Method for the authenticated establishment of a connection between an equipment connected to at least one communication network and a server of a service provider, and corresponding devices

DETAILED ACTION Notice of Pre-AIA or AIA Status The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . This Office Action is in response to the application 18/577490 filed on 01/08/2024. Claims 1-13 have been examined and are pending in this application. Priority Acknowledgment is made of applicant’s claim for foreign priority under 35 U.S.C. 119 (a)-(d). The certified copy has been filed in parent Application No. PCT/FR2022/051376, filed on 07/07/2022 and WO 2023/281231, filed on 01/12/2023. Information Disclosure Statement The information disclosure statement (IDS), submitted on 01/08/2024, 04/08/2024 and 04/09/2024, is in compliance with the provisions of 37 CFR 1.97. Accordingly, the information disclosure statement is being considered by the examiner. Claim Interpretation - 35 USC § 112 The following is a quotation of 35 U.S.C. 112(f): (f) Element in Claim for a Combination. – An element in a claim for a combination may be expressed as a means or step for performing a specified function without the recital of structure, material, or acts in support thereof, and such claim shall be construed to cover the corresponding structure, material, or acts described in the specification and equivalents thereof. The following is a quotation of pre-AIA 35 U.S.C. 112, sixth paragraph: An element in a claim for a combination may be expressed as a means or step for performing a specified function without the recital of structure, material, or acts in support thereof, and such claim shall be construed to cover the corresponding structure, material, or acts described in the specification and equivalents thereof. The claims in this application are given their broadest reasonable interpretation using the plain meaning of the claim language in light of the specification as it would be understood by one of ordinary skill in the art. The broadest reasonable interpretation of a claim element (also commonly referred to as a claim limitation) is limited by the description in the specification when 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph, is invoked. As explained in MPEP § 2181, subsection I, claim limitations that meet the following three-prong test will be interpreted under 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph: (A) the claim limitation uses the term “means” or “step” or a term used as a substitute for “means” that is a generic placeholder (also called a nonce term or a non-structural term having no specific structural meaning) for performing the claimed function; (B) the term “means” or “step” or the generic placeholder is modified by functional language, typically, but not always linked by the transition word “for” (e.g., “means for”) or another linking word or phrase, such as "configured to" or "so that"; and (C) the term “means” or “step” or the generic placeholder is not modified by sufficient structure, material, or acts for performing the claimed function. Use of the word “means” (or “step”) in a claim with functional language creates a rebuttable presumption that the claim limitation is to be treated in accordance with 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph. The presumption that the claim limitation is interpreted under 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph, is rebutted when the claim limitation recites sufficient structure, material, or acts to entirely perform the recited function. Absence of the word “means” (or “step”) in a claim creates a rebuttable presumption that the claim limitation is not to be treated in accordance with 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph. The presumption that the claim limitation is not interpreted under 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph, is rebutted when the claim limitation recites function without reciting sufficient structure, material or acts to entirely perform the recited function. Claim limitations in this application that use the word “means” (or “step”) are being interpreted under 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph, except as otherwise indicated in an Office action. Conversely, claim limitations in this application that do not use the word “means” (or “step”) are not being interpreted under 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph, except as otherwise indicated in an Office action. This application includes one or more claim limitations that do not use the word “means,” but are nonetheless being interpreted under 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph, because the claim limitation(s) uses a generic placeholder that is coupled with functional language without reciting sufficient structure to perform the recited function and the generic placeholder is not preceded by a structural modifier. Such claim limitation(s) is/are: “the item of equipment is configured to transmit [] a request,” “the certificate creating module is configured to generate [] a certificate,” “the certification creation module is configured to transmit [] a request,” and “the item of equipment is configured to receive the