DETAILED ACTION
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection.  Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114.  Applicant's submission filed on 11/08/2022 has been entered.
 
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Response to Arguments
Applicant’s arguments with respect to at least claims 1, 17 and 20 have been considered but are moot in view of the new interpretation of the reference.

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1-2, 4-12 and 16-21 are rejected under 35 U.S.C. 103 as being unpatentable over Herwono et al. (US 2009/0287922 A1-hereinafter Herwono) and in view of Kravitz et al. (US 2017/0279620 A1-hereinafter Kravitz.)
Regarding claim 1, Herwono discloses a method comprising: 
establishing a communication connection of a first device with a trusted device (at least [0005][0029]-[0030][0047], a communication connection is established between a WiFi client and an authentication server (trusted device)); 
generating, by the first device, a first communication key (at least [0005]; figure 9, steps 1-5, [0047]; figure 11, [0054], i.e: K_A is generated by the WiFi client);
providing the first communication key to a second device via the trusted device (at least [0005][0047][0054], K_A is provided to WiFi router via the authentication server in message E_KB(K_ABISRES_B)); and 
performing encrypted communication between the device and the second device based on the first communication key (at least [0049]-[0050][0054]-[0055], communication between the WiFi client & the WiFi router is encrypted using K_AB/PMK which is based on at least the K_A.)
	Herwono does not explicitly disclose the first and second devices are Internet of Things Devices.
	However, Kravitz discloses a first and second devices being Internet of Things devices (at least abstract, first and second IoT devices.)

Regarding claim 2, Herwono discloses the method according to claim 1. Herwono also discloses acquiring a first key generation parameter respectively from at the trusted device (Herwono-at least [0043][0054], i.e.: AT_RAND_A and AT_MAC_RAND_A are received from authentication server (trusted device); Kravitz-abstract); and 
generating, according to the acquired first key generation parameter, the first communication key (Herwono-at least [0047][0054], K_A is generated.)

Regarding claim 4, Herwono and Kravitz disclose the method according to claim 1. 
Kravitz also discloses a list of trusted authentication identifiers is stored in a first Internet of Things device (at least [0032]-[0033][0044], public key certificates of other devices and/or groups that IoT device is to trust is stored); and 
acquiring a trusted authentication identifier provided by a second Internet of Things device (at least figure 9, [0008][0040][0044][0066]-[0067], i.e.: at least digital token from a second IoT is acquired); and 
determining that the trusted authentication identifier is present in the list of trusted authentication identifiers (at least figure 9, [0008][0040][0044][0066]-[0067], i.e.: at least digital token from a second IoT is authenticated as being one of trusted authentication identifiers).
As such, it would have been obvious to one of ordinary skilled in the art before the effective filing date of the claimed invention to modify the method of Herwono to include the features discloses by Kravitz ensure the second IoT is a trusted device before starting communications to enhance the security level of the method.

Regarding claim 5, Herwono and Kravitz disclose the method according to claim 1. Herwono and Kravitz also disclose the performing, on the basis of the first communication key, encrypted communication with the second Internet of Things device comprises: 
encrypting communication data of the first Internet of Things device using the first communication key and sending the encrypted communication data of the first Internet of Things device to the second Internet of Things device (Herwono-at least [0049][0054]-[0055], communication data of WiFi client is encrypted and sent to WiFi server/router using the K_AB which includes at least the K_A; Kravitz-abstract, first and second IoT devices.)

Regarding claim 6, Herwono and Kravitz disclose the method according to claim 1. Herwono also discloses the establishing the communication connection of the first Internet of Things device with the trusted device comprises: 
acquiring verification information from the trusted device (at least figure 9, steps 4-5, [0032]-[0034][0047], i.e.: RANDa/AT_RAND_A & AT_MAC_RAND_A is received from the authentication server); and 
completing trust verification with the trusted device according to the verification information (at least [0032]-[0034], the authentication server is verified according to the RANDa/AT_RAND_A or AT_MAC_RAND_A.)

