Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
1.	Claims 14 and 16 have been amended. Claims 1-20 have been examined.

2.	Applicant's arguments filed 01/28/2021 have been fully considered but they are not persuasive.

3.	The text of those sections of Title 35, U.S. Code not included in this action can be found in a prior Office action.

Claim Interpretation
4.	The claims in this application are given their broadest reasonable interpretation using the plain meaning of the claim language in light of the specification as it would be understood by one of ordinary skill in the art.  The broadest reasonable interpretation of a claim element (also commonly referred to as a claim limitation) is limited by the description in the specification when 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, is invoked. 
As explained in MPEP § 2181, subsection I, claim limitations that meet the following three-prong test will be interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph:
(A)	the claim limitation uses the term “means” or “step” or a term used as a substitute for “means” that is a generic placeholder (also called a nonce term or a non-
(B)	the term “means” or “step” or the generic placeholder is modified by functional language, typically, but not always linked by the transition word “for” (e.g., “means for”) or another linking word or phrase, such as “configured to” or “so that”; and 
(C)	the term “means” or “step” or the generic placeholder is not modified by sufficient structure, material, or acts for performing the claimed function. 
Use of the word “means” (or “step”) in a claim with functional language creates a rebuttable presumption that the claim limitation is to be treated in accordance with 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph. The presumption that the claim limitation is interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, is rebutted when the claim limitation recites sufficient structure, material, or acts to entirely perform the recited function. 
Absence of the word “means” (or “step”) in a claim creates a rebuttable presumption that the claim limitation is not to be treated in accordance with 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph. The presumption that the claim limitation is not interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, is rebutted when the claim limitation recites function without reciting sufficient structure, material or acts to entirely perform the recited function. 
Claim limitations in this application that use the word “means” (or “step”) are being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, except as otherwise indicated in an Office action. Conversely, claim limitations in this 

5.	This application includes one or more claim limitations that do not use the word “means,” but are nonetheless being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, because the claim limitation(s) uses a generic placeholder that is coupled with functional language without reciting sufficient structure to perform the recited function and the generic placeholder is not preceded by a structural modifier.  Such claim limitation(s) is/are: “public key generator”, “session key generator”, “secure communication module”, “error correction module” and “entropy extractor” in claims 14-16.
Because this/these claim limitation(s) is/are being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, it/they is/are being interpreted to cover the corresponding structure described in the specification as performing the claimed function, and equivalents thereof.
If applicant does not intend to have this/these limitation(s) interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, applicant may:  (1) amend the claim limitation(s) to avoid it/them being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph (e.g., by reciting sufficient structure to perform the claimed function); or (2) present a sufficient showing that the claim limitation(s) recite(s) sufficient structure to perform the claimed function so as to avoid it/them being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph.

6.	In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  

Claim Rejections - 35 USC § 102
7.	Claims 1-2, 9, 11-14 and 17-18 are rejected under 35 U.S.C. 102(a)(1)/(a)(2) as being anticipated by David et al. (U.S. Patent 10,009,325; hereafter “David”).
	For claims 1 and 17, David teaches a method and non-transitory computer-readable storage device (note column 14, lines 1-10, software stack in memory) for ensuring forward and backward secrecy in an encrypted communication protocol, the method comprising:
	extracting, from a first device, a unique physically unclonable function (PUF) value of the first device (note column 15, lines 51-59 and column 16, lines 5-9, fingerprint value is extracted from PUF) based on structural properties of the first device (note column 15, lines 59-66, PUF can be based on structural properties of memory or processor);
	creating a PUF key pair including a first public key and a first private key that are generated based on the PUF value (note column 16, lines 9-15, public and private cryptographic key pair is generated from fingerprint);

	deleting the first public key and the first private key (note column 12, lines 50-60 and column 19, lines 7-14, cryptographic keys are temporarily created and deleted after use; keys are generated as needed); and
	sending a first encrypted communication to a second device using the derived session key (note column 16, lines 29-36, symmetric key is used to encrypt messages between devices).