certification token,” recited in claim 7; “the item of equipment is configured to transmit a request,” recited in claim 8. Because this/these claim limitation(s) is/are being interpreted under 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph, it/they is/are being interpreted to cover the corresponding structure described in the specification as performing the claimed function, and equivalents thereof. If applicant does not intend to have this/these limitation(s) interpreted under 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph, applicant may: (1) amend the claim limitation(s) to avoid it/them being interpreted under 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph (e.g., by reciting sufficient structure to perform the claimed function); or (2) present a sufficient showing that the claim limitation(s) recite(s) sufficient structure to perform the claimed function so as to avoid it/them being interpreted under 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph. Claim Rejections - 35 USC § 103 In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis (i.e., changing from AIA to pre-AIA ) for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status. The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action: A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made. This application currently names joint inventors. In considering patentability of the claims the examiner presumes that the subject matter of the various claims was commonly owned as of the effective filing date of the claimed invention(s) absent any evidence to the contrary. Applicant is advised of the obligation under 37 CFR 1.56 to point out the inventor and effective filing dates of each claim that was not commonly owned as of the effective filing date of the later invention in order for the examiner to consider the applicability of 35 U.S.C. 102(b)(2)(C) for any potential 35 U.S.C. 102(a)(2) prior art against the later invention. Claims 1-2 and 10-12 are rejected under 35 U.S.C. 103 as being unpatentable over Pfeffer et al. (“Pfeffer,” US 2006/0165082) in view of Pastusiak et al. (“Pastusiak et al.,” US 2006/0129501). Regarding claim 1: Pfeffer discloses a method for authenticated establishment of a connection between an item of equipment connected to at least one communication network and a server of a service provider, said method being implemented by said item of equipment and comprising: transmitting to a network address configuration server a request for allocating at least one network address comprising at least one hash of a physical address of said item of equipment (Pfeffer: par. 0006 when the application server communicates with the CMTS to reserve the network resources required to provide the services to the requesting subscriber, the application server provides the CMTS the CM MAC and CM IP addresses to facilitate resource allocation; par. 0031 a MAC address token may be ciphertext produced by [] a hash value produced by applying a hash algorithm to the CM MAC address). Pfeffer does not explicitly disclose receiving a message comprising a certification token generated from at least the at least one said hash of the physical address of said item of equipment, and a hash of said certification token and transmitting a request for establishing a connection with said server of the service provider comprising at least said certification token and said hash of said certification token. However, Pastusiak discloses receiving a message comprising a certification token generated from at least the at least one said hash of the physical address of said item of equipment (Pastusiak: par. 0023 the token generation module 114 generates tokens for distribution to the plurality of clients 104(n); par. 0024 the token system 106 may include a database 126 having a plurality of hash values 128(k) [] each of the plurality of hash values 128(k) corresponds to a token previously generated by the token generation module 114), and transmitting a request for establishing a connection with said server of the service provider comprising at least said certification token and said hash of said certification token (Pastusiak: par. 0032 the distribution server 206 may execute a distribution module 236 on the processor 214 [] to form a communication having the token for distribution across the network 108 to the client 104(n); par. 0033 upon receipt of the token 122(i) by the client 104(n), the token 122(i) may be communicated by the client 104(n) via the network 108 to the token system 106 for verification). Therefore, it would have been obvious to a person of ordinary skill in the art, before the effective filing date of the claimed invention to combine the teachings of Pastusiak with the system/method of Pfeffer to include a certification token generated from at least the at least one said hash of the physical address, and a hash of said certification token. One would have been motivated to generation, distribution and verification of tokens using a secure hash algorithm (Pastusiak: par. 0001). Regarding claim 2: Pfeffer in view of Pastusiak discloses the method according to claim 1. Pastusiak further discloses in response to an authentication of said item of equipment by said server of the service