DETAILED ACTION

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Remarks
Claims 1, 4-10, 16-20, 24, 27, 31, 34-53 are pending; of these, claims 1, 4-10, 31, 34-37, 46-47, 51 are withdrawn.  Claims 2-3, 11-15, 21-23, 25-26, 28-30, 32-33 are cancelled.

Examiner’s Note
Examiner attempted to contact Applicant’s Attorney of Record, Chen Pin Huang, Reg. No. 75,826, on 2/11/2021, to discuss issue of election by original presentation.  However, Examiner was unable to reach Representative, and Representative did not reply to voicemail as of 2/18/2021.

Election/Restrictions
Newly submitted claims 1, 4-10, 31, 34-37, 46-47, 51 are directed to an invention that is independent or distinct from the invention originally claimed for the following reasons: 
The newly submitted claims and the invention originally claimed are related as subcombinations disclosed as usable together in a single combination.  The subcombinations are distinct if they do not overlap in scope and are not obvious variants, and if it is shown that at least one subcombination is separately usable.  In the instant case, the newly submitted subcombination has separate utility such as “receiving and encryption key from the second device”, and “transmitting the received encryption key to the second device, wherein the encryption key is configured to decrypt an unlocking key to unlock the .
Since applicant has received an action on the merits for the originally presented invention, this invention has been constructively elected by original presentation for prosecution on the merits.  Accordingly, claims 1, 4-10, 31, 34-37, 46-47, 51 are withdrawn from consideration as being directed to a non-elected invention.  See 37 CFR 1.142(b) and MPEP § 821.03.
Furthermore, claims 16-20, 24, 27, 38-45, 48-50, 52-53, as amended, are directed to the originally presented invention (i.e. authentication using a received secret key), and are therefore part of the elected group.

Information Disclosure Statement
The information disclosure statement (IDS) submitted on 8/5/2020 is in compliance with the provisions of 37 CFR 1.97.  Accordingly, the information disclosure statement is being considered by the examiner.

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention 

Claims 16-17, 20, 24, 38-45, 49, 52-53 are rejected under 35 U.S.C. 103 as being unpatentable over Olsen et al (PGPUB 2012/0015629), and further in view of Mahaffey et al (PGPUB 2014/0282877).

Regarding Claim 16:
	Olsen teaches a non-transitory computer-readable storage medium of a first device capable of unlocking a second device (abstract, unlocking functionality of a mobile computing device upon wirelessly detecting that an external device is in relatively close proximity), the storage medium storing instructions which, when executed by a processor, perform a method comprising (paragraph 73-74, computer-readable medium containing instructions implemented by a processor): 
receiving a secret key from the second device (paragraph 68-69, mobile computing device (i.e. “second device”) sends “challenge” message including random number comprising defined number of bits which is received by external device; challenge message functions as secret key); 
transmitting the received secret key to the second device to unlock the second device (paragraph 68-69, external device (i.e. “first device”) encrypts challenge message using private key and sends back to mobile computing device; mobile computing device decrypts received message and authenticates external device upon determining that the decrypted version of the challenge message matches the originally sent challenge message; paragraph 70, responsive to authenticating external device, mobile computing device determines that external device is present and proceeds with unlocking techniques, allowing full user access to applications).
Olsen does not explicitly teach, in accordance with a determination that the first device is unlocked, transmitting the received secret key, wherein determining that the first device is unlocked includes determining that a user of the first device is authenticated with the first device; and

