DETAILED ACTION

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Claim 1, 4, 7, were amended, claim 14 was cancelled. Claims 1-13,15-20 are pending. 
Information Disclosure Statement
The information disclosure statement (IDS) submitted on 10/10/22.  The submission is in compliance with the provisions of 37 CFR 1.97.  Accordingly, the information disclosure statement is being considered by the examiner.

Response to Arguments
Applicant's arguments filed 10/10/22 have been fully considered but they are not persuasive. On page 6 the applicant argued that Tian does not disclose or suggest "setting the gateway to an installation mode." Examiner respectfully disagrees. Tian page 2 clearly stated that gateway verify the sensor ID during activation, when gateway in activating the sensor, suggest the gateway is installation mode as gateway installing/activating the sensors. Further Examiner introduced Seo, which teaches literary that gateway in installation mode. 

On page 7 the applicant further argued that Tian does not disclose or suggest the limitation "setting the gateway to an installation mode." The paragraph itself does not mention an "installation mode." Further, the Office has simply reproduced the text of the paragraph and does not provide any explanation as to how this paragraph from Tian discloses "setting the gateway to an installation mode." The translation does say "the reference sensor description information records each installed on the terminal." Emphasis added. This sentence does not describe an installation mode of the gateway, but instead seems to refer to each sensor installed on the terminal. Examiner respectfully disagrees. When sensors are activated through the gateway suggest the gateway already in installation mode.

Applicant’s arguments with respect to claim(s) 4, 7 have been considered but are moot because the new ground of rejection does not rely on any reference applied in the prior rejection of record for any teaching or matter specifically challenged in the argument.

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1, 10, 14 are rejected under 35 U.S.C. 103 as being unpatentable over Tian(WO 2019134565 A1) in view of Seo et al(KR 100899614 B1).

With regards to claim 1, Tian discloses, A method for authenticating an IoT device comprising: 
establishing communication between a sensor and a gateway (page 2 ; The authentication gateway receives the registration information sent by the terminal, where the registration information carries at least the serial number of the terminal, the signature information, and the sensor information to be activated); 
setting the gateway to an installation mode (Page 3; Optionally, the authentication gateway verifies the to-be-activated sensor information based on the registration reference information, including: Determining, by the authentication gateway, the sensor ID of each sensor that the terminal requests to activate and the number of implementations to be activated based on the to-be-activated sensor information; The authentication gateway compares the to-be-activated sensor information with the reference sensor description information recorded in the registration reference information to obtain a comparison result, wherein the reference sensor description information records each installed on the terminal Sensor ID and maximum number of instances of the sensor; Note: activating sensor suggest the gate in installation mode ).

verifying a sensor ID on the gateway (page 2 ; The authentication gateway obtains registration reference information pre-stored corresponding to the serial number, and performs verification on the signature information and the sensor information to be activated based on the registration reference information to obtain a verification result;); 
generating an authentication token on the gateway (page 8; Further, the authentication gateway generates a new token and sends it to the terminal.); and 
receiving the authentication token by the sensor (page 8; Further, the authentication gateway generates a new token and sends it to the terminal.). 
Tian does not exclusively but Seo teaches, setting the gateway to an installation mode (Page 5: The coordinator, the gateway and the router and the plurality of end devices are installed in an arbitrary place, and the command of driving the coordinator and the gateway in the installation mode is followed by the color of the LEDs displayed by the plurality of end devices). It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention was made to modify Tian method  with teaching of Seo in order to find the optimum installation location of each device while varying the installation location of the devices according to the operation (Seo Background)

With regards to claim 10, Tian further discloses, installing the sensor on a sensor network (Tian page 1; With the development of technology, the Internet of Things (IoT) has been widely used. The Internet of Things, also known as the sensor network, is an extension of the Internet from person to object, and security issues are undoubtedly a critical and critical link in the use of the Internet of Things. page 2; The authentication gateway receives the registration information sent by the terminal, where the registration information carries at least the serial number of the terminal, the signature information, and the sensor information to be activated.); 
configuring the gateway with the sensor ID of the sensor (Page 2; The authentication gateway receives the registration information sent by the terminal, where the registration information carries at least the serial number of the terminal, the signature information, and the sensor information to be activated.); 
sending the authentication token from the gateway to the sensor; and storing the authentication token on the sensor (page 8; Further, the authentication gateway generates a new token and sends it to the terminal….page 6; The next time the terminal initiates the registration process, the updated token is carried in the registration information and sent to the authentication gateway.).


Claims 2, 11 are rejected under 35 U.S.C. 103 as being unpatentable over Tian(WO 2019134565 A1) in view of Seo et al(KR 100899614 B1) and in view of Walker et al(US 10044696 B2).

