DETAILED ACTION
This action is in response to the RCE filed on September 12, 2022. Claims 1, 5-10, 12, and 14-23 are pending. Of which, Claims 1, 5, 7-9, and 14-16 have been amended. Claims 1, 5-6, and 21 represent a method, claims 7-10, 12, and 22 represent a system, and claims 14-20, and 23 represent a non-transitory medium directed to cryptographically identifying a device.
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Continued Examination Under 37 CFR 1.114
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection.  Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114.  Applicant's submission filed on September 12, 2022 has been entered.
 Response to Arguments
Applicant’s arguments with respect to the 35 USC § 103 rejection been considered but are moot because the new ground of rejection does not rely on any reference applied in the prior rejection of record for any teaching or matter specifically challenged in the argument.
Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1, 5-8, 10, 12, 14, and 16-20 are rejected under 35 U.S.C. 103 as being anticipated by Rameez et al. (US 10447683), hereinafter referred to as Rameez, in view of Wentz, Christian (US 20200162268), hereinafter referred to as Wentz.
	Regarding Claim 1, Rameez discloses:
A method for cryptographically identifying a device to a cloud service (In Col 2, Lines 22-28, Rameez discloses “Generally, an Internet of Things (IoT) device that supports cloud-based hub subsystems need to be provisioned with distinct credentials that allows the hub to uniquely identify the device.”), the method comprising: providing, to the cloud service, a token (In Col 10, Line 55, Rameez discloses “addition information can include a security token”) and a signature of the token (In Col 8, Lines 1-6, Rameez discloses “evaluating the request for other identifying information provided in the request payload, such as a data source name (DSN) of the IoT device, Enhanced Privacy ID (EPID) signature, media access control (MAC) address, and the like. ”), the token being embedded in the device, the token including a serial number (In Col 15, Lines 41-44, Rameez discloses “In one embodiment, the identity manager 826 authenticates a previously uninitialized IoT device using data identifying the IoT device stored during manufacture of the device group as part of a provisioning certificate.”) determines a user based on the serial number, identifies a tenant of a multi-tenant cloud based on the user, and sends a request to enroll the device in the identified tenant (In Col 8, Lines 21-30, Rameez discloses “The provisioning service 236 may trigger a function to be invoked by the event-driven computing service 121 that determines whether a device profile for the device type is associated with the user account and, if so, and retrieves the profile. The provisioning service 236 may translate the attributes of the device profile into corresponding variables to be used in generating an IoT policy for the IoT device. Further, the provisioning service 236 may send the request including the generated policy to the certificate authority 238.”), receiving, from the cloud service, provisioning information customized for the user and including a client certificate for communicating with the cloud service (In Col 3, Lines 33-37, Rameez discloses “The IoT service may identify attributes from the device profile, such as version requirements, device permissions, logging parameters, and the like. Once identified, the IoT service can translate the attributes to variables for generating an IoT policy to attach to a digital certificate either generated for or registered with the IoT service.” and in Col 10, Lines 31-32, Rameez further discloses “At 445, the CA 238 sends the digital certificate to the IoT device 400.”).
However, Rameez does not explicitly disclose the details of encrypting and decrypting a signature.
Wentz discloses:
and an identifier of a public key (In ¶ 85, Wentz discloses “Authorization token 124 may alternatively or additionally include a reference to device identifier, such as group public key, device-specific public key, or the like, which may be used similarly to session key.”), wherein the cloud service verifies the token by decrypting the signature of the token with a public key retrieved using the identifier (In ¶ 27, Wentz discloses “Signature may be verified by decrypting the encrypted mathematical representation using the corresponding public key and comparing the decrypted representation to a purported match that was not encrypted;”), wherein the signature of the token is generated at the time of manufacture by encrypting the token using a private key component of a public key/private key pair (In ¶ 38, Wentz discloses “This private key and/or signing process may be produced using a genuinely random process during manufacturing, and/or unique object (UNO) fingerprint, and/or a physically unclonable function (PUF).”), wherein the public key retrieved using the identifier is a public key component of the public key/private key pair (In ¶ 85, Wentz discloses “token may include a session key linked to a private key sent in an encrypted for to evaluating device…Authorization token 124 may alternatively or additionally include a reference to device identifier, such as group public key, device-specific public key, or the like, which may be used similarly to session key. ”)
One of ordinary skill in the art of cryptography would be motivated, before the effective filing date of the claimed invention to combine Rameez and Wentz’s approach of utilizing an encrypted signature to authenticate with a cloud service as the motivation would be to increase the confidence level of the certificate authority when authenticating an IOT device (See Wentz ¶ 30).
