DETAILED ACTION
	This office action is in response to the filed application 17/490,785 on September 30, 2021. 
	Claims 1-20 are presented for examination. 

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Claim Objections
Claim 20 is objected to under 37 CFR 1.75(c) as being in improper form because a multiple dependent claims 1-10.  See MPEP § 608.01(n).  Accordingly, the claim 20 not been further treated on the merits.

Claim Rejections - 35 USC § 102
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –

(a)(2) the claimed invention was described in a patent issued under section 151, or in an application for patent published or deemed published under section 122(b), in which the patent or application, as the case may be, names another inventor and was effectively filed before the effective filing date of the claimed invention.

Claim(s) 1-4, 6 and 10-14 and 16 is/are rejected under 35 U.S.C. 102(a)(2) as being anticipated by Verheyen (US 2021/0067328). 


In regard to claim 1, Verheyen teaches a method for backing up data in an Internet of Things (IoT) system, wherein the IoT system comprises an IoT manager and a plurality of IoT devices (IOT devices, para. 9), and the method comprises: 
receiving a signature public key from an IoT device among a plurality of IoT devices in response to receiving a registration request for registering the IoT device with an IoT manager (the connection management server permits users to register devices and may manage a user identifier and a user device key for managing secure data, para. 44, client device has a third set of keys for communication with connection management server, para. 39); 
receiving atomic data associated with the IoT device, wherein the atomic data comprises a signature generated by using a signature private key corresponding to the signature public key (the private or the public key may be used to write (encrypt) a message, para. 47); 
verifying the signature based on the signature public key (the public key may then be used to verify, para. 47); and 
generating, in response to the signature being successfully verified, a backup data package for backup based on the atomic data (a session key pair enables secure combination with the connection manager server which administers user data and is also used for initiating backup, para. 54, 193-194).  

In regard to claim 2, Verheyen teaches the method according to claim 1, wherein the method further comprises: 
generating an encrypted public key and an encrypted private key (client device and connection management server establish session keys, where each side generates a public/private key pair, para. 105); and 
sending the encrypted public key to the IoT device (the server to device (SD) keys are used, para. 112).  

In regard to claim 3, Verheyen teaches the method according to claim 2, wherein the atomic data further comprises encrypted data, and the encrypted data is obtained by encrypting original data from the IoT device by means of the encrypted public key (client device has a public device key with which to encrypt messages to be sent, para. 39).  

In regard to claim 4, Verheyen teaches the method according to claim 3, wherein the encrypted data is generated by the IoT device, and the atomic data further comprises an identifier of the IoT device and a timestamp corresponding to the original data (each key has a timestamp designated the portion of the media to apply the key, para. 83).  

In regard to claim 6, Verheyen teaches the method according to claim 2, further comprising: storing the backup data package to a backup device associated with the IoT system in response to determining that a predetermined backup condition is satisfied (initiating backup, para. 54, 193-194).  

In regard to claim 10, Verheyen teaches the method according to claim 1, wherein the method is executed at the IoT device manager (managing device authentication with the connection management server, para. 96, fig. 6).  

In regard to claim 11, Verheyen teaches an electronic device, comprising: 
at least one processor (processor, para. 251); 
a volatile memory (short term memory, para. 103); and 
a memory coupled to the at least one processor (non-transitory computer readable medium, para. 252), wherein the memory has instructions stored therein that, when executed by the at least one processor, cause the device to execute 24a method for backing up data in an IoT system, wherein the IoT system comprises an IoT manager and a plurality of IoT devices (IOT devices, para. 9), and the method comprises: 
receiving a signature public key from an IoT device among a plurality of IoT devices in response to receiving a registration request for registering the IoT device with an IoT manager (the connection management server permits users to register devices and may manage a user identifier and a user device key for managing secure data, para. 44, client device has a third set of keys for communication with connection management server, para. 39); 
receiving atomic data associated with the IoT device, wherein the atomic data comprises a signature generated by using a signature private key corresponding to the signature public key (the private or the public key may be used to write (encrypt) a message, para. 47); 
verifying the signature based on the signature public key (the public key may then be used to verify, para. 47); and 
generating, in response to the signature being successfully verified, a backup data package for backup based on the atomic data (a session key pair enables secure combination with the connection manager server which administers user data and is also used for initiating backup, para. 54, 193-194).  
  
In regard to claim 12, Verheyen teaches the device according to claim 11, wherein the method further comprises: 
generating an encrypted public key and an encrypted private key (client device and connection management server establish session keys, where each side generates a public/private key pair, para. 105); and 
sending the encrypted public key to the IoT device (the server to device (SD) keys are used, para. 112).  