With regards to claim 2, 11 Tian in view of Seo do not exclusively but Walker teaches, generating an encryption key seed on the gateway; and receiving the encryption key seed by the sensor (Walker Col 13 line 45-55; A gateway device (e.g., 110a) can be used to configure the attestation device 105, for instance, by communicating a secret, random number generator seed, firmware image, management system identifier or address (for use in directing gateway devices' forwarding of the log data), and/or other data to be stored in memory of and used by the attestation device ).  It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention was made to modify Tian in view of Seo’s method with teaching of Walker in order to secure network by identifying threats, security breaches, and other issues affecting the entities (Walker Col 1line 20-25;)

3.	Claims 3, 12-13 are rejected under 35 U.S.C. 103 as being unpatentable over Tian(WO 2019134565 A1) in view of Seo et al(KR 100899614 B1) and in view of Walker et al(US 10044696 B2) and further in view of Ishii(US 20090122149 A1).

With regards to claim 3, Tian in view of Seo, Walker do not but Ishii teaches, computing an encryption key from the encryption key seed (0084] Additional examples of a feature or function that can be controlled or managed by various devices are encryption keys, encryption algorithms or other encryption techniques. For example, in one embodiment, keys or seeds for keys can be maintained uniquely for each device type or device ID. Additionally, different encryption algorithms might be used for different device IDs or device types. To further illustrate, consider an example scenario where the device identifier is used as a seed to generate an encryption key on a user-by-user basis. ). It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention was made to modify Tian in View of Walker’s method with teaching of Ishii in order to secure the content (Ishii[0008]).

With regards to claim 12, 13 Tian in view of Seo,  Walker and  Ishii teaches, computing an encryption key from the encryption key seed; wherein the encryption key seed uses information specific to the sensor ([Ishii 0084] Additional examples of a feature or function that can be controlled or managed by various devices are encryption keys, encryption algorithms or other encryption techniques. For example, in one embodiment, keys or seeds for keys can be maintained uniquely for each device type or device ID. Additionally, different encryption algorithms might be used for different device IDs or device types. To further illustrate, consider an example scenario where the device identifier is used as a seed to generate an encryption key on a user-by-user basis.). Motivation would be same as stated in claim 3.

Claims 4, 6, 15 are rejected under 35 U.S.C. 103 as being unpatentable over Walker et al(US 10044696 B2) in view of  JEONG et al(KR 101776882 B1).

With regards to claim 4, Walker discloses, A method for secure booting of an IoT device comprising:
 powering on the IoT device (Col 6 line 20-25; For instance, if the device is powered down and restarted to complete the installation or provisioning of new or updated firmware); 
computing a hash of firmware on the IoT device (col 14 line 5-20; In the example of FIG. 5, upon authenticating 505 the initiating gateway device 110a, the attestation device can be configured 240, with the gateway device 110a sending a secret S1, an RNG seed, an address (“log_add”), such as an IP address, port number, etc., of the corresponding management system 120, and the firmware image to be used by the attestation device 105. The sensor can store the secret S1 and RNG seed as secret data 240, generate a random number (“rand_no”) from the seed, and generate an initial log message (in accordance with the specified firmware image). In this example, the initial log message can embody the attestation data and equal: Hash[S1, rand_no, log_add, running firmware], where Hash[ ] is a cryptographic hash function); 
sending the hash to a gateway (col 14 line 5-25; The initial log message 515 can be sent through the initializing gateway device 110a to the management system.); 
verifying the IoT device on the gateway (col 14 line 30-40; In another example, the management system 515 can pre-calculate the value that is expected for the initial log message 515 and send this hash value to the initializing gateway device to allow the comparison of the expected hash with the initial log message 515 to be performed at the gateway device 110a itself. If the hashes are identical, the user can be presented (e.g., at the gateway device 110a) with confirmation that the sensor attestation device 105 is ready for deployment. ); 
retrieving a validation key and a signature on the gateway (col 2 line 20-35; Gateway devices (e.g., 110a-b) can be provided that are capable of communicating with the devices 105a-c, for instance, using near field communications (NFC) or other short range wireless communications technologies. The gateway 110a-b can send a signal to a device (e.g., 105a-c) within proximity of the gateway to cause the device to transmit a signal or message to the gateway 110a-b in response. A portion of the data transmitted by the device 105a-c can be signed, encrypted, secured, or generated using a securely-stored secret stored in a segment of memory of the device. Col 7 line 25-35; Gateway devices (e.g., 110a-b) can be provided that are capable of communicating with the devices 105a-c, for instance, using near field communications (NFC) or other short range wireless communications technologies. The gateway 110a-b can send a signal to a device (e.g., 105a-c) within proximity of the gateway to cause the device to transmit a signal or message to the gateway 110a-b in response. A portion of the data transmitted by the device 105a-c can be signed, encrypted, secured, or generated using a securely-stored secret stored in a segment of memory of the device. ); 

Walker does not but JEONG teaches, 
decrypting the signature and deriving an expected hash value on the gateway; and comparing the expected hash value to the hash on the gateway(page 7: The router 350 hashes the whole or a part of the received domain name with the same hashing function used in the IoT device 310. The router 350 decrypts the signature with the second key, and confirms whether the decrypted value and the hash value of the domain name match in advance. The router 350 determines that the verification is successful if the decrypted value and the hash value of the domain name are the same.)  It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention was made to modify Walker’s method with teaching of JEONG in order to provide a service through a very large number of devices connected to the Internet  (JEONG Background).