provider from said certification token and said hash of said certification token, receiving a message acknowledging the establishment of said connection with said server of the service provider (Pastusiak: par. 0050 if a match is found (decision block 612), the token system 106 communicates a “verification successful' message to the offer provider 102(m) (block 618)). The motivation is the same that of claim 1 above. Regarding claim 10: Pfeffer discloses an item of equipment connected to at least one communication network capable of establishing in an authenticated manner a connection with a server of a service provider, said item of equipment comprising: transmit, to a network address configuration server, a request for allocating at least one network address comprising at least one hash of a physical address of said item of equipment (Pfeffer: par. 0006 when the application server communicates with the CMTS to reserve the network resources required to provide the services to the requesting subscriber, the application server provides the CMTS the CM MAC and CM IP addresses to facilitate resource allocation; par. 0031 a MAC address token may be ciphertext produced by [] a hash value produced by applying a hash algorithm to the CM MAC address). Pfeffer does not explicitly disclose at least one processor, receive a certification token corresponding to a certificate created by a certificate creation module from at least said at least one hash of the physical address of said item of equipment, and a hash of said certification token and transmit a request for establishing a connection with said server of the service provider comprising at least said corresponding certification token and said hash of said certification token. However, Pastusiak discloses at least one processor (Pastusiak: fig. 2 item 212), receive a certification token corresponding to a certificate created by a certificate creation module from at least said at least one hash of the physical address of said item of equipment, and a hash of said certification token (Pastusiak: par. 0023 the token generation module 114 generates tokens for distribution to the plurality of clients 104(n); par. 0024 the token system 106 may include a database 126 having a plurality of hash values 128(k) [] each of the plurality of hash values 128(k) corresponds to a token previously generated by the token generation module 114), and transmit a request for establishing a connection with said server of the service provider comprising at least said corresponding certification token and said hash of said certification token (Pastusiak: par. 0032 the distribution server 206 may execute a distribution module 236 on the processor 214 [] to form a communication having the token for distribution across the network 108 to the client 104(n); par. 0033 upon receipt of the token 122(i) by the client 104(n), the token 122(i) may be communicated by the client 104(n) via the network 108 to the token system 106 for verification). Therefore, it would have been obvious to a person of ordinary skill in the art, before the effective filing date of the claimed invention to combine the teachings of Pastusiak with the system/method of Pfeffer to include a certification token generated from at least the at least one said hash of the physical address, and a hash of said certification token. One would have been motivated to generation, distribution and verification of tokens using a secure hash algorithm (Pastusiak: par. 0001). Regarding claim 11: Pfeffer discloses a network address configuration server capable of providing a certification token associated with an item of equipment connected to at least one communication network for an authenticated establishment of a connection between said item of equipment and a server of a service provider, said network address configuration server comprising; receive a request for allocating at least one network address comprising at least one hash of a physical address of said item of equipment (Pfeffer: par. 0006 when the application server communicates with the CMTS to reserve the network resources required to provide the services to the requesting subscriber, the application server provides the CMTS the CM MAC and CM IP addresses to facilitate resource allocation; par. 0031 a MAC address token may be ciphertext produced by [] a hash value produced by applying a hash algorithm to the CM MAC address). Pfeffer does not explicitly disclose at least one processor, obtain a certificate associated with said item of equipment and a certification token corresponding to said certificate, the certificate and the token being generated from the at least one hash of the physical address of said item of equipment and transmit said certification token and the hash of said certification token to said item of equipment. However, Pastusiak discloses at least one processor (Pastusiak: fig. 2 item 212), obtain a certificate associated with said item of equipment and a certification token corresponding to said certificate, the certificate and the token being generated from the at least one hash of the physical address of said item of equipment (Pastusiak: par. 0023 the token generation module 114 generates tokens for distribution to