Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Information Disclosure Statement
The information disclosure statement (IDS) submitted on September 20, 2022 has been considered by the examiner.

Double Patenting
The nonstatutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper timewise extension of the “right to exclude” granted by a patent and to prevent possible harassment by multiple assignees. A nonstatutory double patenting rejection is appropriate where the conflicting claims are not identical, but at least one examined application claim is not patentably distinct from the reference claim(s) because the examined application claim is either anticipated by, or would have been obvious over, the reference claim(s). See, e.g., In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969).
A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) or 1.321(d) may be used to overcome an actual or provisional rejection based on nonstatutory double patenting provided the reference application or patent either is shown to be commonly owned with the examined application, or claims an invention made as a result of activities undertaken within the scope of a joint research agreement. See MPEP § 717.02 for applications subject to examination under the first inventor to file provisions of the AIA  as explained in MPEP § 2159. See MPEP § 2146 et seq. for applications not subject to examination under the first inventor to file provisions of the AIA . A terminal disclaimer must be signed in compliance with 37 CFR 1.321(b). 
The USPTO Internet website contains terminal disclaimer forms which may be used. Please visit www.uspto.gov/patent/patents-forms. The filing date of the application in which the form is filed determines what form (e.g., PTO/SB/25, PTO/SB/26, PTO/AIA /25, or PTO/AIA /26) should be used. A web-based eTerminal Disclaimer may be filled out completely online using web-screens. An eTerminal Disclaimer that meets all requirements is auto-processed and approved immediately upon submission. For more information about eTerminal Disclaimers, refer to www.uspto.gov/patents/process/file/efs/guidance/eTD-info-I.jsp.
Claims 30-37 are ejected on the ground of nonstatutory double patenting as being unpatentable over claims 18-22 of U.S. Patent No. 11,115,193. Although the claims at issue are not identical, they are not patentably distinct from each other because limitation features of claims 30-37 are generic to corresponding limitations of claims 18-22 respectively, as indicated in mapping below table.

Current Application No.: 17,463,453
US Pat. No.: 11115193
30. A method for key management of computing devices, the method comprising: authenticating, by a computing device, with an authority center server via an offline communication channel; receiving, by the computing device, a group member private key as a function of the authentication with the authority center server; authenticating, by the computing device, with a group management server via a secure online communication channel using the group member private key; receiving, by the computing device, a group shared key as a function of the authentication with the group management server; encrypting, by the computing device, secret data with the group shared key; and transmitting, by the computing device, the encrypted secret data to the group management server.
18. A method for key management of internet-of-things (IoT) devices, the method comprising: authenticating, by an IoT device, with an authority center server via an offline communication channel; receiving, by the IoT device, a group member private key as a function of the authentication with the authority center server; authenticating, by the IoT device, with a group management server via a secure online communication channel using the group member private key; receiving, by the IoT device, a group shared key as a function of the authentication with the group management server; encrypting, by the IoT device, secret data with the group shared key; and transmitting, by the IoT device, the encrypted secret data to the group management server.
31. The method of claim 10, wherein authenticating with the authority center server comprises (i) establishing the offline communication channel using a key management protocol and (ii) transmitting an authentication request to the authority center server via the offline communication channel, wherein the authentication request is usable to determine that the computing device is requesting to be assigned the group member private key.
19. The method of claim 18, wherein authenticating with the authority center server comprises (i) establishing the offline communication channel using a key management protocol and (ii) transmitting an authentication request to the authority center server via the offline communication channel, wherein the authentication request is usable to determine that the IoT device is requesting to be assigned the group member private key.
32. The method of claim 10, wherein authenticating with the group management server comprises (i) generating a credential as a function of the group member private key and (ii) transmitting the generated credential to the group manager server, wherein the generated credential is usable to attest the computing device to the group manager server using a corresponding group public key.
20. The method of claim 18, wherein authenticating with the group management server comprises (i) generating a credential as a function of the group member private key and (ii) transmitting the generated credential to the group manager server, wherein the generated credential is usable to attest the IoT device to the group manager server using a corresponding group public key.
33. The method of claim 12, wherein the credential comprises an authentication signature generated using the group member private key.
34. The method of claim 12, wherein authenticating with the group management server further comprises negotiating a shared secret with the group manager server, wherein the shared secret is usable to derive an individual key, and wherein receiving the group shared key comprises to receive the group shared key encrypted by the group manager server using the individual key.
21. The method of claim 20, wherein the credential comprises an authentication signature generated using the group member private key, wherein authenticating with the group management server further comprises negotiating a shared secret with the group manager server, and wherein the shared secret is usable to derive an individual key.
35. The method of claim 14, further comprising: authenticating, by the computing device, the IoT computing device to the group manager server using the individual key; transmitting, by the computing device and subsequent to having successfully authenticated with the group manager server, a request to the group manager server requesting to communicate peer-to-peer with another computing device of a group to which the computing device corresponds and is managed by the group manager server; and receiving, by the computing device, a peer shared key assigned by the group manager server to the computing device and the other computing device.
22. The method of claim 21, further comprising: authenticating, by the IoT device, the IoT device to the group manager server using the individual key; transmitting, by the IoT device and subsequent to having successfully authenticated with the group manager server, a request to the group manager server requesting to communicate peer-to-peer with another IoT device of a group to which the IoT device corresponds and is managed by the group manager server; and receiving, by the IoT device, a peer shared key assigned by the group manager server to the IoT device and the other IoT device.