Regarding Claim 5, the combination of Rameez and Wentz disclose the limitations with respect to claim 1.
However, Rameez does not explicitly disclose the criteria for an expiration date associated with a token. 
Wentz discloses:
Wherein the token is valid for at least five years (In ¶ 75, Wentz discloses “Additionally or separately, at least a authorization token 124 may include an expiration period”).. 
One of ordinary skill in the art of cryptography would be motivated, before the effective filing date of the claimed invention to combine Rameez and Wentz’s approach of utilizing a time limit associated with the token as the motivation would be to increase the confidence level of the authentication between the device and service to ensure the token is valid prior to conducting the registration or authentication(See Wentz ¶ 123).
Regarding Claim 6, the combination of Rameez and Wentz disclose:
The method of claim 1 wherein the client certificate is a public key certificate (In Col 3, Lines 14-18, Rameez discloses “Once authenticated, the IoT service may initiate a user-defined provisioning workflow to install and activate credentials distinct to the IoT device, such as an X.509 digital certificate that may be required by the cloud computing platform.”)
	Regarding Claim 7, Rameez discloses:
A system comprising: a processor; a read-only memory (ROM) communicatively coupled to the processor (In Col 8, Lines 43-48, Rameez discloses “the IoT device 300 includes, without limitation, a processor 305, sensors 310, a network interface 315, a memory 320, a trusted platform module (TPM) 325, and a storage 330, each interconnected via a bus 317. Of course, an actual IoT device will include a variety of additional hardware components.”), the ROM storing a (In Col 15, Lines 13-14, Rameez discloses “CPU 805 retrieves programming instructions and application data stored in the memory 820 and storage 830. ”), and a memory communicatively coupled to the processor (In Col 8, Lines 43-48, Rameez discloses “the IoT device 300 includes, without limitation, a processor 305, sensors 310, a network interface 315, a memory 320, a trusted platform module (TPM) 325, and a storage 330, each interconnected via a bus 317. Of course, an actual IoT device will include a variety of additional hardware components.”), the memory storing instructions executable by the processor to: read the token from the ROM; provide the token to a cloud service (In Col 10, Lines 52-54, Rameez discloses “The request payload may include a provisioning certificate of the IoT device and additional information used to identify the device”), determines a user based on the serial number, identifies a tenant of a multi- tenant cloud based on the user, and sends a request to enroll the device in the identified tenant (In Col 8, Lines 21-30, Rameez discloses “The provisioning service 236 may trigger a function to be invoked by the event-driven computing service 121 that determines whether a device profile for the device type is associated with the user account and, if so, and retrieves the profile. The provisioning service 236 may translate the attributes of the device profile into corresponding variables to be used in generating an IoT policy for the IoT device. Further, the provisioning service 236 may send the request including the generated policy to the certificate authority 238.”); and receive, from the cloud service, provisioning information, the provisioning information being customized for the user and including a client certificate for communicating with the cloud service (In Col 3, Lines 33-37, Rameez discloses “The IoT service may identify attributes from the device profile, such as version requirements, device permissions, logging parameters, and the like. Once identified, the IoT service can translate the attributes to variables for generating an IoT policy to attach to a digital certificate either generated for or registered with the IoT service.” and in Col 10, Lines 31-32, Rameez further discloses “At 445, the CA 238 sends the digital certificate to the IoT device 400.”).
However, Rameez does not explicitly disclose the details of encrypting and decrypting a signature.
Wentz discloses:
the token including a serial number and an identifier of a public key (In ¶ 85, Wentz discloses “Authorization token 124 may alternatively or additionally include a reference to device identifier, such as group public key, device-specific public key, or the like, which may be used similarly to session key.”), wherein the cloud service verifies the token by decrypting the signature of the token with a public key retrieved using the identifier (In ¶ 27, Wentz discloses “Signature may be verified by decrypting the encrypted mathematical representation using the corresponding public key and comparing the decrypted representation to a purported match that was not encrypted;”), wherein the signature of the token is generated at the time of manufacture by encrypting the token using a private key component of a public key/private key pair (In ¶ 38, Wentz discloses “This private key and/or signing process may be produced using a genuinely random process during manufacturing, and/or unique object (UNO) fingerprint, and/or a physically unclonable function (PUF).”),, wherein the public key retrieved using the identifier is a public key component of the public key/private key pair (In ¶ 85, Wentz discloses “token may include a session key linked to a private key sent in an encrypted for to evaluating device…Authorization token 124 may alternatively or additionally include a reference to device identifier, such as group public key, device-specific public key, or the like, which may be used similarly to session key. ”)
One of ordinary skill in the art of cryptography would be motivated, before the effective filing date of the claimed invention to combine Rameez and Wentz’s approach of utilizing an encrypted signature to authenticate with a cloud service as the motivation would be to increase the confidence level of the certificate authority when authenticating an IOT device (See Wentz ¶ 30).