the plurality of clients 104(n); par. 0024 the token system 106 may include a database 126 having a plurality of hash values 128(k) [] each of the plurality of hash values 128(k) corresponds to a token previously generated by the token generation module 114), and transmit said certification token and the hash of said certification token to said item of equipment (Pastusiak: par. 0032 the distribution server 206 may execute a distribution module 236 on the processor 214 [] to form a communication having the token for distribution across the network 108 to the client 104(n); par. 0033 upon receipt of the token 122(i) by the client 104(n), the token 122(i) may be communicated by the client 104(n) via the network 108 to the token system 106 for verification). Therefore, it would have been obvious to a person of ordinary skill in the art, before the effective filing date of the claimed invention to combine the teachings of Pastusiak with the system/method of Pfeffer to include a certification token generated from at least the at least one said hash of the physical address, and a hash of said certification token. One would have been motivated to generation, distribution and verification of tokens using a secure hash algorithm (Pastusiak: par. 0001). Regarding claim 12: Pfeffer in view of Pastusiak discloses the method according to claim 1. Pastusiak further discloses a non-transitory computer readable medium comprising a computer: par. 0025 in the case of a software implementation, the module, functionality, or logic represents program code that performs specified tasks when executed on a processor (e.g., CPU or CPUs). The program code can be stored in one or more computer readable memory devices). The motivation is the same that of claim 1 above. Claims 3, 6 and 13 are rejected under 35 U.S.C. 103 as being unpatentable over Pfeffer et al. (“Pfeffer,” US 2006/0165082) in view of Pastusiak et al. (“Pastusiak et al.,” US 2006/01295.01) and Angus (US 2016/0294829). Regarding claim 3: Pfeffer discloses a method for providing a certification token associated with an item of equipment connected to at least one communication network for authenticated establishment of a connection between said item of equipment and a server of a service provider, said method being implemented by a network address configuration server and comprising: receiving a request for allocating at least one network address comprising at least one hash of a physical address of said item of equipment (Pfeffer: par. 0031 a hash value produced by applying a hash algorithm to the CM MAC address). Pfeffer does not explicitly disclose obtaining a certificate associated with said item of equipment and a certification token corresponding to said certificate, the certificate and the token being generated from the at least one hash of the physical address of said item of equipment and transmitting said certification token and a hash of said certification token to said item of equipment. However, Pastusiak discloses obtaining a certificate associated with said item of equipment and a certification token corresponding to said certificate, the certificate and the token being generated from the at least one hash of the physical address of said item of equipment (Pastusiak: par. 0023 the token generation module 114 generates tokens for distribution to the plurality of clients 104(n); par. 0024 the token system 106 may include a database 126 having a plurality of hash values 128(k) [] each of the plurality of hash values 128(k) corresponds to a token previously generated by the token generation module 114), transmitting said certification token and a hash of said certification token to said item of equipment (Pastusiak: par. 0032 the distribution server 206 may execute a distribution module 236 on the processor 214 [] to form a communication having the token for distribution across the network 108 to the client 104(n); par. 0033 upon receipt of the token 122(i) by the client 104(n), the token 122(i) may be communicated by the client 104(n) via the network 108 to the token system 106 for verification). Therefore, it would have been obvious to a person of ordinary skill in the art, before the effective filing date of the claimed invention to combine the teachings of Pastusiak with the system/method of Pfeffer to include transmitting said certification token and a hash of said certification token to said item of equipment. One would have been motivated to generation, distribution and verification of tokens using a secure hash algorithm (Pastusiak: par. 0001). Pfeffer in view of Pastusiak does not explicitly disclose a certificate associated with said configuration server and at least one network address allocated to said item of equipment by said configuration server. However, Angus discloses a certificate associated with said configuration server and at least one network address allocated to said item of equipment by said configuration server (Angus: par. 0046 the manufacturer's digital certificate associated with its digital signature is also stored on the sensor 102). Therefore, it would have been obvious to a person of ordinary skill in the art, before the effective filing date of the claimed invention to combine the teachings