With regards to claim 6, Walker further discloses, reporting a security event when the expected hash value and the hash do not match (Walker Col 13 line 30-40; the management system inspects the attestation data and concludes (at 470) that does not match what is expected based on the original provisioning of the attestation device at initialization. The management system 120 can log this as an event to indicate that integrity of the attestation device (and any other data received from the attestation device following the event) has been compromised.).

With regards to claim 15,  Walker further discloses, encrypting the hash, authentication token, encryption key seed, and device ID when sending between the sensor and the gateway (Col 7 line 65- col 8 line 10; In some implementations, a management system 120 interacting with attestation devices 105 equipped with sensors 230 and generating log data 245 from the sensor readings can additionally include a log manager 285 and store log data 295 received from the attestation device via a gateway device 110. Log data 295 can be tied to the device data 290 to associate information in the log data with the device data. In some cases, attestation data can be embedded in log data received at the management system 120. Further, the log data can be encrypted using the secret or other logic at the attestation device, such that it is only viewable, in the clear, by the management system. col 14 line 5-20; In the example of FIG. 5, upon authenticating 505 the initiating gateway device 110a, the attestation device can be configured 240, with the gateway device 110a sending a secret S1, an RNG seed, an address (“log_add”), such as an IP address, port number, etc., of the corresponding management system 120, and the firmware image to be used by the attestation device 105. The sensor can store the secret S1 and RNG seed as secret data 240, generate a random number (“rand_no”) from the seed, and generate an initial log message (in accordance with the specified firmware image). In this example, the initial log message can embody the attestation data and equal: Hash[S1, rand_no, log_add, running firmware], where Hash[ ] is a cryptographic hash function).

Claims 5, 16-17 are rejected under 35 U.S.C. 103 as being unpatentable over Walker et al(US 10044696 B2) in view of  JEONG et al(KR 101776882 B1) and further in view of Tian(WO 2019134565 A1).

With regards to claim 5,  Walker further discloses, encryption key seed to the IoT device (Col 14 line 5-30; n the example of FIG. 5, upon authenticating 505 the initiating gateway device 110a, the attestation device can be configured 240, with the gateway device 110a sending a secret S1, an RNG seed, an address (“log_add”), such as an IP address, port number, etc., of the corresponding management system 120, and the firmware image to be used by the attestation device 105. The sensor can store the secret S1 and RNG seed as secret data 240, generate a random number (“rand_no”) from the seed, and generate an initial log message (in accordance with the specified firmware image). In this example, the initial log message can embody the attestation data and equal: Hash[S1, rand_no, log_add, running firmware], where Hash[ ] is a cryptographic hash function. The initial log message 515 can be sent through the initializing gateway device 110a to the management system. The initial log message 515 can additionally include, in some instances, the management system address log_add (e.g., where the attestation device's log data will be eventually stored and managed) and a message identifier (e.g., the number of the message instance in a session). )
Walker in view of JEONG do not but Tian teaches, sending an authentication token (page 8; Further, the authentication gateway generates a new token and sends it to the terminal) It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention was made to modify Walker in view of JEONG’s method with teaching of Tian in order to perform secure access of terminals(TIAN Background).

With regards to claim 16, Walker in view of JEONG and Tian discloses, authenticating the IoT device when the expected hash value and the hash value match, (Walker col 14 line 25-45; The management system 120 can then verify the initial log message 515 and communicate the results of the verification to a user through a user interface of the gateway device 110a or another user computer capable of communicating with the management system 120. In another example, the management system 515 can pre-calculate the value that is expected for the initial log message 515 and send this hash value to the initializing gateway device to allow the comparison of the expected hash with the initial log message 515 to be performed at the gateway device 110a itself. If the hashes are identical, the user can be presented (e.g., at the gateway device 110a) with confirmation that the sensor attestation device 105 is ready for deployment.) and sending a new authentication token to the IoT device (Tian page 8; Further, the authentication gateway generates a new token and sends it to the terminal.). Motivation would be same as stated in claim 5.

With regards to claim 17, Walker in view of JEONG and Tian discloses, sending a device ID to the gateway (Tian page 2 ; The authentication gateway receives the registration information sent by the terminal, where the registration information carries at least the serial number of the terminal, the signature information, and the sensor information to be activated). Motivation would be same as stated in claim 5.