	However, Mahaffey teaches the concept of, in accordance with a determination that a first device is unlocked, transmitting a secret key to a second device to unlock the second device (abstract, if key device is near the mobile communication device, the mobile communication device may be automatically unlocked without the user having to input an unlock code; paragraph 171, prior to unlocking the PC 200, the phone/key device 210 must be in a specific state; for instance, when the devices initially connect via BLUETOOTH, the mobile phone 210 can provide its side of mutual authentication or the PC’s encryption key only when its screen is unlocked), wherein determining that the first device is unlocked includes determining that a user of the first device is authenticated with the first device (paragraph 55, when proximity of the key device is detected and authenticated, change in security behavior of the target device will be implemented only when the key device supplies additional information known to the user, e.g. that the user is currently logged in to the phone; through communications between the target device and key device, behavior modification module determines information indicating that the user is logged into the key device and that therefore, the user knows information; therefore, what the user has coupled with what the user knows triggers the change in security behavior; paragraph 79, in an exemplary embodiment, Alice uses iPhone Touch ID to authenticate self to iPhone and unlock the device; proximity prevents autolock from engaging after timeout; paragraph 81, 82, security system unlocks iPhone; at a later time, Alice puts iPhone into her pocket, enters her office and turns on her PC; PC pairs with iPhone using Bluetooth; system security component on iPhone communicates with system security component on PC to determine that Alice is authenticated to iPhone and is in possession of the device; security component on PC unlocks PC because Alice is proved to be authenticated and acceptably proximate; therefore, unlocking includes determining that a user of the first (key) device is authenticated with first (key) device); and
(paragraph 171, prior to unlocking the PC 200, the phone/key device 210 must be in a specific state; for instance, when the devices initially connect via BLUETOOTH, the mobile phone 210 can provide its side of mutual authentication or the PC’s encryption key only when its screen is unlocked; therefore, device forgoes transmitting key if screen is locked); and
	Olsen teaches wherein the secret key is the received secret key (paragraph 68-70, as above).
	It would have been obvious to one or ordinary skill in the art before the effective filing date of the claimed invention to combine the unlocked key device teachings of Mahaffey with the unlocking a second device from a first device teachings of Olsen, with the benefit of requiring the possessor of a key device to verify access and authentication to said key device prior to using it as an authentication device for unlocking another device, thereby improving the security environment by preventing a thief or malicious actor from merely being able to steal both items and automatically gain access without knowing at least the access code or method for authenticating/unlocking the key device.

Regarding Claim 17:
	Olsen in view of Mahaffey teaches the non-transitory computer-readable storage medium of claim 16.  In addition, Olsen teaches the method further comprising detecting whether the second device is within a Bluetooth range of the first device (paragraph 14, mobile computing device and external device communicate via Bluetooth; paragraph 15, mobile computing device detects whether external device is in range).

Regarding Claim 20:
(paragraph 68-70, mobile computing device sends challenge including random number; challenge functions as device unlock key).

Regarding Claim 24:
	Olsen teaches a first device capable of unlocking a second device (abstract, unlocking functionality of a mobile computing device upon wirelessly detecting that an external device is in relatively close proximity), the first device comprising: 
a receiving module configured for receiving a secret key from the second device (paragraph 68-69, mobile computing device (i.e. “second device”) sends “challenge” message including random number comprising defined number of bits which is received by external device; challenge message functions as secret key); 
a transmitting module configured for transmitting the received secret key to the second device to unlock the second device (paragraph 68-69, external device (i.e. “first device”) encrypts challenge message using private key and sends back to mobile computing device; mobile computing device decrypts received message and authenticates external device upon determining that the decrypted version of the challenge message matches the originally sent challenge message; paragraph 70, responsive to authenticating external device, mobile computing device determines that external device is present and proceeds with unlocking techniques, allowing full user access to applications).
	Olsen does not explicitly teach transmitting, in accordance with a determination that the first device is unlocked, the received secret key, wherein determining that the first device is unlocked includes determining that a user of the first device is authenticated with the first device.
(abstract, if key device is near the mobile communication device, the mobile communication device may be automatically unlocked without the user having to input an unlock code; paragraph 171, prior to unlocking the PC 200, the phone/key device 210 must be in a specific state; for instance, when the devices initially connect via BLUETOOTH, the mobile phone 210 can provide its side of mutual authentication or the PC’s encryption key only when its screen is unlocked), wherein determining that the first device is unlocked includes determining that a user of the first device is authenticated with the first device (paragraph 55, when proximity of the key device is detected and authenticated, change in security behavior of the target device will be implemented only when the key device supplies additional information known to the user, e.g. that the user is currently logged in to the phone; through communications between the target device and key device, behavior modification module determines information indicating that the user is logged into the key device and that therefore, the user knows information; therefore, what the user has coupled with what the user knows triggers the change in security behavior; paragraph 79, in an exemplary embodiment, Alice uses iPhone Touch ID to authenticate self to iPhone and unlock the device; proximity prevents autolock from engaging after timeout; paragraph 81, 82, security system unlocks iPhone; at a later time, Alice puts iPhone into her pocket, enters her office and turns on her PC; PC pairs with iPhone using Bluetooth; system security component on iPhone communicates with system security component on PC to determine that Alice is authenticated to iPhone and is in possession of the device; security component on PC unlocks PC because Alice is proved to be authenticated and acceptably proximate; therefore, unlocking includes determining that a user of the first (key) device is authenticated with first (key) device); and
	Olsen teaches wherein the secret key is the received secret key (paragraph 68-70, as above).


