DETAILED ACTION
Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Claim Objections
Claim 15 are objected to because of the following informalities:
Regarding claim 15:
Line 4 recites “the authentication key and certificate”; the examiner suggests changing to “the authentication key and the certificate”.
Appropriate correction is required.
Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b) CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.
The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.
Claims 8-11 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA 35 U.S.C. 112, the applicant), regards as the invention.
Claim 8 recites the limitation "the a valid certificate" in line 5. There is insufficient antecedent basis for this limitation in the claim.
Claim Rejections - 35 USC § 102
In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis (i.e., changing from AIA to pre-AIA ) for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –
(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale, or otherwise available to the public before the effective filing date of the claimed invention.
Claims 1, 3-10, 12, 15 are rejected under 35 U.S.C. 102(a)(1) as being anticipated by Park et al. (US 2018/0119975 A1).
(1) Regarding claim 1:
Park discloses an authenticator device (gateway 422 in figure 4A), comprising:
a memory (payload storage 530 of HVAC 402 as shown in figure 5, para. 119; gateway 422 can store update various permissions on HVAC devices 402 based on a manifest stored on gateway 422, para. 0086; payload storage 530 stores various software updates, software versions, update files, etc. that are not installed on HVAC device 402. In this regard, payload storage 530 may act as an offline repository for software and/or any other data. Payload storage 530 may mirror any software updates and/or downloads available on the authentication server 404 locally on HVAC device 402, para. 0119); and
a controller (network communication controller 510 of HVAC Device 402 in figure 5) that:
receives an authentication information (update manifest from authentication server 404) from a cloud network via a communications interface (step 806 in figure 8, receive an updated manifest from the authentication server, para. 0158),
stores the authentication information in the memory (gateway 422 can store update various permissions on HVAC devices 402 based on a manifest stored on gateway 422, page 19, para. 0086), and
authenticates a device utilizing the authentication information when the authenticator device and the device are not connected to the cloud network (It should be understood FIG. 5 may also describe user device 406, gateway 422, para. 0110; At 1010, if HVAC device 402 determines that it is not connected to the network (e.g., connected to authentication server 404), HVAC device 402 is shown to perform offline licensing (step 1012). At 1012, HVAC device 402 can be configured to perform offline licensing of HVAC device 402. In some embodiments, a user may need to update the licensing (e.g., a manifest) of HVAC device 402 via user device 406 and the file received from authentication server 404 in step 1006. The HVAC device 402 can receive licensing (e.g., a manifest) from a client update utility which may run on the HVAC device 402, user device 406, gateway 422, para. 0172-0174).
(2) Regarding claim 6:
Park discloses a method to authenticate a wireless device in an offline environment, the method comprising:
connecting an authenticator device (authentication server 404 in figure 4A) to a cloud network (HVAC devices 402 may each their own processing and analytics capabilities. HVAC devices 402 are managed in the cloud (e.g., authentication server 404), para. 0082);
receiving an authentication key and a certificate (dynamic key and payload request, para. 0091) by the authenticator device from the cloud network (payload storage 530 of HVAC 402 as shown in figure 5, para. 119; gateway 422 can store update various permissions on HVAC devices 402 based on a manifest stored on gateway 422, gateway 422 can be configured to communicate with authentication server 404 to maintain a manifest, para. 0086; authentication server 404 can be configured to authenticate various users and/or devices (e.g., HVAC devices 402 and/or user device 406) and give the user and/or device various levels of access (e.g., scope). In this regard, the various users and/or devices may be authenticated via various tokens (e.g., a dynamic key, a device ID, a device key, an device ID, a manifest, etc.) that may be generated and/or issued to the devices by authentication server 404, para. 0099);
storing the authentication key and the certificate in internal memory of the authenticator device (authentication server 404 comprises database that uses to store data, para. 0094; Authentication server 404 can be configured to register a particular HVAC device 402 and can be configured to store registration information in device registry 425, license registry 427, and/or any other data storage available to authentication server 404. Para. 0094; gateway 422 can store update various permissions on HVAC devices 402 based on a manifest stored on gateway 422, page 19, para. 0086-0087; payload storage 530 stores various software updates, software versions, update files, etc. that are not installed on HVAC device 402. In this regard, payload storage 530 may act as an offline repository for software and/or any other data. Payload storage 530 may mirror any software updates and/or downloads available on the authentication server 404 locally on HVAC device 402, para. 0119);
