SYSTEM AND METHOD FOR ENHANCED IOT DEVICE SECURITY AND RELIABILITY USING MULTIPLE COMMUNICATION INTERFACE TYPES

§102 §103 §112

DETAILED ACTION Notice of AIA Status The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . The present office action is responsive to communications received on 7/31/2024. Claims 1-20 are pending. Information Disclosure Statement The information disclosure statement (IDS) submitted on 10/28/2025 is in compliance with the provisions of 37 CFR 1.97. Accordingly, the information disclosure statement is being considered by the examiner. Claim Rejections - 35 USC § 112 The following is a quotation of 35 U.S.C. 112(b): (b) CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention. The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph: The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention. Claim 16 is rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor, or for pre-AIA the applicant regards as the invention. The rejection(s) under 35 U.S.C. 112(b) is/are determined by the following reasons: Claim 16 recites the limitation "the apparatus" in “wherein the key comprises a symmetric key securely shared by the apparatus and the plurality of IoT devices.“ There is insufficient antecedent basis for this limitation in the claim. It is not clear what apparatus is referred to here. Claim Rejections - 35 USC § 102 In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status. The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action: A person shall be entitled to a patent unless – (a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale or otherwise available to the public before the effective filing date of the claimed invention. Claims 1-6, 10-16 and 20 are rejected under 35 U.S.C. 102(a)(1) as being anticipated by Martin (US 20170180130 A1). Regarding claim 1, Martin teaches an apparatus for controlling a plurality of Internet of Things (IoT) devices (Abstract), comprising: a first interface to support direct wireless packet transmission from the apparatus to the plurality of IoT devices (para [0053] - "However, portable computers are not so limited and may also include other portable computers such as cellular telephones, display pagers, radio frequency (RF) devices, infrared (IR) devices, Personal Digital Assistants (PDAs), handheld computers, wearable computers, integrated devices combining one or more of the preceding computers, or the like."; para [0066] - "Client computer 200 also includes a power supply 228, one or more network interfaces 236, an audio interface 238, a display 240, a keypad 242, an illuminator 244, a video interface 246, an input/output interface 248, a haptic interface 250, and a global positioning system (GPS) receiver 232."; para [0186] - "In at least one of the various embodiments, messages may be arranged to have a fixed length payload that may be encrypted and authenticated to produce a slightly larger packet."; para [0233] - "At block 1704, in at least one of the various embodiments, advertising packets may be broadcast on one or more advertising channels. In at least one of the various embodiments, the mobile device may be arranged to use one or more channels for broadcasting the advertising packets that include the advertising information."); a second interface to support connectionless network packet transmissions from the apparatus to the IoT devices over a local packet-based network, the second interface of a different interface type than the first interface (para [0061] - "Also, network 110 can include the Internet in addition to local area networks (LANs), wide area networks (W ANs), direct connections, such as through a universal serial bus (USB) port, other forms of computer-readable media, or any combination thereof."; see also para [0053], [0066], [0186] and [0233]); logic to generate control data responsive to user input or sensor input (para [0109] - "Likewise, user interface 432 may comprise elements that enable a user to provide input to the biometric device or for receiving output from the biometric device as discussed above, including biometric data that may be employed to uniquely identify a user... or the like."); a security subsystem to perform operations, comprising: generating a random nonce, encrypting a combination of the random nonce and the control data using a key to produce encrypted data (para [0168] -"At block 906, in at least one of the various embodiments, the mobile device may generate a provisioning token. In at least one of the various embodiments, the token may be a pseudo random nonce that may be generated based on the random number protocols described below. See, FIG. 14. The length of the nonce may vary depending on the level of security/attack resistance that may be required. Also, features of the encryption ciphers (key size, block size, or the like) may influence the selection of the length of the nonce. In at least one of the various embodiments, the size of the nonce may be determined from a configuration value stored in the mobile device, or in some embodiments, user input may be employed to determine the length of the nonce. In at least one of the various embodiments, the token may be employed to cryptographically generate a key."; see also para [0109]); generating, using the key, a first signature based on the encrypted data and a second signature based on the control data, and generating a corresponding counter value (para [0147] - "At step 814, in at least one of the various embodiments, access point 804 may communicate the advertisement nonce to partner cloud service 806 for cryptographic signing. In at least one of the various embodiments, the advertisement nonce may be signed using the partner public key."; para [0151] - "At step 822, in at least one of the various embodiments, biometric device 802 may provide the signed partner nonce and a global public key ID, which the partner may have associated with a user profile, back to access point 804. Accordingly, in at least one of the various