DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  

Response to Amendment
This office action is in response to the amendment filed on 12/09/2020.
Claims 1-8, 11-12, and 14-15 are pending for examination. Applicant amends claims 1-4, 6, and 11-12, cancels claims 9-10, and 13, and adds claims 14-15. The amendments have been fully considered and entered.
Amendments to the Abstract have been accepted, however, there is a grammar issue as explained below.
Amendments to claim 2 regarding the claim objection has been accepted. Accordingly, the claim objection has been withdrawn.
Amendments to claims 2-4 regarding the 35 U.S.C. § 112(b) rejections have been accepted and the 35 U.S.C. § 112(b) rejections have been withdrawn.
Regarding the cancellation of claim 10, the 35 U.S.C. § 112(d) rejection has been withdrawn.

Specification
The disclosure is objected to because of the following informalities:
Regarding the Abstract, please add “and” after the last comma in line 7 to fix grammar issues.  Appropriate correction is required.

Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.


The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.


Claim 2 is rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA  35 U.S.C. 112, the applicant), regards as the invention.
Claim 2 recites the limitation “using the random datum” in lines 5-6 of the claim. There is insufficient antecedent basis for this limitation in the claim. It is not clear whether this random datum is the first or second random datum mentioned earlier in the claim or another random datum entirely.



Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1, 6, 7, and 14-15 are rejected under 35 U.S.C. 103 as being unpatentable over Chu et al. (US 20170214662 A1), effectively filed on 01/21/2016, in view of Whitehead et al. (US 20060269066 A1; hereinafter “Whitehead”).
As per claims 1 and 14, Chu discloses: a challenge-response authentication process of a secure element (Chu, Fig. 16, secure element SE) in a micro controller unit (Chu, Fig. 16, application processor AP, [0030], application processor is a microcontroller unit) and a non-transitory computer-readable medium (Chu, [0036]) comprising code instructions for causing the micro controller unit to perform the challenge-response authentication process, the process comprising the following steps conducted by the micro controller unit: 
receiving at least one random datum generated randomly by the secure element (Chu, Fig. 16 and [0118], application processor AP receives random number RN_S (i.e., random datum) generated by the secure element 120), 
generating a challenge datum specific to the micro controller unit from the received random datum (Chu, Fig. 16 and [0121], application processor AP hashes the received random number RN_S and other values in step S74 to generate a first result value Verifier_M (i.e., challenge datum)), 

receiving a response datum generated by the secure element from of the challenge datum (Chu, Fig. 16 and [0122], application processor AP receives a second result value Verifier_S (i.e., response datum) generated by the secure element SE from the first result value Verifier_M (i.e., challenge datum) and other values in step S87),
determining an authentication result as a function of the received response datum (Chu, Fig. 16 and [0123], application processor AP performs a second verification operation based on the received second result value Verifier_S (i.e., response datum) and determine an authentication result (steps S77 or S78)).  
Chu does not disclose, however, Whitehead teaches or suggests: the micro controller unit being devoid of a random number generator (Whitehead, Fig. 2, microcontroller 64 is devoid of a random number generator (RNG) and the RNG is instead coupled to the microcontroller and receives the random number). 
It would have been obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention to modify the teachings of Chu to have the random datum be generated at a random number generator separate from the micro controller unit so that the microcontroller is devoid of a random number generator as taught or suggested by Whitehead for the benefit of reducing computing load of the micro controller unit. It is known to apply a known technique (delegating tasks) to a known device (micro controller unit) ready for improvement (reduced computing load) to yield predictable results (a random number) (KSR).