establishing a connection by the authenticator device to a mobile device when the authenticator device is not connected to the cloud network, the mobile device including a mobile application (authentication server 404 can be configured to allow user device 406 to manage various licenses, para. 0097; the user device 406 may be run a client update utility, para. 0101) that communicates with a remote device (At 1010, if HVAC device 402 determines that it is not connected to the network (e.g., connected to authentication server 404), HVAC device 402 is shown to perform offline licensing (step 1012). At 1012, HVAC device 402 can be configured to perform offline licensing of HVAC device 402. In some embodiments, a user may need to update the licensing (e.g., a manifest) of HVAC device 402 via user device 406 and the file received from authentication server 404 in step 1006. The HVAC device 402 can receive licensing (e.g., a manifest) from a client update utility which may run on the HVAC device 402, user device 406, gateway 422, para. 0172-0174); and
authenticating the remote device by the authenticator device via the mobile application utilizing the authentication key (It should be understood FIG. 5 may also describe user device 406, gateway 422, software embodiment as describe in para. 0110-0111; At 1010, if HVAC device 402 determines that it is not connected to the network (e.g., connected to authentication server 404), HVAC device 402 is shown to perform offline licensing (step 1012). At 1012, HVAC device 402 can be configured to perform offline licensing of HVAC device 402. In some embodiments, a user may need to update the licensing (e.g., a manifest) of HVAC device 402 via user device 406 and the file received from authentication server 404 in step 1006. The HVAC device 402 can receive licensing (e.g., a manifest) from a client update utility which may run on the HVAC device 402, user device 406, gateway 422, para. 0172-0174).
(3) Regarding claim 15:
Park disclose an authentication system, comprising:
an authenticator device (HVAC device 402 is shown in greater detail, according to an exemplary embodiment. It should be understood FIG. 5 may also describe user device 406, gateway 422, para. 0110) including memory (and a controller wherein the controller receives an authentication key and a certificate from a cloud network via a communications interface, and stores the authentication key and certificate in the memory (gateway 422 can store update various permissions on HVAC devices 402 based on a manifest stored on gateway 422, page 19, para. 0086; payload storage 530 stores various software updates, software versions, update files, etc. that are not installed on HVAC device 402. In this regard, payload storage 530 may act as an offline repository for software and/or any other data. Payload storage 530 may mirror any software updates and/or downloads available on the authentication server 404 locally on HVAC device 402, para. 0119);
a wireless remote device (HVAC 402 comprises gateway 422 as shown in figure 4A)user device 406 in figure 4A); and
a mobile device (user device 406 in figure 4A) including a mobile application that communicates with the authenticator device and the wireless remote device (as shown in figure 4A, user device 406 can communicate with the authentication server 404 and HVAC 402 as shown in figure 4A),
wherein the authenticator device authenticates the wireless remote device via the mobile device when the authenticator device and the wireless remote device are not connected to the cloud network (It should be understood FIG. 5 may also describe user device 406, gateway 422, para. 0110; At 1010, if HVAC device 402 determines that it is not connected to the network (e.g., connected to authentication server 404), HVAC device 402 is shown to perform offline licensing (step 1012). At 1012, HVAC device 402 can be configured to perform offline licensing of HVAC device 402. In some embodiments, a user may need to update the licensing (e.g., a manifest) of HVAC device 402 via user device 406 and the file received from authentication server 404 in step 1006. The HVAC device 402 can receive licensing (e.g., a manifest) from a client update utility which may run on the HVAC device 402, user device 406, gateway 422, para. 0172-0174).
(4) Regarding claim 3:
Park discloses all limitation of claim 1, and further discloses the device is a remote device (user device and HVAC devices 402 are remote device from the authentication server 404 as shown in figure 4A)
(5) Regarding claim 4:
Park discloses all limitation of claim 3, and further discloses the remote device is a plurality of wireless lighting fixtures (A BMS is, in general, a system of devices configured to control, monitor, and manage equipment in or around a building or building area. A BMS can include, for example, a HVAC system, a security system, a lighting system, a fire alerting system, any other system that is capable of managing building functions or devices, or any combination thereof, para. 0059) configured into a mesh network (the examiner interprets the building management system as shown in figure 1 as the claimed mesh network, 0052).
