Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
DETAILED ACTION

This office action is in response to the application filed on or reply to the remarks of  5/10/2019. The instant application has claims 1-15 pending. The system for using an temporary common key by an IoT device for communication with server. There a total of 15 claims.

Allowable Subject Matter
Claims 4, 8-10 objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims.


Priority
Receipt is acknowledged of certified copies of papers required by 37 CFR 1.55.

Drawings

The drawing filed on 5/10/2019 has been accepted and in compliance of 37 CFR 1.83 & 37 CFR 1.84.

Specification
The disclosure is objected to because it contains an embedded hyperlink and/or other form of browser-executable code. Applicant is required to delete the embedded hyperlink and/or other form of browser-executable code; references to websites should be limited to the top-level domain name without any prefix such as http:// or other browser-executable code. See MPEP § 608.01.

The specifications mentions non-patent literature 1 afterwards the link is provided see  Specifications Page 2-3, The correction should remove the hyperlink and also mention what non-patent literature is before explaining it, i.e. the paragraph order needs to be  reversed.


--The title of the invention is not descriptive.  A new title is required that is clearly indicative of the invention to which the claims are directed. 
The following title is suggested: The system for IoT devices communicating with server using a tentative common key.


Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.


The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.


Claim 4, 6, 8, 10, 14 are  rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA  35 U.S.C. 112, the applicant), regards as the invention.
Claim limitation “ a tentative key management unit determining”(claim 4, 6, 8, 10) and “authorization determination device which can”(claim 14) invokes 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph. However, the written description fails to disclose the corresponding structure, material, or acts for performing the entire claimed function and to clearly link the structure, material, or acts to the function. Therefore, the claim is indefinite and is rejected under 35 U.S.C. 112(b) or pre-AIA  35 U.S.C. 112, second paragraph.
Applicant may:
(a)        Amend the claim so that the claim limitation will no longer be interpreted as a limitation under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph; 
(b)        Amend the written description of the specification such that it expressly recites what structure, material, or acts perform the entire claimed function, without introducing any new matter (35 U.S.C. 132(a)); or 

If applicant is of the opinion that the written description of the specification already implicitly or inherently discloses the corresponding structure, material, or acts and clearly links them to the function so that one of ordinary skill in the art would recognize what structure, material, or acts perform the claimed function, applicant should clarify the record by either: 
(a)        Amending the written description of the specification such that it expressly recites the corresponding structure, material, or acts for performing the claimed function and clearly links or associates the structure, material, or acts to the claimed function, without introducing any new matter (35 U.S.C. 132(a)); or 
(b)        Stating on the record what the corresponding structure, material, or acts, which are implicitly or inherently set forth in the written description of the specification, perform the claimed function. For more information, see 37 CFR 1.75(d) and MPEP §§ 608.01(o) and 2181.

	The Diebold Nixdorf v. ITC case illustrates the black box implementation of the structure is not sufficient to overcome the 35 USC §112(f). The case involved an cheque standby unit being understood to be not sufficiently described to have structure in the disclosure and a black box disclosure of this unit in the drawings was deemed insufficient.



II.    DESCRIPTION NECESSARY TO SUPPORT A CLAIM LIMITATION WHICH INVOKES 35 U.S.C. 112(f) or Pre-AIA  35 U.S.C. 112, SIXTH PARAGRAPH

B.    Computer-Implemented Means-Plus-Function Limitations
	
	The Federal Circuit case law regarding special purpose computer-implemented means-plus-function claims is divided into two distinct groups. The first group includes cases in which the specification discloses no algorithm, and the second group includes cases in which the specification does disclose an algorithm, but an issue exists as to whether the disclosure is adequate to perform the entire claimed function(s). The sufficiency of the algorithm is determined in view of what one of ordinary skill in the art would understand as sufficient to define the structure and make the boundaries of the claim understandable. See Noah, 675 F.3d at 1313, 102 USPQ2d at 1417.
    PNG
    media_image1.png
    18
    19
    media_image1.png
    Greyscale


Mere reference to a general purpose computer with appropriate programming without providing an explanation of the appropriate programming, or simply reciting "software" without providing detail about the means to accomplish a specific software function, would not be an adequate disclosure of the corresponding structure to satisfy the requirements of 35 U.S.C. 112(b)  or pre-AIA  35 U.S.C. 112, second paragraph. Aristocrat, 521 F.3d at 1334, 86 USPQ2d at 1239; Finisar, 523 F.3d at 1340-41, 86 USPQ2d at 1623. In addition, merely referencing a specialized computer (e.g., a "bank computer"), some undefined component of a computer system (e.g., "access control manager"), "logic," "code," or elements that are essentially a black box designed to perform the recited function, will not be sufficient because there must be some explanation of how the computer or the computer component performs the claimed function. Blackboard, Inc. v. Desire2Learn, Inc., 574 F.3d 1371, 1383-85, 91 USPQ2d 1481, 1491-93 (Fed. Cir. 2009); Net MoneyIN, Inc. v. VeriSign, Inc., 545 F.3d 1359, 1366-67, 88 USPQ2d 1751, 1756-57 (Fed. Cir. 2008); Rodriguez, 92 USPQ2d at 1405-06. 
    PNG
    media_image1.png
    18
    19
    media_image1.png
    Greyscale

	

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having 


Claims 1-3, 5-7, 11-12, 15 is/are rejected under 35 U.S.C. 103 as being unpatentable over US Patent Pub 2019/0289006 to Fang in view of Design of Secure User Authenticated Key Management Protocol for Generic IoT Networks to Wahid.