of Angus with the system/method of Mahkonen to include a certificate associated with said configuration server and at least one network address allocated to said item of equipment by said configuration. One would have been motivated to providing securely provisioning devices in the manufacturing process (Angus: par. 0001). Regarding claim 6: Pfeffer in view of Pastusiak and Angus discloses the method according to claim 3. Angus further discloses generating the certificate associated with said item of equipment and the certification token corresponding to said certificate from the at least one hash of the physical address of said item of equipment, a certificate associated with said configuration server and at least one network address allocated to said item of equipment by said configuration server (Angus: par. 0088 the certification module 506 reissues certificates to the other devices of the WSN, e.g., the sensors 102 and access points 202 that correspond to the new server; par. 0095 a unique identifier for the sensor device 602 (e.g., a MAC address, an IP address, a globally unique identifier, or the like)). The motivation is the same that of claim 3 above. Regarding claim 13: Pfeffer in view of Pastusiak discloses the method according to claim 1. Pastusiak further discloses a non-transitory computer readable medium comprising a computer: par. 0025 in the case of a software implementation, the module, functionality, or logic represents program code that performs specified tasks when executed on a processor (e.g., CPU or CPUs). The program code can be stored in one or more computer readable memory devices). The motivation is the same that of claim 3 above. Claims 4 and 5 are rejected under 35 U.S.C. 103 as being unpatentable over Pfeffer et al. (“Pfeffer,” US 2006/0165082) in view of Pastusiak et al. (“Pastusiak et al.,” US 2006/01295.01) and Angus (US 2016/0294829) and Wan et al., (“Wan,” US 2009/0158031). Regarding claim 4: Pfeffer in view of Pastusiak and Angus discloses the method according to claim 3. Pfeffer in view of Pastusiak does not explicitly disclose transmitting, to a domain name server, a request for associating said certificate, said certification token and said hash of said certification token with at least one domain name. However, Wan discloses transmitting, to a domain name server, a request for associating said certificate, said certification token and said hash of said certification token with at least one domain name (Wan: par. 0039 DHCP server 1201 returns a DHCP Response 510, namely a message that includes the domain name or IP address of certificate server 1202. Thereafter, network device 110 determines whether DHCP server 1201 is in the same subnet as the other servers (e.g. a DNS server 1203 and/or certificate server 1202)). Therefore, it would have been obvious to a person of ordinary skill in the art, before the effective filing date of the claimed invention to combine the teachings of Wan with the system/method of Pfeffer and Pastusiak to include transmitting, to a domain name server, a request for associating said certificate, said certification token and said hash of said certification token with at least one domain name. One would have been motivated to providing a system and method for installing digital certificates securely within a network device (Wan: par. 0018). Regarding claim 5: Pfeffer in view of Pastusiak, Angus and Wan discloses the method according to claim 4. Angus further discloses in response to a request for extending an allocation of said network address allocated to said item of equipment, transmitting a request for extending the association of said certificate (Angus: par. 0019 the new CA server reissues certificates to the one or more unchanged devices of the secure wireless sensor network in response to verifying the identities of the one or more unchanged devices). The motivation is the same that of claim 3 above. Claims 7 and 9 are rejected under 35 U.S.C. 103 as being unpatentable over Pfeffer et al. (“Pfeffer,” US 2006/0165082) in view of Angus (US 2016/0294829) and Wan et al., (“Wan,” US 2009/0158031). Regarding claim 7: Pfeffer discloses a system comprising: at least one item of equipment connected to at least one communication network (Pfeffer: par. 0046 standalone device that connects to a cable modem), at least one network address configuration server (Pfeffer: fig. 1), and at least one server of a service provider (Pfeffer: par. 0041 service provider), wherein: the item of equipment is configured to transmit, to the configuration server, a request for allocating at least one network address comprising at least one hash of a physical address of said item of equipment (Pfeffer: par. 0006 when the application server communicates with the CMTS to reserve the network resources required to provide the services to the requesting subscriber, the application server provides the CMTS the CM MAC and CM IP addresses to facilitate resource allocation; par. 0031 a MAC address token may be ciphertext produced by [] a hash value produced by applying a hash algorithm to the CM MAC address), the configuration server is configured to generate a creation request for creating a certificate associated with said item of