	For claim 14, David teaches a system (note Fig. 2) for ensuring forward and backward secrecy in an encrypted communication protocol, the system comprising:
	a first device having a unique physically unclonable function (PUF) value (note column 15, lines 51-59 and column 16, lines 5-9, fingerprint value is extracted from PUF) based on structural properties of the first device;
	a public key pair generator configured to create a PUF key pair including a public key and a secret key that are generated based on the PUF value (note column 16, lines 9-15, public and private cryptographic key pair is generated from fingerprint);
	a session key generator configured to derive a first session key using the PUF key pair and PUF value (note column 16, lines 18-26, the private keys and exchanged public keys are used to generate a symmetric key), wherein the public key and the secret key are deleted after the session key is generated (note column 12, lines 50-60 and column 19, lines 7-14, cryptographic keys are temporarily created and deleted after use; keys are generated as needed); and


	For claims 2 and 18, David teaches claims 1 and 17, the method further comprising sending a second encrypted communication to the second device (note column 12, lines 50-60, cryptographic keys are temporarily created and deleted after use; keys are generated as needed for a subsequent, i.e. second, communication; column 19, lines 19, lines 32-35, key generation steps can occur after each device boot up), wherein sending the second encrypted communication includes:
	extracting, from the first device, the unique PUF value of the first device based on structural properties of the first device (note column 15, lines 51-59 and column 16, lines 5-9, fingerprint value is extracted from PUF);
	creating a second PUF key pair including a second public key and a second private key based on the PUF value (note column 16, lines 9-15, public and private cryptographic key pair is generated from fingerprint);
	refreshing the session key using the second PUF key pair and PUF value;
	deleting the second public key and the second private key (note column 12, lines 50-60 and column 19, lines 7-14, cryptographic keys are temporarily created and deleted after use; keys are generated as needed); and
	using the refreshed session key to send the second encrypted communication to the second device (note column 16, lines 29-36, symmetric key is used to encrypt messages between devices).


	For claim 9, David teaches claim 1, wherein the extracted PUF value is never stored in memory and is only extracted when required (note column 12, lines 50-60, column 17, lines 17-23 and column 19, lines 7-14, cryptographic keys are temporarily created and deleted after use; keys are generated as needed).

	For claim 11, David claim 1, wherein deriving the first session key using the PUF key pair further includes:
	receiving the second device's public key (note column 16, lines 15-18, controllers A receives controller B public key and controller B receives controller A); and
	deriving the first session key using the second device's public key (note column 16, lines 18-21, symmetric key is generated with public keys and private keys).

	For claim 12, David teaches claim 11, wherein key derivation functions are used to derive the first session key, and wherein the key derivation functions include the use of Diffie-Hellman algorithms to derive the first session key (note column 16, lines 23-28, symmetric key may be generated with ECDH).

	For claim 13, David teaches claim 11, wherein the method further includes:
	receiving a second encrypted communication from the second device that was encrypted using the first session key (note column 16, lines 29-36, symmetric key is 
	decrypting the second encrypted communication using the first private key (note column 16, lines 29-36, symmetric key is used to decrypt messages between devices).


8.	Claims 3, 8, 10, 15-16 and 19 are rejected under 35 U.S.C. 103 as being unpatentable over David as applied to claims 1, 14 and 17 above, and further in view of Hamlet et al. (U.S. Patent 8,667,265; hereafter “Hamlet”).
	For claims 3, 15 and 19, David differs from the claimed invention in that they fail to teach:
	wherein one or more error correction algorithms are used on the PUF value to ensure that the same unique value is produced each time the PUF value is obtained.

	Hamlet teaches:
	wherein one or more error correction algorithms are used on the PUF value to ensure that the same unique value is produced each time the PUF value is obtained (note column 15, lines 51-65, error correction is applied to PUF fingerprint value).

	It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the PUF fingerprint to generate cryptographic keys of David and the generation of a PUF fingerprint value including error correction of Hamlet. One of ordinary skill would have been motivated to combine 


	For claim 8, the combination of David and Hamlet teaches claim 1, wherein the extracted PUF value is converted to a point on a curve via an entropy extractor followed by a point conversion algorithm to generate a secret key (note column 16, lines 33-42 of Hamlet, PUF value is hashed as part of entropy amplification; column 18, lines 46-49 of Hamlet, PUF value is used in ECDH; column 16, lines 23-28 of David, PUF value used in ECDH).

	For claim 10, the combination of David and Hamlet teaches claim 1, further comprising: registering the first public key with a key registration server accessible by the second device (note column 4, lines 5-10 and column 8, lines 45-48 of Hamlet, device public keys registered with fingerprint list on Certificate Authority).

	For claim 16, the combination of David and Hamlet teaches claim 14, further comprising: an entropy extractor configured to derive a random value intrinsic to the first device (note column 16, lines 25-42 of Hamlet, PUF value is hashed as part of entropy amplification to generate random seed value).


s 4-5 are rejected under 35 U.S.C. 103 as being unpatentable over David as applied to claim 1 above, and further in view of Lu (U.S. Patent Application Publication 2019/0165954).
	For claim 4, David differs from the claimed invention in that they fail to teach:
	wherein the PUF value is obtained using a Weak-PUF implementation.