As per claims 6 and 15, Chu discloses: a challenge-response authentication process of a secure element (Chu, Fig. 16, secure element SE) in a micro controller unit (Chu, Fig. 16, application processor AP, [0030], application processor is a microcontroller unit) and a non-transitory computer-readable medium (Chu, [0036]) comprising code instructions for causing the secure element to perform the challenge-response authentication process, the process comprising the following steps conducted by the secure element: 
randomly generating at least one random datum (Chu, Fig. 16 and [0118], secure element SE generates a random number RS_N (i.e., random datum)),  
sending the random datum to the micro controller unit (Chu, Fig. 16 and [0118], secure element SE provides the random number RS_N (i.e., random datum) to the application processor AP), 
receiving a challenge datum specific to the micro controller unit and generated by the micro controller unit from the random datum sent (Chu, Fig. 16 and [0121], secure element SE receives a first result value Verifier_M (i.e., challenge datum) generated by the application processor AP using the sent random number RN_S and other values in step S74), 
generating a response datum from the received challenge datum (Chu, Fig. 16 and [0122], secure element SE generates a second result value Verifier_S (i.e., response datum) from the first result value Verifier_M (i.e., challenge datum) and other values in step S87), 

Chu does not disclose, however, Whitehead teaches or suggests: the micro controller unit being devoid of a random number generator (Whitehead, Fig. 2, microcontroller 64 is devoid of a random number generator (RNG) and the RNG is instead coupled to the microcontroller and receives the random number). 
It would have been obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention to modify the teachings of Chu to have the random datum be generated at a random number generator separate from the micro controller unit so that the microcontroller is devoid of a random number generator as taught or suggested by Whitehead for the benefit of reducing computing load of the micro controller unit. It is known to apply a known technique (delegating tasks) to a known device (micro controller unit) ready for improvement (reduced computing load) to yield predictable results (a random number) (KSR).

As per claim 7, claim 6 is incorporated and the modified Chu discloses: 
generating at the secure element another challenge datum from the generated random datum (Chu, Fig. 16 and [0121], secure element SE generates Verifier_M (i.e., 
comparing the challenge datum received by the secure element and the other challenge datum generated by the secure element (Chu, Fig. 16 and [0121], in step 85 the Verifier_M (i.e., challenge datum) received from the application processor AP is compared with the Verifier_M generated (i.e., another challenge datum)), 
executing a security measure adapted so that the authentication result is negative when the compared challenge data are different (Chu, Fig. 16 and [0121], in step 86 the verification fails if the Verifier_M (i.e., challenge datum) received from the application processor AP does not match with the Verifier_M generated (i.e., another challenge datum) which determines an authentication failure).  

Claim 2 is rejected under 35 U.S.C. 103 as being unpatentable over Chu in view of Whitehead and further in view of Huang (US 20090315673 A1).
As per claim 2, claim 1 is incorporated and the modified Chu does not disclose, however, Huang teaches or suggests: wherein said at least one random datum comprises a set of random data (Huang, [0042], first random number is generated, [0045], second random number is generated, wherein the first and second random numbers read on the set of random numbers), and wherein generating the challenge datum comprises: 
selecting a first random datum and a second random datum in the set of random data (Huang, [0045], first random number is selected to encrypt the second random number), 
the first random datum by using the random data as an encryption key so as to produce an encrypted random datum, wherein the challenge datum depends on the encrypted random datum (Huang, [0045], first random number encrypts the second random number).  
It would have been obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention to modify the teachings of the modified Chu to include generating a set of random numbers and encrypting one of the random numbers in the set with a different random number in the set in producing the challenge datum as taught or suggested by Huang for the benefit of enhancing security by increasing the difficulty of reproducing the challenge when executing Chu’s challenge-response authentication process.

Claim 3 is rejected under 35 U.S.C. 103 as being unpatentable over Chu in view of Whitehead, Huang, and further in view of Kraszewski (US 20090067629 A1).
As per claim 3, claim 2 is incorporated and the modified Chu does not disclose, however, Kraszewski teaches or suggests: wherein the set of random data comprises a table and an index datum associated with the table, and selecting the first random datum in the set of random data comprises locating the first random datum in the table using the index datum (Kraszewski, [0007], encrypt table includes an index of random numbers, [0035], wherein selection of the random number can be located using the index position (i.e., index datum)).  
.