Regarding Claim 38:
	Olsen in view of Mahaffey teaches the non-transitory computer-readable storage medium of claim 16.  In addition, Olsen teaches wherein the first device is one or more of a smartphone, a tablet computer, a laptop computer, a desktop computer, an electronic reader, a smart TV, a handheld device, a wearable device, and a game console (paragraph 15, external device comprises small, mobile device that can be carried by a user, i.e. a handheld device).

Regarding Claim 39:
	Olsen in view of Mahaffey teaches the non-transitory computer-readable storage medium of claim 38.  In addition, Olsen teaches wherein the second device is one or more of a smartphone, a tablet computer, a laptop computer, a desktop computer, an electronic reader, a smart TV, a handheld device, a wearable device, and a game console (paragraph 13, mobile computing device comprises wireless communication device (e.g., wireless mobile handset or device), a video telephone, a digital multimedia player, a personal digital assistant (PDA), or other mobile device).

Regarding Claim 40:
(paragraph 27, watch or head-mounted device/glasses (i.e. wearable device) plays role of server 111; paragraph 31, system includes target device and key device; target device is server 111; key device is portable electronic device, e.g. card, keychain, smartphone, or any other personal item carried by user).

Regarding Claim 41:
	Olsen in view of Mahaffey teaches the non-transitory computer-readable storage medium of claim 16.  In addition, Olsen teaches wherein the first device is a handheld device and the second device is a handheld device (paragraph 13, mobile computing device comprises wireless communication device (e.g., wireless mobile handset or device), a video telephone, a digital multimedia player, a personal digital assistant (PDA), or other mobile device, i.e. handheld device; paragraph 15, external device comprises small, mobile device that can be carried by a user, i.e. a handheld device).

Regarding Claim 42:
	Olsen in view of Mahaffey teaches the device of claim 24.  In addition, Olsen teaches wherein the first device is one or more of a smartphone, a tablet computer, a laptop computer, a desktop computer, an electronic reader, a smart TV, a handheld device, a wearable device, and a game console (paragraph 15, external device comprises small, mobile device that can be carried by a user, i.e. a handheld device).

Regarding Claim 43:
(paragraph 13, mobile computing device comprises wireless communication device (e.g., wireless mobile handset or device), a video telephone, a digital multimedia player, a personal digital assistant (PDA), or other mobile device).

Regarding Claim 44:
	Olsen in view of Mahaffey teaches the device of claim 24.  In addition, Mahaffey teaches wherein the first device is a handheld device and the second device is a wearable device (paragraph 27, watch or head-mounted device/glasses (i.e. wearable device) plays role of server 111; paragraph 31, system includes target device and key device; target device is server 111; key device is portable electronic device, e.g. card, keychain, smartphone, or any other personal item carried by user).

Regarding Claim 45:
	Olsen in view of Mahaffey teaches the device of claim 24.  In addition, Olsen teaches wherein the first device is a handheld device and the second device is a handheld device (paragraph 13, mobile computing device comprises wireless communication device (e.g., wireless mobile handset or device), a video telephone, a digital multimedia player, a personal digital assistant (PDA), or other mobile device, i.e. handheld device; paragraph 15, external device comprises small, mobile device that can be carried by a user, i.e. a handheld device).

Regarding Claim 49:
(paragraph 171, prior to unlocking the PC 200, the phone/key device 210 must be in a specific state; for instance, when the devices initially connect via BLUETOOTH, the mobile phone 210 can provide its side of mutual authentication or the PC’s encryption key only when its screen is unlocked; therefore, device forgoes transmitting key if screen is locked); and
	Olsen teaches wherein the secret key is the received secret key (paragraph 68-70, as above).

Regarding Claim 52:
	Olsen in view of Mahaffey teaches the non-transitory computer-readable storage medium of claim 16.  In addition, Mahaffey teaches wherein the user of the first device is authenticated with the first device via a passcode received at the first device (paragraph 11, “something the user knows”, i.e. PIN or password; paragraph 55, user provides information known to the user, i.e. PIN or password, to authenticate user; if user is logged into key device, key device provides the information, therefore, user knows information; user has therefore logged into key device using “something the user knows”).