(6) Regarding claim 12:
Park discloses all limitation of claim 6, and further discloses deleting the authentication key and the certificate by the authenticator device from the internal memory after a fixed time period (Payload request controller 524 can be configured to determine a time at which to send a payload request to an authentication server (e.g., authentication server 404). Payload request controller 524 may send a payload request periodically (e.g., every day, week, month, etc.) based on a timer and/or real time clock, para. 0118, the examiner interprets the payload request is an update of the manifest and replace the old one, para. 0104).
(7) Regarding claim 5:
Park discloses all subject matter of claim 1, and further discloses the device is a mobile application installed on a mobile device (FIG. 5, HVAC device 402 is shown in greater detail, according to an exemplary embodiment. It should be understood FIG. 5 may also describe user device 406, gateway 422, as well as one, all, none, and/or a portion of HVAC devices 402, and/or any other computing device. HVAC device 402 may include a processing circuit 502 and a network interface 504. Processing circuit 502 may include a processor 506 and memory 508. Processor 506 may be a general purpose or specific purpose processors, an application specific integrated circuits (ASICs), one or more field programmable gate arrays (FPGAs), a group of processing components, or other suitable processing components. The processor can be configured to execute computer code or instructions stored in memory or received from other computer readable media (e.g., CDROM, network storage, a remote server, etc.). Memory 508 can include random access memory (RAM), read-only memory (ROM), hard drive storage, temporary storage, non-volatile memory, flash memory, optical memory, or any other suitable memory for storing software objects and/or computer instructions. The memory can include database components, object code components, script components, or any other type of information structure for supporting the various activities and information structures described in the present disclosure (para. 0110-0111).
(8) Regarding claim 7:
Park discloses all subject matter of claim 6, and further discloses authenticating the remote device includes:
establishing, by the mobile application, communication with the remote device (a user device 406 is shown to communicate via network 408 to at least one of authentication server 404 and HVAC device(s) 402, para. 0101; At 1010, if HVAC device 402 determines that it is not connected to the network (e.g., connected to authentication server 404), HVAC device 402 is shown to perform offline licensing (step 1012). At 1012, HVAC device 402 can be configured to perform offline licensing of HVAC device 402. In some embodiments, a user may need to update the licensing (e.g., a manifest) of HVAC device 402 via user device 406 and the file received from authentication server 404 in step 1006, para. 0172; the examiner interpret offline licensing is a connection between the user device 406 and HVAC gateway 422);
receiving, by the mobile application, an encrypted string from the remote device (user device 406 can be configured to perform some and/or all of the functionality of authentication server 404. In this regard, if user device 406 can be configured to perform software updates and/or manifest updates with HVAC device(s) 402 and/or any other functionality as described with respect to authentication server 404. In this regard, a user may receive a software package, a software update, a manifest update and/or any other data from authentication server 404, which can then be used to update HVAC devices 402, para. 0101; when user device 406 perform authentication of HVAC device 402 with respect to the function of authentication server, the user device 406 would receive dynamic key and payload request from HVAC 402 for authentication);
passing, by the mobile application, the encrypted string to the authenticator device (user device 406 may send a dynamic key to at least one of authentication server 404 and HVAC device(s) 402. In some embodiments, user device 406 can be configured to receive an updated manifest from authentication server 404, para. 0102);
decrypting, by the authenticator device, the encrypted string utilizing the authentication key (user device 406 may send a dynamic key to at least one of authentication server 404 and HVAC device(s) 402, para. 0102);
responsive to a valid encrypted string, authenticating the remote device (authentication server 404 is configured to decode a dynamic key received from at least one of HVAC device(s) 402 and/or user device 406. Once decoded, the dynamic key may identify a manifest stored on HVAC device 402 and/or user device 406. Authentication server 404 can be configured to search a database (e.g., a device registry and/or a license registry) of various device manifests linked to various devices (e.g., HVAC device(s) 402) and determine if the manifest sent (e.g., asserted) by the HVAC device 402 to authentication server 404 is correct, up-to-date, and/or otherwise synchronized, para. 0091).