Regarding claim 7, Herwono and Kravitz disclose the method according to claim 6. Kravitz also discloses verification information comprises a digital certificate (at least [0010][0032]-[0033], digital certificate); and
completing trust verification with the trusted device according to the verification information comprises determining, according to a preset root certificate, that the digital certificate passes verification ([0047]-[0049], the digital certificate is verified using the security ecosystem private key.)

Regarding claim 8, Herwono and Kravitz disclose the method according to claim 6. Kravitz also discloses acquiring a digital signature from the trusted device (at least [0010][0032]-[0033][0047], digital certificate is signed with security ecosystem’s private key); and 
determining, according to the digital signature, integrity of the verification information (at least [0047]-[0049], security ecosystem is able to successfully verify the digital certificate.)

Regarding claim 9, Herwono and Kravitz disclose the method according to claim 6.
Herwono and Kravitz do not explicitly disclose the verification information is encrypted using a cloud private key; and before the completing trust verification with the trusted device according to the verification information, the method further comprises decrypting the verification information according to a cloud public key corresponding to the cloud private key.
However, it would have been obvious to one of ordinary skilled in the art before the effective filing date of the claimed invention to add another layer of encryption/decryption to the verification information of Herwono and Kravitz to further enhance the security level of the method.

Regarding claim 10, Herwono and Kravitz disclose the method according to claim 1. Herwono also inherently discloses acquiring a second communication key to perform encrypted communication with the trusted device (at least [0047]-[0048][0054], a second session key is acquired to perform encrypted communication with the authentication server).

Regarding claim 11, Herwono and Kravitz disclose the method according to claim 10. Herwono and Kravitz also inherently disclose the second communication key is generated by the first Internet of Things device (Herwono-at least [0043]-[0044][0054], the key K_A is generated by the WiFi client); Kravitz-abstract); and 
the acquiring the second communication key comprises: 
respectively acquiring a second key generation parameter from at least one of the trusted device and the first Internet of Things device (Herwono-at least [0043][0054], i.e.: a second RANDa is received from authentication server (trusted device); Kravitz-abstract); and 
generating the second communication key according to the acquired second key generation parameter (Herwono-at least [0043][0054], the second key (K_A or K_AB is generated).)

Regarding claim 12, Herwono and Kravitz disclose the method according to claim 10. Herwono also inherently discloses the second communication key is generated by the trusted device (Herwono-at least [0030][0043], a second key is generated by the authentication server (trusted device); Kravitz-abstract); and 
the acquiring the second communication key comprises acquiring the second communication key from the trusted device (Herwono-at least [0030][0043], a second key is received/acquired from the authentication server (trusted device); Kravitz-abstract.)

Regarding claim 16, Herwono and Kravitz disclose the method according to claim 1. Herwono and Kravitz also disclose at least one of the first Internet of Things device and the second Internet of Things device is in a state disconnected from a cloud (Herwono-at least figure 1, [0029], i.e.: client device is not connected/ disconnected to the internet; Kravitz-abstract.)

Regarding claim 17, Herwono discloses one or more memories storing thereon computer-readable instructions that, when executed by one or more processors, cause the one or more processors to perform acts comprising: 
respectively establishing communication connections of a trusted device with a first device and with a second device (at least figure 9, step 6, [0047], communication connections between client device, wireless server and authentication server is established); and 
receiving a first communication key from the first device providing the first communication key the second device, such that the first Internet of Things device and the second Internet of Things device may perform encrypted communication on the basis of the first communication key (at least figure 9, steps 6-10, [0047]-[0049], AT_MAC_SRES_A is received from WiFi client, AT_MAC_SRES_A is provided to WiFi router, and the communication between the WiFi client and the WiFi router is encrypted on at least the basis of the AT_MAC_SRES_A.)
Herwono does not explicitly disclose the first and second devices are Internet of Things devices.
	However, Kravitz discloses a first and second devices being Internet of Things devices (at least abstract, first and second IoT devices.)
	Therefore, it would have been obvious to one of ordinary skilled in the art before the effective filing date of the claimed invention to include the IoT devices of Kravitz to allow the method to be carried out using different types of devices.