Regarding Claim 1, 15,  Fang discloses A data communication system comprising: an IoT device(Fig. 3 item 103); an information processing device capable of performing 5communication with the IoT device(Par. 0014, the recoding apparatus communicating with IoT device & Fig. 4 item 302, Identity Authentication Platform); and a server(Fig. 4 item 401 Internet of Things Service Platform) capable of performing communication with the IoT device and the information processing device, wherein when a coupling request from the IoT device is received, , wherein when a request for a tentative common key from the information processing device is received, the server generates a tentative common key and transmits the tentative common key to the information processing device, 15wherein the information processing device transmits the received tentative common key to the IoT device, and wherein the IoT device and the server perform authentication by using the tentative common key(Fig. 4B item B-D, the IoT device and IoT service platform conduct the communications using session key that is generated at identity authentication apparatus).



It would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to modify Fang invention of IoT device communicating with IoT Service Platform to include having an temporary valid key in order to provide for freshness and SK is not leaked as taught in Wahid see Page 276 c) Freshness.



Regarding Claim 202. Fang discloses The data communication system according to claim 1, wherein when authentication succeeds, using a tentative common key as a public key, authentication information is transmitted/received by using public key cryptosystem between a server and an IoT device(Par. 0014, the public key/private key of device being recorded).  

Regarding Claim 3. Fang discloses The data communication system according to claim 1, wherein the server generates a tentative common key which varies every request(Par. 0017, the session key is generated with request).  

Regarding Claim 5. Fang does not discloses the predetermined time period for the key. Wahid discloses The data communication system according to claim 1, wherein the server uses a tentative common key at the time of 15authentication and, after that, invalidates the tentative common key(A. Offline Sensing Node Registration Phase, the TCSNk, is used for temporary authentication).  

It would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to modify Fang invention of IoT device communicating with IoT Service Platform to include having an temporary valid key in order to provide for freshness and SK is not leaked as taught in Wahid see Page 276 c) Freshness.


Regarding Claim 6. Fang discloses The data communication system according to claim 5, wherein the server comprises:  20a storage unit storing a pattern of a tentative common key after use for authentication; a tentative common key management unit determining whether a tentative common key at the time of an authentication request matches the tentative common key stored in the storage unit or 25not; and a communication unit, when a tentative common key at the - 39 -time of an authentication request matches the tentative common key stored in the storage unit, which rejects communication(Par. 0128, the .  

Regarding Claim 7. Fang does not discloses the predetermined time period for the key. Wahid discloses  The data communication system according to claim 1, 5wherein in the SNk, is used for temporary authentication). 

It would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to modify Fang invention of IoT device communicating with IoT Service Platform to include having an temporary valid key in order to provide for freshness and SK is not leaked as taught in Wahid see Page 276 c) Freshness.
 

Regarding Claim 11. Fang discloses The data communication system according to claim 1, wherein the information processing device has a user interface 15receiving selection of the IoT device and a communication unit capable of performing communication with the IoT device(Fig. 4A communication among the devices).  

Regarding Claim 12. Fang discloses The data communication system according to claim 1, wherein the information processing device has a 20communication unit capable of performing communication with the IoT device, and wherein the communication unit requests the server for a common key for the IoT device when the communication unit becomes able to communicate with the IoT device(Fig. 4A communication among the devices).  

Claim 13  is/are rejected under 35 U.S.C. 103 as being unpatentable over US Patent Pub 2019/0289006 to Fang in view of Design of Secure User Authenticated Key Management Protocol for Generic IoT Networks to Wahid. as applied to claim 1 above, and further in view of  US Patent Pub 2019/0156019 to Chen.

Regarding Claim 13. Fang nor Whai discloses the decrypting the data . However, Chen discloses the data communication system according to claim 1, wherein the IoT device transmits a common key and encrypted data simultaneously to the server, and wherein the server checks whether authentication succeeds 5or not on the basis of the common key and, when the authentication succeeds, decrypts the encrypted data(Par. 0031, the pre-shared key is used to decrypt the data).  

It would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to modify  Fang  invention of oT device communicating with IoT Service Platform to include decrypting the data  in order to provide for a secure communications over the channel as taught in  Par. 0028.



	Conclusion	

The Examiner notes that communication through email is permitted only after authorization with submission of PTO/SB/439 form. Please file this form in EFS or thorough central fax before proceeding to communicate via email with the examiner. The submission of the PTO/SB/439 form via email will NOT be accepted.


The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.

US Patent Pub 2019/0052635 to Liu which discloses the encrypted session key for communication between two devices.

US Patent Pub 2018/0123784 to Gehrmann which discloses the IoT local key generation for session among groups.

An loT notion-based authentication and key agreement scheme ensuring user anonymity for heterogeneous ad hoc wireless sensor networks to Tai which discloses the session key for communication over wireless network.

Venkat Perungavoor whose telephone number is (571)272-7213.  The examiner can normally be reached on Monday-Friday, 9:00 AM- 5:00 PM. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Saleh Najjar can be reached on 571-272-4006.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. 

Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/VENKAT PERUNGAVOOR/Primary Examiner, Art Unit 2492                                                                                                                                                                                                        Email: venkatanarayan.perungavoor@uspto.gov