embodiments, access point 804 may verify that the signed partner nonce is correct, confirming that the user is the correct user."; para [0188] - "Also, key K is the provisioning key described above. Additionally, cntr may be a message counter that may be arranged to count the total number of 12-byte messages exchanged between the mobile device and the access point during the current session."; see also para [0168]); first packet generation logic associated with the first interface to generate a first packet comprising the control data, the second signature, and the counter value (para [0047] - "In at least one of the various embodiments, encrypting message packets may further include encrypting the message counter based on the session key. In at least one of the various embodiments, the message may be encrypted based on the encrypted message counter. In at least one of the various embodiments, the message tag may be encrypted by encrypting a portion of the encrypted message using the session key. And, in at least one of the various embodiments, a tuple may be generated that includes the encrypted message and the message tag."; see also para [0066], [0147], [0151] and [0168]); and second packet generation logic associated with the second interface to generate a second packet comprising the encrypted data, the first signature, and the counter value (para [0047], [0066], [0147], [0151] and [0168]); wherein the first packet and the second packet are transmitted over the first interface and second interface, respectively, to cause each IoT device of the plurality of IoT devices to perform a corresponding function indicated by the control data (para [0216] - "FIG. 16 illustrates an overview flowchart for process 1600 for initializing a mobile device to perform secure advertisement in accordance with at least one of the various embodiments."; see also para [0047], [0066], [0147], [0151] and [0168]). Regarding claim 2, Martin teaches all the features with respect to claim 1, as outlined above. Martin further teaches wherein the logic to generate the control data comprises input circuitry to receive an indication of a current state of a user controllable switch (para [0098] - "Further, in at least one of the various embodiments, wristband 402 may include an adjustable clasp mechanism, such as, clasp 404, for detecting if a wearable removes wristband 402 from his or her wrist. For example, in at least one of the various embodiments, if a biometric device detects that the clasp is opened, it may automatically de-authenticate itself. In at least one of the various embodiments, resetting and/or de-authenticating biometric device 402 may include erasing it cryptographic state-provisioning keys, session keys, global public keys (for partner cloud services), tokens, advertisement nonces, or the like."; para [0100] - "Yet other non-limiting examples of device removal detection embodiments include ... and mechanical switch detection."; para [0109] - "In at least one of the various embodiments, biometric sensor 402 may be arranged to include a variety of components for interacting with the wearer. Vibration motor 430 may enable the biometric device to vibrate to notify the wearer of various changes in state, or the like (as discussed above)."). Regarding claim 3, Martin teaches all the features with respect to claim 1, as outlined above. Martin further teaches wherein the control data comprises an indication of a desired state of the plurality of IoT devices, a command to cause the plurality of IoT devices to perform a corresponding operation, and/or metadata associated with the apparatus (para [0098], [0100] and [0109]). Regarding claim 4, Martin teaches all the features with respect to claim 1, as outlined above. Martin further teaches wherein the second interface comprises a Wi-Fi or Ethernet interface and the second packet comprises a User Datagram Protocol (UDP) packet (para [0068] - "Client computer 200 may optionally communicate with a base station (not shown), or directly with another computer. Network interface 236 includes circuitry for coupling client computer 200 to one or more networks, and is constructed for use with one or more communication protocols and technologies including, but not limited to ... user datagram protocol (UDP) ... or network interface card (NIC")."; para [013 l] - "At step 608, in at least one of the various embodiments, the access point and the mobile device may engage in an unauthenticated/unsecure handshake to establish an unauthenticated connection. In at least one of the various embodiments, this connection may be established using standard radio protocols, such as, Bluetooth, BLE, NFC, Wi-Fi, or the like."; see also para [0047]). Regarding claim 5, Martin teaches all the features with respect to claim 4, as outlined above. Martin further teaches wherein the UDP packet comprises a broadcast packet to be broadcast over the local packet-based network (para [0233] - "At block 1704, in at least one of the various embodiments, advertising packets may be broadcast on one or more advertising channels. In at least one of the various embodiments, the mobile device may be arranged to use one or more channels for broadcasting the advertising packets that include the advertising information."; see also para [0068]). Regarding claim 6, Martin teaches all the features with respect to claim 1, as outlined above. Martin further teaches wherein the key comprises a symmetric key securely shared by the apparatus and the plurality of IoT devices (para [0119] - "Kapi-a master key for generating signature private keys and (symmetric) secret keys."; see also para [0047] and [0053]). Regarding claim 10, Martin teaches all the features with respect to claim 4, as outlined above. Martin further teaches wherein the first interface comprises a Bluetooth interface and the first packet comprises an advertising packet (para [0068] and [0233]). Regarding claim 11-16 and 20, the scope of the claim is similar to that of claim 