Regarding Claim 8, the combination of Rameez and Wentz disclose the limitations with respect to claim 1.
However, Rameez does not explicitly disclose the criteria for an expiration date associated with a token. 
Wentz discloses:
Wherein the token includes expiration information (In ¶ 75, Wentz discloses “Additionally or separately, at least a authorization token 124 may include an expiration period”). 
One of ordinary skill in the art of cryptography would be motivated, before the effective filing date of the claimed invention to combine Rameez and Wentz’s approach of utilizing a time limit associated with the token as the motivation would be to increase the confidence level of the authentication between the device and service to ensure the token is valid prior to conducting the registration or authentication(See Wentz ¶ 123).
Regarding Claim 10, the combination of Rameez and Wentz disclose:
The system of claim 7 wherein the ROM is at least one of an electrically erasable programmable read-only memory and a flash memory (In Col 16, Lines 30-31, Rameez discloses “a read-only memory (ROM), an erasable programmable read-only memory (EPROM or Flash memory),”).
Regarding Claim 12, the combination of Rameez and Wentz disclose:
The system of claim 7 wherein the provisioning information further includes an application selected by the user for installation on the system (In Col 10, Lines 38-40, Rameez discloses “The IoT device 400 may then reconnect to the IoT service 117 to use permitted services of the cloud computing platform 115.”).
Regarding Claim 14, Rameez discloses:
A non-transitory computer-readable storage medium (In Col 16, Lines 19-20, Rameez discloses “Any combination of one or more computer readable medium(s) may be utilized.”) having embodied thereon a program, the program being executable by a processor to perform a method for cryptographically identifying a device to a cloud service (In Col 2, Lines 22-28, Rameez discloses “Generally, an Internet of Things (IoT) device that supports cloud-based hub subsystems need to be provisioned with distinct credentials that allows the hub to uniquely identify the device.”), the method comprising: providing, to a cloud service using an encrypted channel (In Col 5, Lines 9-11, Rameez discloses “Further, the message broker may ensure secure communication using a secure protocol, such as TLS or secure socket layer (SSL).”) , a token (In Col 10, Line 55, Rameez discloses “addition information can include a security token”) and a signature of the token (In Col 8, Lines 1-6, Rameez discloses “evaluating the request for other identifying information provided in the request payload, such as a data source name (DSN) of the IoT device, Enhanced Privacy ID (EPID) signature, media access control (MAC) address, and the like. ”), the token being embedded in the device (In Col 15, Lines 13-14, Rameez discloses “CPU 805 retrieves programming instructions and application data stored in the memory 820 and storage 830. ”), the token including a serial number and determines a user based on the serial number, identifies a tenant of a multi-tenant cloud based on the user, and sends a request to enroll the device in the identified tenant (In Col 8, Lines 21-30, Rameez discloses “The provisioning service 236 may trigger a function to be invoked by the event-driven computing service 121 that determines whether a device profile for the device type is associated with the user account and, if so, and retrieves the profile. The provisioning service 236 may translate the attributes of the device profile into corresponding variables to be used in generating an IoT policy for the IoT device. Further, the provisioning service 236 may send the request including the generated policy to the certificate authority 238.”), and receiving, from the cloud service responsive to the providing, provisioning information, the provisioning information being customized for the user and including a client certificate for secure communications with the cloud service (In Col 3, Lines 33-37, Rameez discloses “The IoT service may identify attributes from the device profile, such as version requirements, device permissions, logging parameters, and the like. Once identified, the IoT service can translate the attributes to variables for generating an IoT policy to attach to a digital certificate either generated for or registered with the IoT service.” and in Col 10, Lines 31-32, Rameez further discloses “At 445, the CA 238 sends the digital certificate to the IoT device 400.”).
However, Rameez does not explicitly disclose the details of encrypting and decrypting a signature.