Reason for allowance
Claims 21-29 and 38-46 are allowed.  Claims 30-37 would be allowable over prior arts of record provided that the above rejection has been overcome. The following is a statement of reasons for the indication of allowable subject matter: After consideration of the applicant’s correspondence filed on December 24, 2021, through examination of the claims with application, the pertinent prior arts of record cited in PTO-892, either taken alone or in combination neither anticipates nor renders obvious the claimed subject matter of the instant application taken as a whole.
The current application discusses issues in Internet-of-Things (IoT) connected edge devices which are may be small devices with low power consumption and thus typically include relatively low processing power or other computing resources. The resources necessary to perform reliable security operations (e.g., public key infrastructure (PKI)) tend to be limited. Additionally, key management is problematic, which has resulted in various key exchange protocols (e.g., Fluffy) for resource constrained environments (e.g., IoT networks, fog networks, etc.). However, such present key exchange protocols assume asymmetric authentication, attestation, and key wrapping algorithms, which are constrained by high computation costs that are often multiplied across multiple certificates in a certificate chain. Further, each IoT connected edge device should undergo mutual attestation and device/user authentication, which existing technologies struggle to meet in IoT networks at scale (e.g., due to the high latency of present attestation protocols typically involving a 3.sup.rd party broker).
The claimed invention is directed to provide a solution to alleviate the above problems. The claims present a group management server configured to manage authorization (e.g., as an enhanced privacy identifier (EPID) authority) of IoT devices during offline authentication phase. The group member authorization manager includes a group member join authenticator, which is configured to generate (i.e., as a function of the group issuing private keys generated by a group issuing private key manager) and assign corresponding group member private keys to requesting loT devices. The IoT device establishes a secure offline communication channel with authority center server. The authority center server is an offline trusted environment maintained by an owner or manager of the IoT devices being authenticated. The IoT device transmits an authentication request to the authority center server via the established secure offline communication channel, such that, upon receipt, the authority center server can assign a group member private key to the IoT device offline. The group member private key, the IoT device may then generate a credential usable to negotiate and setup a secure channel online with a group manager. As such, the need for a pre-shared secret can be avoided, which can provide more flexibility in headless environments and potentially prevent a malicious device that is unauthenticated from joining an online group to retrieve secret data of the authenticated IoT devices. The loT device authenticates itself with the authority center server during an offline (i.e., isolated from network access) authentication phase in which the authority center server assigns a group member private key to the loT device.  Subsequent to having received the group member private key, the IoT device verifies itself (i.e., using a signature generated to attest the IoT device using the received group member private key) with the group manager server and receives a group shared key, which is a symmetric key, via a secure communication channel established between the IoT device and the group manager server. As such, the IoT device may communicate with other IoT devices of the group to which the IoT device corresponds as a function of the group shared key. 

The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. See the notice of reference cited in form PTO-892 for additional prior art.
Takao (US 20040131187) provides a communication method which allows information to be searched without necessitating a server operation even when information is to be shared in a group, and allowing authentication to be always performed between arbitrary members to confirm if such members are members of the group. In Takao, a terminal apparatus communicates with another terminal apparatus on a network, the terminal apparatus possessing a public key of a group formed on the network, inquires about whether or not said another terminal apparatus is a terminal apparatus of an authorized member of the group; receive predetermined encrypted information from said another terminal apparatus in response to the inquiry information sent by the inquiry information sending unit; decrypting the received encrypted information using the group public key; determine whether said another terminal apparatus is a terminal apparatus of an authorized member of the group.
Muhanna (US 201700788750) discusses how to ensure secure communications between an IoT device (e.g., sensor) and an access point. Each time that the IoT device “wakes up” to transmit data to the access point, a new set of security keys is generated. Once the IoT device is finished transmitting data to the access point, the IoT device and the access point discard their security keys. As such, each time the IoT device wakes up and intends to transmit data, a new set of security keys needs to be established. This process of establishing a new set of security keys each time the IoT device wakes up consumes a large number of resources on the IoT device and may undesirably deplete the battery of the IoT device. The process of establishing a new set of security keys each time the IoT device wakes up also consumes a large number of resources on the access point, especially if the access point is serving a large number of the IoT devices. To resolve these and other problems, Muhanna, disclosed embodiments comprise a trust model where IoT devices are organized into groups and security keys are maintained instead of being discarded after each transmission. Because the security keys are maintained, an “always on” connection exists between the IoT devices in the group and the access point. Because the connection is “always on,” each time an IoT device “wakes up” the IoT device is able to transmit without new security keys having to be established. As such, the load/overhead on the access point is reduced.
Holmes (US 20180176298) introduces techniques for facilitating communication between a central processing system and one or more computing devices. The central processing system can intelligently communicate with at least some of the computing devices. The central processing system can also simultaneously or sequentially utilize sensor data generated by multiple computing devices that are known to be associated with one another.  Some or all of the multiple computing devices can be connected to one another via an offline communication channel. Each computing device is connected to all other computing devices within the communication network, thereby forming a fault-tolerant mesh communication network. The mesh communication network may utilize peer-to-peer frequency-hopping techniques, which are particularly valuable when using inconsistent communication channels. If multiple computing devices are known to be in the same general geographical location, then the central processing system may only require that one computing device upload geographical metadata for analysis. If the computing device experiences any issues that prevent the geographical metadata from being uploaded, then the central processing system can automatically prompt another computing device to temporarily or permanently assume the role of leader.

Contact Information
Any inquiry concerning this communication or earlier communications from the examiner should be directed to TECHANE GERGISO whose telephone number is (571)272-3784. The examiner can normally be reached 9:30am to 6:30pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, JUNG W KIM can be reached on 5712723804. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/TECHANE GERGISO/Primary Examiner, Art Unit 2494