	Lu teaches:
	wherein the PUF value is obtained using a Weak-PUF implementation (note paragraph [0032], weak PUF).

	It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the PUF fingerprint to generate cryptographic keys of David and the use of weak or strong PUF of Lu. It would have been obvious because a simple substitution of one known element (weak or strong PUF of Lu) for another (PUF of David) would yield the predictable results of generating a device fingerprint using a weak or strong PUF to use in key generation.

	For claim 5, the combination of David and Lu teaches claim 1, wherein the PUF value is obtained using a Strong-PUF implementation that generates a unique response to different challenges (note paragraph [0089] of Lu, strong PUF).


s 6 and 20 are rejected under 35 U.S.C. 103 as being unpatentable over David as applied to claims  1 and 17 above, and further in view of Bhattacharyya et al. (U.S. Patent Application Publication 2019/0097982; hereafter “Bhattacharyya”).
	For claims 6 and 20, David differs from the claimed invention in that they fail to teach:
	wherein sending encrypted communications between the first and second devices comprises using a double ratchet algorithm that uses a new session key for every new communication between the first and second devices.

	Bhattacharyya teaches:
	wherein sending encrypted communications between the first and second devices comprises using a double ratchet algorithm that uses a new session key for every new communication between the first and second devices (note paragraphs [0031] and [0033], double ratchet protocol).

	It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the PUF fingerprint to generate cryptographic keys of David and double ratchet encryption protocol of Bhattacharyya. It would have been obvious because a simple substitution of one known element (double ratchet encryption protocol of Bhattacharyya) for another (encryption protocol of David) would yield the predictable results of sending double ratchet encryption messages between devices that have generated encryption keys using PUF values.


11.	Claim 7 is rejected under 35 U.S.C. 103 as being unpatentable over David as applied to claim 1 above, and further in view of Liu (U.S. Patent Application Publication 2019/0116028).
	For claim 7, David differs from the claimed invention in that they fail to teach:
	wherein the extracted PUF value is used as input to generate a random number that is used to create the PUF key pair.

	Liu teaches:
	wherein the extracted PUF value is used as input to generate a random number that is used to create the PUF key pair (note paragraph [0031], PUF module generates random number used to create public, private key pair).

	It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the PUF fingerprint to generate cryptographic keys of David and the generation of keys using random number generated from PUF. It would have been obvious because a simple substitution of one known element (generating keys from PUF random number of Liu) for another (generation of keys of David) would yield the predictable results of generating a device fingerprint using a PUF and then using a generated random number to generate cryptographic keys.

Response to Arguments
12.	Applicant disagrees that claims 14-16 invoke 35 USC 112(f) (note Remarks, pages 6-8).
	Examiner disagrees. There is a 3-prong analysis for determining if a claim limitation invokes 35 USC 112(f) (note MPEP 2181). The following is 3-prong analysis for each claim limitation:
public key generator – a) uses the generic placeholder “generator” b) is modified by the functional language “configured to” c) is not modified by sufficient structure, material, or acts for performing the claimed function 

session key generator – a) uses the generic placeholder “generator” b) is modified by the functional language “configured to” c) is not modified by sufficient structure, material, or acts for performing the claimed function 

secure communication module – a) uses the generic placeholder “module” b) is modified by the functional language “configured to” c) is not modified by sufficient structure, material, or acts for performing the claimed function 

error correction module – a) uses the generic placeholder “module” b) is modified by the functional language “configured to” c) is not modified by sufficient structure, material, or acts for performing the claimed function 



	Applicant argues, “the terms "public key pair generator", "session key generator", "secure communication module", "error correction module" and "extropy extractor" are structural elements as shown and described in the Figures and Specification, and as would be understood by those skilled in the art” (note Remarks, page 6).
	Examiner disagrees. The MPEP states “a substitute term acts as a generic placeholder for the term "means" and would not be recognized by one of ordinary skill in the art as being sufficiently definite structure for performing the claimed function. "The standard is whether the words of the claim are understood by persons of ordinary skill in the art to have a sufficiently definite meaning as the name for structure”.
	The terms “generator”, “module” and “extractor” have no definite meaning to a person of ordinary skill in the art as the name for structure. A “generator” may be a hardware circuit that generates a number or a software algorithm that generates a number. Similarly, an “extractor” may be hardware or software. The term “module” is given by the MPEP as an example of a generic placeholder.
	Applicant notes that the Court has found the term “circuit” does not invoke 35 USC 112 6th. However, the term “circuit” and the terms “generator”, “module” and “extractor” are not equivalents. While these claim limitations may be implemented as circuits, the terms themselves do not necessary convey that to one of ordinary skill in the art. Applicant’s own Specification notes modules may be hardware or software (note 

	Thus, Examiner maintains the 35 USC 112(f) interpretation of claims 14-16.

