that the verification datum unambiguously depends on the field 10device identifier, since the relevant field device identifier, at least one of which is obtained from the operating device , is contained in the verification datum .Fries  discloses :[¶11, the portable communications device acquires first information for identifying the field device. The portable communications device sends to a system the first information and sends second information for identifying the portable communications device or the user thereof. The system determines a first piece of access information on the basis of the first information and the second information, and sends the first access information to the portable communications device. The portable communications device transmits the second information and the first piece of access information to the field device. The field device determines a second piece of access information on the basis of the second information, and compares the first piece of access information with the second piece of access information. If the first piece of access information and the second piece of access information match, access to the field device is allowed], and [¶12, In the present patent application, the first information and second information are understood to mean identifying information such as, for example, serial numbers of a field device or role information of a user. This information hence identifies the elements of a system that communicate with one another. For example, field devices of an automation system can communicate amongst one another, with a server, or with portable communications devices such as tablet PCs or smartphones that are used for maintenance purposes], and [¶¶19-20, the system and the field device are provided with a shared secret….], and [¶¶51-55, Abstract, see FIGS, 1-3 and corresponding text for more detail].
And Ikumi discloses: [¶117, the certificate output unit 111 of the certification authority server 110 receives the certificate request, detects the public device key 492 and device information 292 from the certificate request, and generates a digital signature (also referred to below as a certification authority signature) from the certification authority server 110 using the public device key 492, the device information server 292 and the secret certificate authority key], and [¶83, For example, the device storage unit stores 490 a device ID 491 , the public device key 492 , the secret device key 493 and the device certificate 494 , The device storage unit 490 also stores the digital certificate of the communication partner, which contains the public key of the communication partner].
Regarding claim 10, Fries does not explicitly disclose, however, Ikumi discloses further comprising, transmitting the public certificate key of the asymmetric cryptographic certifi15cate key pair to the operating device,  verifying the integrity of the certificate with the public certificate key on the operating device,  wherein, in the event of a negative check result, the method further comprises at least one of excluding communication of the operating device  with the at least one field device  and indication corruption of the certificate [¶12, a device identifier determining unit for determining whether or not the communication device identifier received by the device identifier request unit is the same device identifier as the first device identifier stored in the device identifier storage unit; and
a device certificate transmission unit for transmitting a device certificate, which is a digital
certificate of the first communication device, to the first communication device if it is
determined by the device identification determination unit that the communication device identifier is the same device identifier as the first device identifier].
Regarding claim 11, Fries does not explicitly disclose, however, Ikumi discloses wherein the secret key is stored in the compiled communication software on the operating device 
[¶117, the certificate output unit 111 of the certification authority server 110 receives the certificate request, detects the public device key 492 and device information 292 from the certificate request, and generates a digital signature (also referred to below as a certification authority signature) from the certification authority server 110 using the public device key 492, the device information server 292 and the secret certificate authority key], and [¶83, For example, the device storage unit stores 490 a device ID 491 , the public device key 492 , the secret device key 493 and the device certificate 494 , The device storage unit 490 also stores the digital certificate of the communication partner, which contains the public key of the communication partner].
Regarding claim 12,  further comprising: determining the at least one field device identifier contained in the digital certificate the cryptographic comparison step on the operating device; comparing at least one determined field device identifier with the at least one field device identifier; and in the case of matching field device identifiers, providing proof that the verification datum unambiguously depends on the field device identifier, since the relevant field device identifier, at least one of which is obtained from the operating device, is contained in the verification datum.
And Ikumi discloses [¶117, the certificate output unit 111 of the certification authority server 110 receives the certificate request, detects the public device key 492 and device information 292 from the certificate request, and generates a digital signature (also referred to below as a certification authority signature) from the certification authority server 110 using the public device key 492, the device information server 292 and the secret certificate authority key], and [¶83, For example, the device storage unit stores 490 a device ID 491 , the public device key 492 , the secret device key 493 and the device certificate 494 , The device storage unit 490 also stores the digital certificate of the communication partner, which contains the public key of the communication partner], and [¶12, a device identifier determining unit for determining whether or not the communication device identifier received by the device identifier request unit is the same device identifier as the first device identifier stored in the device identifier storage unit; and a device certificate transmission unit for transmitting a device certificate, which is a digital certificate of the first communication device, to the first communication device if it is determined by the device identification determination unit that the communication device identifier is the same device identifier as the first device identifier].
Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. 
Haase (US2018/0288039)[ The disclosure relates to a method for operating a field device of automation technology, comprising: establishing a wireless and/or wired communications link between the field device and an operating unit; establishing a communications link between an authentication card and the field device, using the operating unit, wherein at least the field device and the authentication card contain symmetric or asymmetric key information; and carrying out an at least unilateral authentication of the authentication card on the field device, as well as an operating unit for carrying out the method according to the invention].