Wentz discloses:
an identifier of a public key (In ¶ 85, Wentz discloses “Authorization token 124 may alternatively or additionally include a reference to device identifier, such as group public key, device-specific public key, or the like, which may be used similarly to session key.”), wherein the cloud service verifies the token by decrypting the signature of the token with a public key retrieved using the identifier (In ¶ 27, Wentz discloses “Signature may be verified by decrypting the encrypted mathematical representation using the corresponding public key and comparing the decrypted representation to a purported match that was not encrypted;”), wherein the signature of the token is generated at the time of manufacture by encrypting the token using a private key component of a public key/private key pair (In ¶ 38, Wentz discloses “This private key and/or signing process may be produced using a genuinely random process during manufacturing, and/or unique object (UNO) fingerprint, and/or a physically unclonable function (PUF).”), wherein the public key retrieved using the identifier is a public key component of the public key/private key pair (In ¶ 85, Wentz discloses “token may include a session key linked to a private key sent in an encrypted for to evaluating device…Authorization token 124 may alternatively or additionally include a reference to device identifier, such as group public key, device-specific public key, or the like, which may be used similarly to session key. ”)
One of ordinary skill in the art of cryptography would be motivated, before the effective filing date of the claimed invention to combine Rameez and Wentz’s approach of utilizing an encrypted signature to authenticate with a cloud service as the motivation would be to increase the confidence level of the certificate authority when authenticating an IOT device (See Wentz ¶ 30).
Regarding Claim 16, the combination of Rameez and Wentz disclose the limitations with respect to claim 1.
However, Rameez does not explicitly disclose the criteria for an expiration date associated with a token. 
Wentz discloses:
Wherein the token includes a date and time at which the cryptographically signed token becomes valid (In ¶ 75, Wentz discloses “Additionally or separately, at least a authorization token 124 may include an expiration period”). 
One of ordinary skill in the art of cryptography would be motivated, before the effective filing date of the claimed invention to combine Rameez and Wentz’s approach of utilizing a time limit associated with the token as the motivation would be to increase the confidence level of the authentication between the device and service to ensure the token is valid prior to conducting the registration or authentication(See Wentz ¶ 123).
Regarding Claim 17, the combination of Rameez and Wentz disclose:
The non-transitory computer-readable storage medium of claim 14 wherein the user is determined based on the serial number in a sales system (In Col 6, Lines 34-36, Rameez discloses “Other services in the cloud computing platform 115 may perform lookups in the registry to identify IoT devices associated with a given user account.”).
Regarding Claim 18, the combination of Rameez and Wentz disclose:
The non-transitory computer-readable storage medium of claim 14 wherein the provisioning information includes a software update for the device, the software update being at least one of a software distribution and a software version selected by the customer (In Col 18, Lines 10-13, Rameez discloses “In one embodiment, the provisioning service 236 then prepares the IoT device for use (or updates the device for use) based on the information provided by the self-provisioning request.”).
Regarding Claim 19, the combination of Rameez and Wentz disclose:
The non-transitory computer-readable storage medium of claim 14 wherein the encrypted channel uses Hypertext Transfer Protocol Secure (HTTPS) (In Col 6, Lines 9-13, Rameez discloses “Further, the message broker may ensure secure communication using a secure protocol, such as TLS or secure socket layer (SSL). Of course, the device gateway 220 may support other protocols for communication between IoT devices, such as Web Sockets and HTTP 1.1.”).
Regarding Claim 20, the combination of Rameez and Wentz disclose:
The non-transitory computer-readable storage medium of claim 14 wherein the client certificate is an x509 public key certificate (In Col 8, Lines 31-32, Rameez discloses “The CA 238 is configured to generate, from a CSR, a trusted certificate (e.g., a X.509 digital certificate).”).
Claims 9, 15, and 21-23 are rejected under 35 U.S.C. 103 as being anticipated by Rameez et al. (US 10447683), hereinafter referred to as Rameez, in view of Wentz, Christian (US 20200162268), hereinafter referred to as Wentz, in further view of Mangalvedkar et al. (US 20200177589), hereinafter referred to as Mangalvedkar. 
Regarding Claim 9, the combination of Rameez and Wentz disclose all the limitations with respect to claim 7.
However, Rameez and Wentz do not explicitly disclose the use of a JWT. 
Mangalvedkar discloses
The system of claim 7 wherein cryptographically signed token is a JavaScript Object Notation (JSON) Web Token (JWT) (In ¶ 67 Mangalvedkar discloses “the metadata 152 may be implemented using JSON, XML, RuleML, JSONata, or Business Rules Management Markup Language.”).
One of ordinary skill in the art of cryptography would be motivated, before the effective filing date of the claimed invention to combine Rameez, Wentz, and Mangalvedkar’s approach of utilizing a JWT token as the motivation would be to make it easier to read the metadata and parameters associated with the token (See Mangalvedkar ¶ 67).
Regarding Claim 15, the combination of Rameez and Wentz disclose all the limitations with respect to claim 14.