equipment, the request comprising the at least one hash of the physical address of said item of equipment (Pfeffer: par. 0006 the request is modified to include information identifying the CMTS serving the CPE requesting services from the application server and the cable modem (CM) MAC and CM IP address). Pfeffer does not explicitly discloses at least one certificate creation module, a certificate associated with said configuration server and at least one network address allocated to said item of equipment by said configuration server, the configuration server is configured to transmit said creation request to the certificate creation module, and the certificate creation module is configured to generate, from information comprised in the creation request, a certificate associated with said item of equipment and a certification token corresponding to said certificate. However, Angus discloses at least one certificate creation module (Angus: par. 0088 the certification module 506), a certificate associated with said configuration server and at least one network address allocated to said item of equipment by said configuration server (Angus: par. 0019 the new CA server reissues certificates to the one or more unchanged devices of the secure wireless sensor network in response to verifying the identities of the one or more unchanged devices), the configuration server is configured to transmit said creation request to the certificate creation module (Angus: par. 0087 the sensors 102 and/or the access points 202 may request a new certificate from the new server that indicates the identity of the new server), and the certificate creation module is configured to generate, from information comprised in the creation request, a certificate associated with said item of equipment and a certification token corresponding to said certificate (Angus: par. 0088 the certification module 506 is configured to issue, or reissue, certificates to maintain or reconstruct the chain of trust within the WSN). Therefore, it would have been obvious to a person of ordinary skill in the art, before the effective filing date of the claimed invention to combine the teachings of Angus with the system/method of Pfeffer to include a certificate associated with said item of equipment and a certification token corresponding to said certificate. One would have been motivated to providing securely provisioning devices in the manufacturing process (Angus: par. 0001). Pfeffer in view of Angus does not explicitly disclose at least one domain name server, the certificate creation module is configured to transmit, to the domain name server, a request for associating said certificate, said certification token and said hash of said certification token with at least one domain name, the domain name server is configured to associate, with at least one domain name, the certificate associated with said item of equipment, the corresponding certification token and the hash of said certification token, and following an acknowledgement of the association with the domain name, the item of equipment is configured to receive the certification token and the hash of said certification token from the configuration server. However, Wan discloses at least one domain name server (Wan: par. 0025 Domain Name Server (DNS)), the certificate creation module is configured to transmit, to the domain name server, a request for associating said certificate, said certification token and said hash of said certification token with at least one domain name (Wan: par. 0038 network device 110 initiates a DHCP Configuration Request 500 to a DHCP server 1201 . DHCP Configuration Request 500 is a message that is adapted to request an IP address or domain name for the certificate server responsible for downloading certificates to the network device during its initial configuration of the trusted certificate list (TCL); par. 0039 DHCP server 1201 returns a DHCP Response 510, namely a message that includes the domain name or IP address of certificate server 1202), the domain name server is configured to associate, with at least one domain name, the certificate associated with said item of equipment, the corresponding certification token and the hash of said certification token (Wan: par. 0025 DHCP is a protocol used by network devices (IP clients) to obtain IP addresses and other parameters such as the default gateway, a subnet mask, and/or IP addresses of Domain Name Service (DNS) servers from a DHCP server), and following an acknowledgement of the association with the domain name, the item of equipment is configured to receive the certification token and the hash of said certification token from the configuration server (Wan: par. 0038 network device 110 initiates a DHCP Configuration Request 500 to a DHCP server 1201 . DHCP Configuration Request 500 is a message that is adapted to request an IP address or domain name for the certificate server responsible for downloading certificates to the network device during its initial configuration of the trusted certificate list (TCL)). Therefore, it would have been obvious to a person of ordinary skill in the art, before the effective filing date of the claimed invention to combine the teachings of Wan with the