JP 2018121328 A [this system utilizes the following features. A secret (key) associated with the device identifier.  Certificates created by the factory are not sent to an external server, but are stored on the device and protected by a key].
WO 2020091789 A1[obtaining an owner identifier corresponding with an owner of the device; cryptographically signing a combination of the device identifier and the owner identifier based on a manufacturer secret key corresponding to the public key provisioned to the device to generate the proof-of-ownership certificate; and providing the proof-of-ownership certificate to the device and/or the owner of the device].
YOU(US2005/0086504) [0027] Further, the certificate generated in the certificate generating unit preferably, but not necessarily, includes a result value of a cryptographically strong one-way function with the generated secret information, the public key and the device identifier as input values, which may be a result value of a hash function, a result value of a message authentication code (MAC) function with the generated secret information as a key value and with the public key as an input, or a result value derived from encryption of the public key and the device identifier with the generated secret information as a key value].
JP2017050849[ The processing unit is configured to obtain a session identifier, wherein generating one or more keys includes generating an auditory device key based on the auditory device identifier and the client device key; The client device of item 1, comprising generating a common secret based on a device key and the session identifier. Generating one or more keys including a certificate key based on the auditory device identifier and the client device key].
JP 2005535040 A[Assigning a unique identifier and a unique public key to the personal identification device; Maintaining a database of the unique identifier and the unique public key; Distributing a public key to the personal identification device; Creating an asymmetric key pair including a secret device key and a public device key in the personal identification device; Transmitting from the device the public key of the asymmetric key pair and the unique device identifier; Creating a first digital certificate including the secret device key and the unique identifier; Securely distributing the first digital certificate to the personal identification device; Storing the public device key and the unique identifier in the database].
JP 2013502156 A[ The collection of modules 400 includes one or more modules 404, 406 and 408. The module 404 is a module that receives a certificate including a secret key and one of a device identifier and a user identifier from a certificate authority. The module 406 is a module that internally generates a certificate including a secret key and one of a device identifier and a user identifier. The module 408 is a module for extracting the certificate included in the memory by the manufacturer of the first communication device from the memory included in the first communication device. One of the device identifier and the user identifier].
JP 2019521414 A [ Specifically, in step S313, the generation module 370 generates a credential according to the user device identifier and the user identifier. Specifically, after obtaining the user device identifier and the user identifier, the generation module 370 uses the user device identifier and the user identifier to generate a secret key certificate, ie, a secret key stored in the user device 10 and the server 30. Generate a certificate. After obtaining the credential, the credential first needs to be stored and backed up on the server 30 for decryption, and then the credential (see next step Needs to be sent to the user device through the on-board terminal. At this point, step S313 is completed].
CN 1604552 A[ FIG. 11 shows according to a second embodiment of the present invention is represented in FIG. 10 processing after execution of the device authentication processing. First, the control point 190 informs the master device through SOAP 110 device authentication processing is started (S711). In this processing, the main device as the CD operation. Then, the master device 110 (as a CP operation) using SOAP the SIB is directly transmitted to the remaining control device 120 to 160 (S712). Then, the remaining control device 120 to 160 using the received SIB extracts a secret value, and using a secret value and their own device ID and public key to create a certificate (S713)].
Isozaki (US2014/0052993) [¶234] The usage certificate distribution server 6 uses the usage certificate generator 79 to acquire, from the information-output-device information storing unit 72, the secret key corresponding to the unique ID of the information output device 2 included in the usage certificate request message transmitted from the information operating device 1].

Applicants are encouraged to take advantage of the After Final Consideration Pilot 2.0 (AFCP 2.0) which authorizes non-production time for consideration of responses filed after a final rejection. The purpose of the pilot is to compact prosecution of the case. The request must include 1) A signed AFCP request form (PTO/SB/434 or equivalent) that includes a statement that applicant is requesting consideration under the AFCP; 2) An amendment to at least one independent claim that does not broaden the scope of the independent claim in any aspect; and 3) A statement that applicant is willing and available to participate in any interview initiated by the examiner concerning the present response.  In the limited amount of non-production time if the examiner’s consideration of a proper AFCP 2.0 request and response does not result in a determination that all pending claims are in condition for allowance, the examiner will request an interview with the applicant to discuss the response. For more info, please visit http://www.uspto.gov/patent/initiatives/after-final-consideration-pilot-20
THIS ACTION IS MADE FINAL.  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action.                                                                                                                                                                                      
Any inquiry concerning this communication or earlier communications from the examiner should be directed to SHAHRIAR ZARRINEH whose telephone number is (571)272-1207. The examiner can normally be reached Monday-Friday, 8:30am-5:30pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jorge Ortiz-Criado can be reached on 571-272-7624. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/SHAHRIAR ZARRINEH/Examiner, Art Unit 2496