However, Rameez and Wentz do not explicitly disclose the use of a JWT. 
Mangalvedkar discloses
The system of claim 7 wherein cryptographically signed token includes human readable text (In ¶ 67 Mangalvedkar discloses “the metadata 152 may be implemented using JSON, XML, RuleML, JSONata, or Business Rules Management Markup Language.”).
One of ordinary skill in the art of cryptography would be motivated, before the effective filing date of the claimed invention to combine Rameez, Wentz, and Mangalvedkar’s approach of utilizing a JWT token as the motivation would be to make it easier to read the metadata and parameters associated with the token (See Mangalvedkar ¶ 67).
Regarding Claim 21, the combination of Rameez and Wentz disclose all the limitations with respect to claim 1.
However, Rameez and Wentz do not explicitly disclose the sharing of resources across the cloud.
Mangalvedkar discloses:
 wherein the multi-tenant cloud comprises computing resources shared by a plurality of tenants and data of each tenant of the plurality of tenants is isolated from other tenants of the plurality of tenants (In ¶ 33, Mangalvedkar discloses “In some embodiments of the computing environments 100, 180, 190, 200, 350 IoT devices 101, IoT administrative system 110, IoT platforms 153, provisioning servers 130 and other network accessible systems, may represent computer systems utilizing clustered computers and components to act as a single pool of seamless resources when accessed through network 160”).
One of ordinary skill in the art of cryptography would be motivated, before the effective filing date of the claimed invention to combine Rameez, Wentz, and Mangalvedkar’s approach of utilizing a a cloud environment with shared resources as the motivation would be increase productivity and scalability of the services used by the IOT devices as needed (See Mangalvedkar ¶ 3).
Regarding Claim 22, the combination of Rameez and Wentz disclose all the limitations with respect to claim 7.
However, Rameez and Wentz do not explicitly disclose the sharing of resources across the cloud.
Mangalvedkar discloses:
wherein the multi-tenant cloud comprises computing resources shared by a plurality of tenants and data of each tenant of the plurality of tenants is isolated from other tenants of the plurality of tenants. (In ¶ 33, Mangalvedkar discloses “In some embodiments of the computing environments 100, 180, 190, 200, 350 IoT devices 101, IoT administrative system 110, IoT platforms 153, provisioning servers 130 and other network accessible systems, may represent computer systems utilizing clustered computers and components to act as a single pool of seamless resources when accessed through network 160”).
One of ordinary skill in the art of cryptography would be motivated, before the effective filing date of the claimed invention to combine Rameez, Wentz, and Mangalvedkar’s approach of utilizing a a cloud environment with shared resources as the motivation would be increase productivity and scalability of the services used by the IOT devices as needed (See Mangalvedkar ¶ 3).
Regarding Claim 23, the combination of Rameez and Wentz disclose all the limitations with respect to claim 14.
However, Rameez and Wentz do not explicitly disclose the sharing of resources across the cloud.
Mangalvedkar discloses:
wherein the multi-tenant cloud comprises computing resources shared by a plurality of tenants and data of each tenant of the plurality of tenants is isolated from other tenants of the plurality of tenants. (In ¶ 33, Mangalvedkar discloses “In some embodiments of the computing environments 100, 180, 190, 200, 350 IoT devices 101, IoT administrative system 110, IoT platforms 153, provisioning servers 130 and other network accessible systems, may represent computer systems utilizing clustered computers and components to act as a single pool of seamless resources when accessed through network 160”).
One of ordinary skill in the art of cryptography would be motivated, before the effective filing date of the claimed invention to combine Rameez, Wentz, and Mangalvedkar’s approach of utilizing a a cloud environment with shared resources as the motivation would be increase productivity and scalability of the services used by the IOT devices as needed (See Mangalvedkar ¶ 3).
Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. 
Pala et al. (US 20190042708) discloses a method of registering and provisioning an electronic device utilizing pki cryptography. 
Kasso et al. (US 20220052849) discloses a method for using signed nonces to secure cloud shells by authorizing user devices to access the shells. 
Wang et al (US 20210350021) discloses a method for updating user consent utilizing an attestation token in a cloud environment. 
Gujarathi et al. (US 20210336966) discloses a method for accessing services via identity providers where a client uses an access token and signature to access services. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to SHADI H KOBROSLI whose telephone number is (571)272-1952. The examiner can normally be reached M-F 9am-5pm ET.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Saleh Najjar can be reached on 571-272-4006. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/SHADI H KOBROSLI/Examiner, Art Unit 2492                                                                                                                                                                                         

/SALEH NAJJAR/Supervisory Patent Examiner, Art Unit 2492