(9) Regarding claim 8:
Park discloses all subject matter of claim 7, and further discloses:
receiving the certificate by the remote device from the authenticator device via the mobile device (user device 406 may send a dynamic key to at least one of authentication server 404 and HVAC device(s) 402, para. 0102);
decrypting the certificate by the remote device utilizing an algorithm (authentication server 404 is configured to decode a dynamic key received from at least one of HVAC device(s) 402 and/or user device 406, para. 0091); and
responsive to the a valid certificate, the mobile application is authenticated (Once decoded, the dynamic key may identify a manifest stored on HVAC device 402 and/or user device 406. Authentication server 404 can be configured to search a database (e.g., a device registry and/or a license registry) of various device manifests linked to various devices (e.g., HVAC device(s) 402) and determine if the manifest sent (e.g., asserted) by the HVAC device 402 to authentication server 404 is correct, up-to-date, and/or otherwise synchronized, para. 0091).
(10) Regarding claim 9:
Park discloses all subject matter of claim 8, and further discloses:
when the mobile application and the remote device are authenticated, the remote device is added to a list in the mobile application as an authenticated remote device (In this regard, authentication server 404 can be configured to monitor and/or record the received data. In some embodiments, the monitored and/or recorded data is metadata associated with the HVAC devices 402. In some embodiments, authentication server 404 (e.g., license registry 427) can be configured to maintain a list of permissions and associations between users, devices, organizations, para. 0093; since para. 0156 and 0161 indicate that the user device 406 and authentication server 404 comprise same functionality, the examiner interprets the user device would also maintain a list or permissions and associated between users, devices, and organization).
(11) Regarding claim 10:
Park discloses all subject matter of claim 9, and further discloses:
configuring, by the mobile application, a mesh network of remote devices (buildings 434-440 and cloud server 432 as shown in figure 4B) including the authenticated remote device (a system 430 including multiple buildings connected to a cloud server via data collectors is shown, according to an exemplary embodiment. System 430 is shown to include multiple buildings 434, 436, 438, and 440. Buildings 434-440 may be the same and/or similar to building 10. In some embodiments, the buildings are all owned by a single company and/or may be located on a single campus, on multiple campuses, in multiple states, and/or in multiple countries. Each building 434-440 is shown to have a data collector, data collectors 442-448. Data collectors 442-448 may be controllers, gateways (e.g., gateway 422), computer systems, and/or any other device that can collect data for a building and push the data to a server. In some embodiments, buildings 434-440 may have one or more data collectors. Local regulations of data security and/or encryption can be met by each building 434-440 and/or data collector 442-448 based on the location (e.g., country, state, district) that each building 434-440 and/or data collector 442-448 are located. A customer associated with one or more of buildings 434-440 should have a provision to decide that their data when stored in cloud, the data center should be in their respective country, para. 0103; the examiner interprets the buildings 434-440 as the claimed mesh network).
Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis (i.e., changing from AIA to pre-AIA ) for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
Claims 2, 11, and 13-14 are rejected under 35 U.S.C. 103 as being unpatentable over Park et al. (US 2018/0119975 A1).
(1) Regarding claim 13:
Park discloses all subject matter of claim 12, but fails to explicitly disclose the fixed time period is seventy-two hours.
Park discloses Payload request controller 524 can be configured to determine a time at which to send a payload request to an authentication server (e.g., authentication server 404). Payload request controller 524 may send a payload request periodically (e.g., every day, week, month, etc.) based on a timer and/or real time clock (para. 0118). Although Park does not specifically disclose the fixed time period is seventy-two hours, such limitation are merely a matter of design choice and would have been obvious in the method of Park. Park teaches an example of the fixed period of every day, week, month. The limitation of the fixed time period is seventy-two hours does not define a patentably distinct invention over Park since both invention as a whole are directed to search for a power peak of a define range. Therefore, the fixed time period is seventy-two hours would have been a matter of obvious design choice to one of ordinary skill in the art for the benefit of updating the information.