Claims 7- 9, 18-20 are rejected under 35 U.S.C. 103 as being unpatentable over SHIN (EP 2378414 A2) in view of JEONG et al(KR 101776882 B1).

With regards to claim 7, SHIN discloses, A method for performing secure updates on an IoT device comprising: 
downloading new firmware and a firmware signature ([0009] According to an aspect of the present invention for achieving the object, there is provided a method for remotely updating new firmware of an automated banking machine with new firmware, the method comprising: a first step of downloading encrypted new firmware from a host server; a second step of converting encrypted firmware data into real firmware using an XOR table contained in a header of the encrypted firmware; a third step of generating a signature value using the header of the encrypted firmware; a fourth step of comparing the signature value generated in the third step with a signature value stored in the header;); 

SHIN does not but JEONG teaches, 
decrypting the signature with a validation key to derive an expected hash value; calculating a hash value; and comparing the expected hash value to the hash value ( page 7 The specific algorithm may differ depending on the authentication method used in SDNSNA. Based on the digital signature scheme, (1) the IoT device 310 encrypts all or part of the domain name with the first key to generate a signature. The router 350 decrypts the signature with the second key, and confirms whether the decrypted message and the domain name received from the IoT device 310 match. The router 350 determines that the verification is successful if the decrypted message and the domain name are the same. (2) or the IoT device 310 generates a signature by encrypting a value obtained by hashing the whole or a part of the domain name with the first key. The router 350 hashes the whole or a part of the received domain name with the same hashing function used in the IoT device 310. The router 350 decrypts the signature with the second key, and confirms whether the decrypted value and the hash value of the domain name match in advance. The router 350 determines that the verification is successful if the decrypted value and the hash value of the domain name are the same.) It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention was made to modify SHIN’s method with teaching of LI in order to establish a trustworthy decentralized system that does not require trust in each member of the system  (LI[0005]).

With regards to claim 8, SHIN further discloses, updating the IoT device if the expected hash value and hash value match ([00090] if the signature values compared in the fourth step match; a sixth step of comparing the new checksum value (CS.sub.RF) generated in the fifth step with a checksum value (CS.sub.H) stored in the header; and a seventh step of completing verification on the new firmware and updating the automated banking machine with the new firmware, if the checksum values compared in the sixth step match pls see [0026]-[0030]).

With regards to claim 9, SHIN in view of Walker discloses, reporting a security event if the expected hash value and the hash value do not match (Walker Col 13 line 30-40; the management system inspects the attestation data and concludes (at 470) that does not match what is expected based on the original provisioning of the attestation device at initialization. The management system 120 can log this as an event to indicate that integrity of the attestation device (and any other data received from the attestation device following the event) has been compromised.). Motivation would be same as stated in claim 7.


With regards to claim 18, SHIN in view of Walker discloses, securely booting the IoT device (Walker Col 11 line 35-55; As noted above, in some examples, a gateway device 110 can be used, under direction of a management system, in the initialization of an attestation device. For instance, in the example of an attestation device implemented as an in-package sensor, initialization of the device 105 can be carried out in connection with the initial shipment of the package. The gateway device that is to perform the initial scan (i.e., before the shipment begins) can be tasked with assisting in the initialization of the corresponding attestation device, including the provisioning of the secret data on the attestation device. Accordingly, gateway devices that are to participate in attestation device initialization can be further secured, for instance, with identity and attestation capabilities of their own (e.g., through PKI data and supporting logic), as well as other security features, such as a secure boot based on a trusted platform module (TPM) on the gateway device, among other examples. ). Motivation would be same as stated in claim 7.

With regards to claim 19, SHIN in view of JEONG discloses, authenticating the IoT device (JEONG page 6; The router 350 verifies the digital signature transmitted by the IoT device 310 using the second key received from the authentication server 340 (451). If the verification of the signature is successful, the router 350 stores the IP address of the IPv6 together with the domain name of the IoT device 310 in the DNS server 360 (461).). Motivation would be same as stated in claim 7.

With regards to claim 20, SHIN further discloses, receiving the new firmware by the IoT device if the expected hash value and hash value match (SHIN [00090] if the signature values compared in the fourth step match; a sixth step of comparing the new checksum value (CS.sub.RF) generated in the fifth step with a checksum value (CS.sub.H) stored in the header; and a seventh step of completing verification on the new firmware and updating the automated banking machine with the new firmware, if the checksum values compared in the sixth step match pls see [0026]-[0030]).

Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to MOHAMMED WALIULLAH whose telephone number is (571)270-7987. The examiner can normally be reached 8.30 to 430 PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Yin-Chen Shaw can be reached on 1-571-272-8878. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/MOHAMMED WALIULLAH/Primary Examiner, Art Unit 2498