Regarding Claim 53:
	Olsen in view of Mahaffey teaches the device of claim 24.  In addition, Mahaffey teaches wherein the user of the first device is authenticated with the first device via a passcode received at the first device (paragraph 11, “something the user knows”, i.e. PIN or password; paragraph 55, user provides information known to the user, i.e. PIN or password, to authenticate user; if user is logged into key device, key device provides the information, therefore, user knows information; user has therefore logged into key device using “something the user knows”).

Claims 18-19 are rejected under 35 U.S.C. 103 as being unpatentable over Olsen in view of Mahaffey, and further in view of Costa et al (PGPUB 2015/0229619).

Regarding Claim 18:
Olsen in view of Mahaffey teaches the non-transitory computer-readable storage medium of claim 16.
Neither Olsen nor Mahaffey explicitly teaches the method further comprising signing a first key with a second key.
However, Costa teaches the concept of signing a first key with a second key (paragraph 42, attestation includes key generated by machine for the job; attestation provided in form of data record signed with key provided by machine manufacturer).
It would have been obvious to one or ordinary skill in the art before the effective filing date of the claimed invention to combine the key signing teachings of Costa with the unlocking a second device from a first device teachings of Olsen in view of Mahaffey, in order to protect the integrity of the keys using a trusted environment such as a secure enclave, which is a hardware environment designed to limit access to keys, protecting them by preventing key leakage.

Regarding Claim 19:
Olsen in view of Mahaffey and Costa teaches the non-transitory computer-readable storage medium of claim 18.  In addition, Costa teaches wherein the first key comprises a device key and the second key comprises a SEP global key (paragraph 27-29, 42, attestation includes key generated by machine for the job; attestation provided in form of data record signed with key provided by machine manufacturer; manufacturer key used for attestation stored in trusted secure enclave environment).

Claim 27 is rejected under 35 U.S.C. 103 as being unpatentable over Olsen in view of Mahaffey, and further in view of Devol et al (PGPUB 2011/0305337).

Regarding Claim 27:
	Olsen in view of Mahaffey teaches the non-transitory computer-readable storage medium of claim 16.
Neither Olsen nor Mahaffey explicitly teaches the method further comprising: prior to receiving the secret key from the second device, certifying a device key with a common authority.
However, Devol teaches the concept of a method comprising: prior to receiving a secret key from a second device, certifying a device key with a common authority (paragraph 12, system includes checking if the user is nearby, sending challenge message to the mobile phone and receiving validation message from the user key; the system can lock the computer or log out from an operating system if the user key is not nearby; paragraph 37, the communication between the mobile device 10 and the laptop 8 is secured; in addition to encrypting the message using public key cryptography, the message may be additionally protected by using a digital certificate; a certificate authority functions as a trusted party known to both the laptop 8 and the cell phone 10; the certificate authority possesses both a public and private key, of which the private key is closely guarded; the public key of the mobile device 10 may be encrypted using the private key of the certificate authority; this constitutes a digital certificate that can be used to help authenticate different devices, in this case the mobile device 10 and the laptop 8 to each other using the certificate authority; paragraph 30, mobile phone uses a wireless transceiver for sending and receiving authentication information to the laptop; communication is secured by encrypting the message using public key cryptography; system has two software components: a component on the mobile phone and a component on the laptop; the component on the laptop is responsible for checking if a mobile phone is nearby, sending challenge message to the mobile).
It would have been obvious to one or ordinary skill in the art before the effective filing date of the claimed invention to combine the common certificate authority teachings of Devol with the unlocking a second device from a first device teachings of Olsen in view of Mahaffey, in order to improve security by relying on a trusted party known to both the first device and the second device, thereby providing assurance that each device was certified by said trusted party, and not being introduced by a malicious actor in order to obtain unauthorized access.

Claims 48, 50 are rejected under 35 U.S.C. 103 as being unpatentable over Olsen in view of Mahaffey, and further in view of Shah et al (PGPUB 2015/0296074 and related provisional application 61/980,018, with citations drawn from provisional application).