1-6, 10, respectively. Accordingly, the claims are rejected using a similar rationale. Claim Rejections - 35 USC § 103 The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action: A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made. Claim 7-9 and 17-19 are rejected under 35 U.S.C. 103 as being unpatentable over Martin (US 20170180130 A1) in view of Kugler (US 20240129253 A1). Regarding claim 7, Martin teaches all the features with respect to claim 1, as outlined above. Martin further teaches comprising a first IoT device of the plurality of IoT devices, the first IoT device comprising: a first IoT device interface to support the direct wireless packet transmission from the apparatus (para [0053], [0066], [0186] and [0233]); a second IoT device interface to support the connectionless network packet transmissions from the apparatus over the local packet-based network (para [0053], [0066], [0186] and [0233]); wherein processing the second packet comprises: validating the signature over the encrypted data using the key, decrypting the encrypted data to determine the control data, and processing the control data to perform the corresponding function (para [0053], [0066], [0186] and [0233]). But Martin does not teach wherein if the second packet is received by the second IoT device interface before the first packet is received by the first IoT device interface, then the first IoT device is to process the second packet and ignore or drop the first packet based on the counter value matching the counter value of the second packet. This aspect of the claim is identified as a difference. However, Kugler in an analogous art explicitly teaches wherein if the second packet is received by the second IoT device interface before the first packet is received by the first IoT device interface, then the first IoT device is to process the second packet and ignore or drop the first packet based on the counter value matching the counter value of the second packet (para [0062] - "TCP is a network communications protocol that enables reliable exchange of data between two host devices (for example, a client device and a server, such as an AS) over a communications network, for example a 3GPP wireless communications network."; para [0064] -"The use of sequence and acknowledgement numbers allows both sides to detect missing, lost, or out-of­order data packets."; para [0136] - "On the other hand, if the client device determines that the ACK Gen Count of the packet under inspection matches the ACK Gen Count value stored in the database entry (316-Yes), then the client device discards the TCP ACK packet (320)."). It would have been obvious to one of ordinary skill in the art to disclose wherein if the second packet is received by the second IoT device interface before the first packet is received by the first IoT device interface, then the first IoT device is to process the second packet and ignore or drop the first packet based on the counter value matching the counter value of the second packet, as taught by Kugler to the system of Martin, as it would allow the system to keep message sequences in order according to the count value, as specified by the tenant application (see Kugler para [0062], [0064] and [0136]).. Regarding claim 8, Martin in view of Kugler teaches all the features with respect to claim 7, as outlined above. The combination further teaches wherein if the first packet is received by the first IoT device interface before the second packet is received by the second IoT device interface, then the first IoT device is to process the first packet and ignore or drop the second packet based on the counter value matching the counter value in the first packet, wherein processing the second packet comprises: validating the signature over the control data, and processing the control data to perform the corresponding function (Martin para [0164] - "(c) The access point may verify the signature by computing Verify(PKDRM, hBiometricDevice, sDRM). If verification fails, the access point disconnects, and aborts the provisioning process."; see also para [0047], [0066], [0147], [0151] and [0168]). Regarding claim 9, Martin in view of Kugler teaches all the features with respect to claim 8, as outlined above. The combination further teaches wherein the corresponding function is to cause a change in a state of the first IoT device (Martin para [0224] - "At block 1612, in at least one of the various embodiments, the mobile device may decrypt its cryptographic state the state key provided by the AAD and initialization a timer/clock to the value of the provided time synchronization value. Decrypting the cryptographic state gives the mobile device access to the identifiers and keys associated with the one or more access points that the mobile device may be provisioned with (See, FIG. 9 and accompanying description). In at least one of the various embodiments, at this point, the mobile device may be ready to advertise its presence to enable access encountered access points"; see also para [0109]). Regarding claim 17-19, the scope of the claim is similar to that of claim 7-9, respectively. Accordingly, the claims are rejected using a similar rationale. Conclusion The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. US 20190361917 A1, "Smart device" by Tran. US 10375044 B2, "Apparatus and method for establishing secure communication channels in an internet of things (IoT) system" by ZAKARIA. US 9699814 B2, “Apparatus and method for establishing secure communication channels in an internet of things (IoT) system" by ZAKARIA. Any inquiry concerning this communication or earlier communications from the examiner should be directed to HAN YANG whose telephone number is (408)918-7638. The examiner can normally be reached on Monday to Friday, 9:00-5:00. Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Carl Colin can be reached on (571)272-3862. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. /HAN YANG/Primary Examiner, Art Unit 2493