Claim 4 is rejected under 35 U.S.C. 103 as being unpatentable over Chu in view of Whitehead, Huang, Kraszewski and further in view of Villegas et al. (US 20170344376 A1; hereinafter “Villegas”).
As per claim 4, claim 3 is incorporated and the modified Chu does not disclose, however, Villegas teaches or suggests: wherein the second random datum is a complement of the first random datum in the table (Villegas, [0071], a random number R(L) is completed with its complemented bits (COMPL(R(L)) (i.e., complement of the first random number)).  
It would have been obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention to modify the teachings of modified Chu to include a complement of the first random number as the second random number as taught or suggested by Villegas for the benefit of enhancing security by increasing the difficulty of reproducing the challenge when executing Chu’s challenge-response authentication process.

Claim 5 is rejected under 35 U.S.C. 103 as being unpatentable over Chu in view of Whitehead, Huang and further in view of Thuvesholmen et al. (US 20020034300 A1; hereinafter “Thuvesholmen”).
As per claim 5, claim 2 is incorporated and the modified Chu does not disclose, however, Thuvesholmen teaches or suggests: wherein generating the challenge datum also comprises truncating the encrypted random datum (Thuvesholmen, [0103], preforming hashing on the encrypted random number).  
It would have been obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention to modify the teachings of modified Chu to include truncating the encrypted random datum as taught by Thuvesholmen for the benefit of enhancing security by increasing the difficulty of reproducing the challenge when executing Chu’s challenge-response authentication process.

Claim 8 is rejected under 35 U.S.C. 103 as being unpatentable over Chu in view of Whitehead and further in view of Gouget et al. (US 20160295404 A1; hereinafter “Gouget”).
As per claim 8, claim 1 is incorporated and the modified Chu does not disclose, however, Gouget teaches or suggests: wherein the secure element is a smart card or wherein the micro controller unit is a transmission interface of biometric data previously acquired by a biometric sensor to the secure element (Gouget, [0103], smart card comprises a secure element).
It would have been obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention to modify the teachings of the modified Chu KSR). 

Claims 11-12 are rejected under 35 U.S.C. 103 as being unpatentable over Chu in view of Whitehead and further in view of Lee et al. (US 20160260087 A1; hereinafter “Lee”).
As per claim 11, Chu discloses: a micro controller unit (Chu, Fig. 16, application processor AP, [0030], application processor is a microcontroller unit), wherein the micro controller unit comprises at least one processor (Chu, Fig. 18, CPU 710) configured, during an authentication of the secure element by challenge-response in the micro controller unit, to: 
receive at least one random datum generated randomly by the secure element (Chu, Fig. 16 and [0118], application processor AP receives random number RN_S (i.e., random datum) generated by the secure element 120), 
generate a challenge datum specific to the micro controller unit from the received random datum (Chu, Fig. 16 and [0121], application processor AP hashes the received random number RN_S and other values in step S74 to generate a first result value Verifier_M (i.e., challenge datum)), 
control sending of the generated challenge datum to the secure element (Chu, Fig. 16 and [0121], first result value Verifier_M (i.e., challenge datum) is provided to the secure element SE), 
receive a response datum generated by the secure element from the challenge datum (Chu, Fig. 16 and [0122], application processor AP receives a second result 
determine an authentication result as a function of the received response datum (Chu, Fig. 16 and [0123], application processor AP performs a second verification operation based on the received second result value Verifier_S (i.e., response datum) and determine an authentication result (steps S77 or S78)).    
Chu does not disclose, however, Whitehead teaches or suggests: the micro controller unit being devoid of a random number generator (Whitehead, Fig. 2, microcontroller 64 is devoid of a random number generator (RNG) and the RNG is instead coupled to the microcontroller and receives the random number). 
It would have been obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention to modify the teachings of Chu to have the random datum be generated at a random number generator separate from the micro controller unit so that the microcontroller is devoid of a random number generator as taught or suggested by Whitehead for the benefit of reducing computing load of the micro controller unit. It is known to apply a known technique (delegating tasks) to a known device (micro controller unit) ready for improvement (reduced computing load) to yield predictable results (a random number) (KSR).
The modified Chu does not disclose, however, Lee teaches or suggests: the micro controller unit comprising a communication interface that controls receiving/transmitting data to/from the micro controller unit (Lee, [0053] and Fig. 5, local application channel controller 34 (i.e., communication interface) of the local application 
It would have been obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention to modify the teachings of the modified Chu to include a communication interface for the micro controller as taught by Lee for the benefit of establishing a secure channel between Chu’s application processor and secure element, preventing communication between the two from tamper which protects the confidentiality of the communication (Lee, [0053]).