(2) Regarding claim 2:
Park discloses all subject matter of claim 1, but fails to explicitly disclose a real time clock that is synchronized to local time when the authenticator device is connected to the cloud network via the communications interface.
However, Park discloses payload request controller 524 can be configured to determine a time at which to send a payload request to an authentication server (e.g., authentication server 404). Payload request controller 524 may send a payload request periodically (e.g., every day, week, month, etc.) based on a timer and/or real time clock (para. 0118). With the interpretation that the time of the cited timer as the claimed current time and the cited real time clock as the claimed real time clock and connected to the authentication server 404 through network 408 as shown in figure 4A, the claimed limitation is met for the benefit of synchronization length of time for the active payload request period (para. 0122).
(3) Regarding claim 14:
Park discloses all subject matter of claim 6, but fails to explicitly disclose synchronizing a real time clock on the authenticator device with current time when the authenticator device is connected to the cloud network.
However, Park discloses payload request controller 524 can be configured to determine a time at which to send a payload request to an authentication server (e.g., authentication server 404). Payload request controller 524 may send a payload request periodically (e.g., every day, week, month, etc.) based on a timer and/or real time clock (para. 0118). With the interpretation that the time of the cited timer as the claimed current time and the cited real time clock as the claimed real time clock, the claimed limitation is met for the benefit of synchronization length of time for the active payload request period (para. 0122).
(4) Regarding claim 11:
Park discloses all subject matter of claim 9, but fails to explicitly disclose transmitting the list from the mobile application to the authenticator device, storing the list, by the authenticator device, in the internal memory, and when the authenticator device is connected to the cloud network, transmitting the list to the cloud network.
However, authentication server 404 (e.g., license registry 427) can be configured to maintain a list of permissions and associations between users, devices, organizations, para. 0093; since para. 0156 and 0161 indicate that the user device 406 and authentication server 404 comprise same functionality, the examiner interprets the user device would also maintain a list or permissions and associated between users, devices, and organization. Therefore, the user device 406 may also comprises component to maintain a licensed registry 427 and paragraph 0095 discloses that the Authentication server 404 is shown to include access portal 424. Access portal 424 may be accessible via a user device 406 and/or any other computing device. In some embodiments, access portal 424 may include a user interface (UI) that can be accessed via a user device (e.g., user device 406). In some embodiments, access portal 424 includes multiple user interfaces (e.g., user interface for a user, user interface for manufacturing and/or 3.sup.rd party). In various embodiments, the user interface(s) may include various logos and/or specific color themes. In some embodiments, user device 406 connects with authentications server 404 via the Internet. Access portal 424 may allow user device 406 to manage a profile (e.g., a user profile, a device profile, a company profile, a campus profile, etc.). In some embodiments, access portal 424 may allow user device 406 to add devices to a profile and/or remove devices from the profile.
It is desirable to transmit the list from the mobile application to the authenticator device, storing the list, by the authenticator device, in the internal memory, and when the authenticator device is connected to the cloud network, transmitting the list to the cloud network so updating of the list is maintained. Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to transmit the list from the mobile application to the authenticator device, storing the list, by the authenticator device, in the internal memory, and when the authenticator device is connected to the cloud network, transmitting the list to the cloud network for the benefit of maintaining an up to date list.
Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.
Yegorov (US 2023/0133680 A1) discloses controllers, systems, and methods for charging verification.
Liu et al. (US 2023/0131744 A1) discloses massage apparatus and authentication method.
Choi (US 2022/0116227 A1) discloses chain of authentication using public key infrastructure.
Yuan (US 2020/0195632 A1) discloses resource processing method, apparatus, and system, and computer-readable medium.
Ding et al. (US 2019/0089693 A1) discloses systems and methods for authenticating internet of things devise.
Peng (US 2017/0257221 A1) discloses information security realizing method and system based on digital certificate.
Straub (US 2017/0048215 A1) discloses secure storage of enterprise certificates for cloud services.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to SIU M LEE whose telephone number is (571)270-1083. The examiner can normally be reached M-T 8:30-7:00.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Chieh M Fan can be reached at 571-272-3042. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/SIU M LEE/Primary Examiner, Art Unit 2632 1/6/2025