Regarding Claim 48:
	Olsen in view of Mahaffey teaches the non-transitory computer-readable storage medium of claim 16.
Neither Olsen nor Mahaffey explicitly teaches wherein the method further comprises: in accordance with the determination that the first device is unlocked: presenting a device key of the first electronic device to the second electronic device, the device key indicating that the first electronic device is unlocked.
However, Shah teaches the concept wherein a method comprises: in accordance with a determination that a first device is unlocked: presenting a device key of the first electronic device to a (paragraph 35-36, secondary computing device responds to challenge by sending encrypted challenge response code; challenge response code indicates whether secondary computing device is itself locked; if the code indicates that secondary computing device is unlocked then primary computing device unlocks).
It would have been obvious to one or ordinary skill in the art before the effective filing date of the claimed invention to combine the unlocked device indication of Shah with the unlocking a second device from a first device teachings of Olsen in view of Mahaffey, in order to provide the second device a means of control over security policy decisions by sending key device state information, thereby allowing the second device to determine whether or not to unlock on the basis of the key device state, giving more control to the device which is being accessed.

Regarding Claim 50:
	Olsen in view of Mahaffey teaches the device of claim 24.
Neither Olsen nor Mahaffey explicitly teaches wherein, in accordance with a determination that the first device is unlocked, the transmitting module transmits a device key of the first electronic device to the second electronic device, the device key indicating that the first device is unlocked.
However, Shah teaches the concept wherein, in accordance with a determination that a first device is unlocked: presenting a device key of the first electronic device to a second electronic device, the device key indicating that the first electronic device is unlocked (paragraph 35-36, secondary computing device responds to challenge by sending encrypted challenge response code; challenge response code indicates whether secondary computing device is itself locked; if the code indicates that secondary computing device is unlocked then primary computing device unlocks).
It would have been obvious to one or ordinary skill in the art before the effective filing date of the claimed invention to combine the unlocked device indication of Shah with the unlocking a second .

Response to Arguments
Applicant’s arguments with respect to claims 1, 4-10, 31, 34-37, 46-47, 51, pages 8-9 of remarks dated 8/5/2020, have been considered but are moot because the arguments apply to claims which are non-elected by original presentation.

Regarding the rejection of claims under 35 USC 103:
Applicant’s arguments: Mahaffey discloses that before unlocking a PC with a phone, the phone must be in a specific state. See Mahaffey at paragraph [0171]. For example, if the phone can provide its side of the authentication only when its screen is unlocked. See id. However, Mahaffey is silent about whether the phone having its screen unlocked includes determining that a user is authenticated with the first device. For example, having an unlocked screen could merely indicate that the user woke up the device, but has not yet authenticated himself or herself with the device. At the very least, Mahaffey does not disclose that determining that the device is unlocked includes determining that the user is authenticated with the device. For at least this reason, Mahaffey fails to disclose "receiving a secret key from the second device; in accordance with a determination that the first device is unlocked, transmitting the received secret key to the second device to unlock the second device, wherein determining that the first device is unlocked includes determining that a user of the first device is authenticated with the first device," as required by claim 1. 


Examiner’s response: Examiner disagrees.  Mahaffey clearly teaches unlocking a key device as a result of user authentication (e.g. paragraph 55, determination that user is logged into key device; paragraph 79-82, exemplary user authenticates self to key device, e.g. iPhone).  Further, Mahaffey explicitly recites that the security system of the target device determines that the user is authenticated to the key device (paragraph 82, “The system security component on the iPhone communicates with the system security component on the PC to determine that Alice is authenticated to the iPhone and is in possession of the device.”).  The term “unlocking” does not define a specific sequence of steps or state of the device.  Therefore, as authenticating to a device could alone be seen as “unlocking”, determining that a user has authenticated to a key device could be seen as determining the device as being “unlocked”.  Therefore, Mahaffey at least teaches “in accordance with a determination that the first device is unlocked, transmitting the secret key to the second device to unlock the second device, wherein determining that the first device is unlocked includes determining that a user of the first device is authenticated with the first device”.  Olsen further teaches wherein the secret key is a received secret key (paragraph 68-70).  Therefore, the combination of Olsen and Mahaffey teaches "receiving a secret 

Applicant’s arguments regarding claim 24 are similar to those regarding claim 16 and are therefore responded to in a similar way.
Applicant’s remaining arguments relate to dependent claims being allowable due to depending from an allowable independent claim.  However, as shown above, the independent claims are not allowable.

Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 


Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Ashok Patel can be reached on 5712723972.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.






/FORREST L CAREY/Examiner, Art Unit 2491                                                                                                                                                                                                        

/ASHOKKUMAR B PATEL/Supervisory Patent Examiner, Art Unit 2491