In regard to claim 13, Verheyen teaches the method according to claim 12, wherein the atomic data further comprises encrypted data, and the encrypted data is obtained by encrypting original data from the IoT device by means of the encrypted public key (client device has a public device key with which to encrypt messages to be sent, para. 39).  

In regard to claim 14, Verheyen teaches the device according to claim 13, wherein the encrypted data is generated by the IoT device, and the atomic data further comprises an identifier of the IoT device and a timestamp corresponding to the original data (each key has a timestamp designated the portion of the media to apply the key, para. 83).  
 
In regard to claim 16, Verheyen teaches the device according to claim 12, wherein the method further comprises: storing the backup data package to a backup device associated with the IoT system in response to determining that a predetermined backup condition is satisfied (initiating backup, para. 54, 193-194).  

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  

The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459 (1966), that are applied for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.

Claims 5 and 15 is/are rejected under 35 U.S.C. 103 as being unpatentable over Verheyen (US 2021/0067328) in further view of Sterl et al. (US 2017/0359343). 

In regard to claim 5, Verheyen does not explicitly teach but Sterl et al. teach the method according to claim 1, wherein receiving the atomic data further comprises at least any one of the following: 
receiving the atomic data from the IoT device in response to determining that the IoT device manager is connected to the IoT device (controlling device sends the control instructions to the IoT connection manager, which forwards the control instructions to the controlled IoT device upon authorization of the controlling device, para. 22); and 
23receiving the atomic data via another IoT device connected to the IoT device in response to determining that the IoT device manager is not connected to the IoT device (controlling device sends the control instructions to the IoT connection manager, which forwards the control instructions to the controlled IoT device upon authorization of the controlling device, para. 22, may be communicatively connected to another IoT device authorized by the IoT connection manager, para. 39).
It would have been obvious to modify the method of Verheyen by adding Sterl et al. secure communication with IoT devices.   A person of ordinary skill in the art before the effective filing date of the claimed invention would have been motivated to make the modification because it would allow communication on authorized devices only (para. 39).

In regard to claim 15, Verheyen does not explicitly teach but Sterl et al. teach the device according to claim 11, wherein receiving the atomic data further comprises at least any one of the following: 
receiving the atomic data from the IoT device in response to determining that the IoT device manager is connected to the IoT device (controlling device sends the control instructions to the IoT connection manager, which forwards the control instructions to the controlled IoT device upon authorization of the controlling device, para. 22); and 
receiving the atomic data via another IoT device connected to the IoT device in response to determining that the IoT device manager is not connected to the IoT device (controlling device sends the control instructions to the IoT connection manager, which forwards the control instructions to the controlled IoT device upon authorization of the controlling device, para. 22, may be communicatively connected to another IoT device authorized by the IoT connection manager, para. 39).
Refer to claim 5 for motivational statement. 

***********************************
Claims 7 and 17 is/are rejected under 35 U.S.C. 103 as being unpatentable over Verheyen (US 2021/0067328) in further view of Jung et al. (US 2020/0288331). 

In regard to claim 7, Verheyen teaches the method according to claim 6, further comprising: 
obtaining, in response to receiving a retrieval request for retrieving data associated with the IoT device, backup data associated with the retrieval request from the backup device (to retrieve data from backup, a device copies the backup records back onto the local device, para. 199); 
decrypting the backup data based on the encrypted private key to generate decrypted data (decrypt data stored at the encrypted data storage, para. 98). 
Verheyen does not explicitly teach but Jung et al. teach sending the decrypted data to the IoT device, wherein the decrypted data is used to restore configuration information of the IoT device (configuration data encryption, fig. 5, S540). 
It would have been obvious to modify the method of Verheyen by adding Jung et al. connecting to access point network.   A person of ordinary skill in the art before the effective filing date of the claimed invention would have been motivated to make the modification because it would aid in connecting and sending configuration data (para. 77-90, fig. 5). 

In regard to claim 17, Verheyen teaches the device according to claim 16, wherein the method further comprises: 
obtaining, in response to receiving a retrieval request for retrieving data associated with the IoT device, backup data associated with the retrieval request from the backup device (to retrieve data from backup, a device copies the backup records back onto the local device, para. 199); 
decrypting the backup data based on the encrypted private key to generate decrypted data (decrypt data stored at the encrypted data storage, para. 98). 
Verheyen does not explicitly teach but Jung et al. teach sending the decrypted data to the IoT device, wherein the decrypted data is used to restore configuration information of the IoT device (configuration data encryption, fig. 5, S540). 
  Refer to claim 7 for motivational statement. 
***********************************
Claims 8, 18   is/are rejected under 35 U.S.C. 103 as being unpatentable over Verheyen (US 2021/0067328) in further view of Jung et al. (US 2020/0288331) in further view of Sterl et al. (US 2017/0359343). 