Regarding claim 18, Herwono and Kravitz disclose the one or more memories according to claim 17.  Herwono and Kravitz also disclose the respectively establishing communication connections of the trusted device with the first Internet of Things device and with the second Internet of Things device comprises: 
respectively providing verification information to the first Internet of Things device and the second Internet of Things device, to enable the first Internet of Things device and the second Internet of Things device to respectively complete trust verification with the trusted device (Herwono-at least [0032]-[0037], RANDa & RANDb were provided  to the client device and the wireless server; Kravitz-at least abstract.)

Regarding claim 19, Herwono and Kravitz disclose the one or more memories according to claim 18. Kravitz also discloses respectively providing a digital signature to the first Internet of Things device and the second Internet of Things device, to enable the first Internet of Things device and the second Internet of Things device to verify integrity of the verification information ([0047]-[0048], digital certificate is signed and verified.)

Claim 20 is rejected for the same rationale as claim 1 above. In addition, Herwono and Kravitz also disclose the first Internet of Things device and the second Internet of Things device are in a state disconnected from a cloud (Herwono-at least figures 1 & 13; [0043][0049], the client device and the wireless server/router are communicated via a private network, thus disconnected from the Internet/cloud; Kravitz-at least abstract, IOT devices.)

Regarding claim 21, Herwono and Kravitz disclose the apparatus according to claim 20.  Herwono also discloses wherein generating the first communication key comprises:
receiving a first number from the trusted device (at least [0032], RANDa is received from the authentication server;)
locally generating a second number (at least figure 6, step 6, [0045], i.e.: secret key;)
	generating the first communication key based on the first number and the second number (at least figure 6, step 6, wherein concatenating the RANDa with secret key to generate a session key, i.e.: K_A,) a bit length of the first communication key being a sum of respective bit lengths of the first number and the second number (at least figure 6, step 6, it is inherent that the bit length of the session key being a sum of respective lengths of the RANDa & the secret key.)

Claims 13-15 are rejected under 35 U.S.C. 103 as being unpatentable over Herwono, Kravitz and further in view of Cromer et al. (US Patent 6,263,441 B1-hereinafter Cromer.)
Regarding claim 13, Herwono and Kravitz disclose the method according to claim 1.  
Herwono and Kravitz do not explicitly disclose acquiring a subscription request of a monitoring device for a property change event of the first Internet of Things device; and detecting the property change event, and notifying the monitoring device.
	However, Cromer discloses a remote network server that requests to be alerted when changes in a device is detected (at least abstract, column 1, lines 6-10, column 2, lines 41-44, an alert is generated and sent to a remote network server in the event of a change in a computer’s configuration.) 
Therefore, it would have been obvious to one of ordinary skilled in the art before the effective filing date of the claimed invention to include the teaching of Cromer into the method of Herwono and Kravitz to ensure devices that are used in carrying out the method are properly equipped. 

Regarding claim 14, Herwono, Kravitz and Cromer disclose the method according to claim 13. Cromer also obviously discloses before the acquiring the subscription request of the monitoring device for the property change event of the first Internet of Things device, the method further comprises: 
providing property-related information to the monitoring device (column 3, lines 44-52; at least column 5, lines 21-30, previous state/components of device is/are communicated to remote server.)

Regarding claim 15, Herwono, Kravitz and Cromer disclose the method according to claim 13. Cromer also discloses before the detecting the property change event, the method further comprises: detecting initial data of a property of the first Internet of Things device, and providing the data to the monitoring device (column 3, lines 44-52; at least column 5, lines 21-30, previous state/components of device is/are communicated to remote server.)

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to PHY ANH TRAN VU whose telephone number is (571)270-7317. The examiner can normally be reached Monday-Friday 7 am-1 pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Taghi T Arani can be reached on (571) 272-3787. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/PHY ANH T VU/Primary Examiner, Art Unit 2438