system/method of Pfeffer and Angus to include following an acknowledgement of the association with the domain name, the item of equipment is configured to receive the certification token and the hash of said certification token from the configuration server. One would have been motivated to providing a system and method for installing digital certificates securely within a network device (Wan: par. 0018). Regarding claim 9: Pfeffer in view of Angus and Wan discloses the system according to claim 7. Angus further discloses wherein the certificate creation module is comprised in the at least one network address configuration server (Angus: fig. 5 item 506 certification module; par. 0088 the certification module 506 reissues certificates to the other devices of the WSN, e.g., the sensors 102 and access points 202 that correspond to the new server; par. 0095 a unique identifier for the sensor device 602 (e.g., a MAC address, an IP address, a globally unique identifier, or the like)). The motivation is the same that of claim 7 above. Claim 8 is rejected under 35 U.S.C. 103 as being unpatentable over Pfeffer et al. (“Pfeffer,” US 2006/0165082) in view of Angus (US 2016/0294829), Wan et al., (“Wan,” US 2009/0158031) and Pastusiak et al. (“Pastusiak et al.,” US 2006/01295.01). Regarding claim 8: Pfeffer in view of Angus and Wan discloses the system according to claim 7. Wan further discloses the server of the service provider is configured to verify the domain name associated with said certification token using said hash of said certification token and said certificate associated with said item of equipment (Wan: par. 0040 if DHCP server 1201 is in the same subnet as DNS server 1203 and/or certificate server 1202 (operation 520), the certificate loading process may be discontinued, generating a displayed error signal on network device 110 to select a DHCP server different than DHCP server 1201 or to contact a network administrator or a call/service center for network device 110), in response to verification of the certification token and the domain name associated with the certification token, the server of the service provider is configured to transmit a message acknowledging establishment of said connection with said item of equipment (Wan: par. 0040 the certificate loading process may be discontinued, generating a displayed error signal on network device 110 [] transmit an error signal to another server to prompt an inquiry or the like. Otherwise, a communication session is established between certificate server 1202 and network device 110 in order to coordinate the download of bootstrapping digital certificate 160 from certificate server 120). The motivation is the same that of claim 7 above. Pfeffer in view of Angus and Wan does not explicitly disclose the item of equipment is configured to transmit a request for establishing a connection with a server of the at least one server of the service provider comprising at least said corresponding certification token and said hash of said certification token and the server of the service provider is configured to verify the certification token using said hash of said certification token and a cryptographic key associated with said certificate creation module. However, Pastusiak discloses the item of equipment is configured to transmit a request for establishing a connection with a server of the at least one server of the service provider comprising at least said corresponding certification token and said hash of said certification token (Pastusiak: par. 0023 the token generation module 114 generates tokens for distribution to the plurality of clients 104(n); par. 0024 the token system 106 may include a database 126 having a plurality of hash values 128(k) [] each of the plurality of hash values 128(k) corresponds to a token previously generated by the token generation module 114), the server of the service provider is configured to verify the certification token using said hash of said certification token and a cryptographic key associated with said certificate creation module (Pastusiak: par. 0018 a token verification system may be utilized which stores hash values of the tokens which are then utilized to verify tokens communicated over the network). Therefore, it would have been obvious to a person of ordinary skill in the art, before the effective filing date of the claimed invention to combine the teachings of Pastusiak with the system/method of Pfeffer, Angus and Wan to include verify the certification token using said hash of said certification token and a cryptographic key associated with said certificate creation module. One would have been motivated to generation, distribution and verification of tokens using a secure hash algorithm (Pastusiak: par. 0001). Conclusion Any inquiry concerning this communication or earlier communications from the examiner should be directed to Fahimeh Mohammadi whose telephone number is (571)270-7857. The examiner can normally be reached Monday - Friday 9:00 - 5:00. Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Luu Pham can be reached at 5712705002. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. /FAHIMEH MOHAMMADI/ Examiner, Art Unit 2439 /KARI L SCHMIDT/Primary Examiner, Art Unit 2439