In regard to claim 8, Verheyen and Jung et al. does not explicitly teach but Sterl et al. teach the method according to claim 7, wherein receiving the retrieval request comprises at least any one of the following: 
receiving the retrieval request from the IoT device in response to determining that the IoT device manager is connected to the IoT device (controlling device sends the control instructions to the IoT connection manager, which forwards the control instructions to the controlled IoT device upon authorization of the controlling device, para. 22); and 
receiving the retrieval request via another IoT device connected to the IoT device in response to determining that the IoT device manager is not connected to the IoT device (controlling device sends the control instructions to the IoT connection manager, which forwards the control instructions to the controlled IoT device upon authorization of the controlling device, para. 22, may be communicatively connected to another IoT device authorized by the IoT connection manager, para. 39).
It would have been obvious to modify the method of Verheyen and Jung et al. by adding Sterl et al. secure communication with IoT devices.   A person of ordinary skill in the art before the effective filing date of the claimed invention would have been motivated to make the modification because it would allow communication on authorized devices only (para. 39).
In regard to claim 18, Verheyen and Jung et al. does not explicitly teach but Sterl et al. teach the device according to claim 17, wherein receiving the retrieval request comprises at least any one of the following: 
receiving the retrieval request from the IoT device in response to determining that the IoT device manager is connected to the IoT device (controlling device sends the control instructions to the IoT connection manager, which forwards the control instructions to the controlled IoT device upon authorization of the controlling device, para. 22); and 
receiving the retrieval request via another IoT device connected to the IoT device in response to determining that the IoT device manager is not connected to the IoT device (controlling device sends the control instructions to the IoT connection manager, which forwards the control instructions to the controlled IoT device upon authorization of the controlling device, para. 22, may be communicatively connected to another IoT device authorized by the IoT connection manager, para. 39).
Refer to claim 8 for motivational statement. 

***********************************
Claims 9 and 19  is/are rejected under 35 U.S.C. 103 as being unpatentable over Verheyen (US 2021/0067328) in further view of Mady et al. (US 2019/0222590). 

In regard to claim 9, Verheyen does not explicitly teach but Mady et al. teach the method according to claim 1, further comprising: providing, in response to the atomic data being not successfully verified, an alert of the intrusion of the IoT system (detects a potential intrusion , the local IDS can send status update to the superiory application to analyze the status alert to determine that a potential intrusion exists on an IoT device, para. 45).  
It would have been obvious to modify the method of Verheyen by adding Mady et al. cyber security framework.   A person of ordinary skill in the art before the effective filing date of the claimed invention would have been motivated to make the modification because it would aid the detection of potential intrusion (para. 45). 

In regard to claim 19, Verheyen does not explicitly teach but Mady et al. teach the device according to claim 11, wherein the method further comprises: providing, in response to the atomic data being not successfully verified, an alert of the intrusion of the IoT system, and the device is deployed at the IoT device manager (detects a potential intrusion , the local IDS can send status update to the superiory application to analyze the status alert to determine that a potential intrusion exists on an IoT device, para. 45).  
Refer to claim 9 for motivational statement. 

***********************************
Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. See PTO 892.
Mestery et al. (US 2022/0271947) consent contract
Manevich et al. (US 2022/0166616) private and public key
Hunn et al. (US 217/0287090) atomic data to detect events and IoT
Adams et al. (US 2022/0103369) encryption key
Wells et al. (US 2022/0271920) verify public keys
Stoller et al. (US 2022/0188444) verify a signature and keys
Bezzateev et al. (US 2022/0224532) IoT and digital signatures 
Sapuntzakis (US 11,431,488) backup and public/private keys
Any inquiry concerning this communication or earlier communications from the examiner should be directed to LOAN TRUONG whose telephone number is 408-918-7552.  The examiner can normally be reached on 10AM-6PM PST M-F.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, Applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.  
If attempts to reach the examiner by telephone are unsuccessful, the examiner' s supervisor, Matt Kim can be reached on 571-272-4182.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free).

/Loan L.T. Truong/Primary Examiner, Art Unit 2114                                                                                                                                                                                                        HYPERLINK "mailto:Loan.truong@uspto.gov" Loan.truong@uspto.gov