As per claim 12, Chu discloses: a secure element comprising at least one processor (Chu, [0036], secure element SE includes at least one processor) configured, during an authentication of the secure element by challenge-response in a micro controller unit, to: 
randomly generate at least one random datum (Chu, Fig. 16 and [0118], secure element SE generates a random number RS_N (i.e., random datum)), 
control sending of the random datum to the micro controller unit (Chu, Fig. 16 and [0118], secure element SE provides the random number RS_N (i.e., random datum) to the application processor AP), 
receive a challenge datum specific to the micro controller unit and generated by the micro controller unit from the sent random datum (Chu, Fig. 16 and [0121], secure element SE receives a first result value Verifier_M (i.e., challenge datum) generated by the application processor AP using the sent random number RN_S and other values in step S74), 



generate a response datum from the received challenge datum (Chu, Fig. 16 and [0122], secure element SE generates a second result value Verifier_S (i.e., response datum) from the first result value Verifier_M (i.e., challenge datum) and other values in step S87),
control sending of the response datum to the micro controller unit in order to determine an authentication result as a function of the sent response datum (Chu, Fig. 16 and [0122]-[0123], second result value Verifier_S (i.e., response datum) is sent to the application processor AP in order to perform a second verification operation to determine an authentication result (steps S77 or S78) as a function of the second result value Verifier_S (i.e., response datum) sent).  
Chu does not disclose, however, Whitehead teaches or suggests: the micro controller unit being devoid of a random number generator (Whitehead, Fig. 2, microcontroller 64 is devoid of a random number generator (RNG) and the RNG is instead coupled to the microcontroller and receives the random number). 
It would have been obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention to modify the teachings of Chu to have the random datum be generated at a random number generator separate from the micro controller unit so that the microcontroller is devoid of a random number generator as taught or suggested by Whitehead for the benefit of reducing computing load of the micro controller unit. It is known to apply a known technique (delegating tasks) to a known device (micro controller unit) ready for improvement (reduced computing load) to yield predictable results (a random number) (KSR).

It would have been obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention to modify the teachings of the modified Chu to include a communication interface for the secure element as taught by Lee for the benefit of establishing a secure channel between Chu’s application processor and secure element, preventing communication between the two from tamper which protects the confidentiality of the communication (Lee, [0053]).

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. Refer to PTO-892, Notice of References Cited for a listing of analogous art.
Pebay-Peyroula (US 10057054 B2) discloses a microcontroller receiving a nonce concatenated with a token from the secure element in which the microcontroller sends the concatenated nonce and token back to the SE to obtain a message key through authenticating the microcontroller by checking the legitimacy of the token (Fig. 3 and col. 4 lines 26-35).
.

Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to ALEXANDER R LAPIAN whose telephone number is (571)272-7552.  The examiner can normally be reached on M-F 9:30-6:00 PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an 
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Kristine Kincaid can be reached on 571-272-4063.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.


ALEXANDER R. LAPIAN
Examiner
Art Unit 2437



/ALEXANDER R LAPIAN/Examiner, Art Unit 2437 


/KRISTINE L KINCAID/Supervisory Patent Examiner, Art Unit 2437