	Examiner has found description necessary to support the claim limitations in at least the following locations in the Specification:
public key generator – paragraph [0037]
session key generator – paragraph [0040]
secure communication module – paragraph [0060]
error correction module – paragraph [0035]
entropy extractor – paragraph [0036]


	For claims 1, 14 and 17, Applicant argues David fails to teach each of the claimed elements (note Remarks, pages 8-11). Applicant argues David does not teach “deleting the first public key and the first private key”. Applicant asserts, “Although David describes deleting the private keys 188a-n and symmetric keys, nowhere does David describe deleting public keys 186a-n” (note Remarks, page 9).
	Examiner disagrees. In Fig. 3, David discloses a flowchart for the end-to-end communication security on a controller. In steps 302 and 304, the controller extracts a 
	David states the “cryptographic keys that are created can each include a private key (414, 424) that is kept secret by the respective controllers 402-404, and a public key (415, 425) that is exchanged between the controllers 402-404” (note column 16, lines 10-14; emphasis added by Examiner). This is further seen in column 16, lines 37-39 where David states, “the key creation referenced in step 304 can correspond to the creation of keys (414, 415) from the fingerprint”. Note that key 414 is Controller A private key and key 415 is Controller A public key.
S/N: 16/223,202 	In Fig. 3 and corresponding column 19, lines 7-14, David states (emphasis by Examiner), “Once the communication table has been generated and securely stored on the controller (316), the controller deletes the fingerprint and cryptographic keys that were generated to create the table (306)”
	Page 10 of 14When David uses the term “cryptographic keys” they are referring to all four keys created from the PUF fingerprint including the device private key and the device public key. Therefore, when David states, “the controller deletes the fingerprint and cryptographic keys”, they are teaching “deleting the first public key and the first private key” as required by the claims.
ATTY. DKT. NO.: SR17475 
	For claims 2 and 18, Applicant argues, “David does not teach creating a second PUF key pair includinq a second public key and a second private key based on the PUF value (note Remarks, page 10; emphasis by Applicant). 

	David states, “The steps 302-304 and 320-322 can occur, for example, every time the controller boots up” (column 19, lines 34-35) and “the key creation referenced in step 304 can correspond to the creation of keys (414, 415)” (column 16, lines 37-39).
	Therefore, David teaches “creating a second PUF key pair including a second public key and a second private key based on the PUF value” as required by the claims.

	Applicant asserts, “Rather, David just reuses the stored public key stored and regenerate a new private key to create a new symmetric key on an as needed basis….
(David, col. 12, lines 61-67.) As can be appreciated from the foregoing, partial information to create a symmetric key (i.e., the public keys 186a-n shown in tables in Figure 1C), is persistently stored “(note Remarks, page 10; emphasis added by Applicant).
	Examiner disagrees. The “partial information” that is persistently stored that Applicant refers to is the public keys of other device that the controller communicates with, not the controller’s own public key. In column 17, lines 18-21, David states, “the communication table will only include the IDs and the public keys of the other controllers, which can then be used with the cryptographic keys that are generated (304) to recreate the symmetric keys” (emphasis added by Examiner).
B, PubC, PubD and PubN corresponding to ECU B, ECU C, ECU D and ECU N. ECU A does not store its own public key in the Communication Table 186a
	This is further stated in column 19, lines 32-34, “For example, using the Kpri from step 304 and the Kpub from each entry in the communications table, the controller can generate the symmetric keys for communicating with the other controllers.”
	Thus, David teaches “creating a second PUF key pair including a second public key and a second private key based on the PUF value” as required by the claims.


Conclusion
13.	The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.
	Gremaud et al. (U.S. Patent Application Publication 2020/0344075) teaches generating an asymmetric key pair (device public key and device private key) using a PUF. The asymmetric key pair is preferably not stored in memory, but rather is regenerated using the PUF (note paragraphs [0031]-[0032]).

14.	THIS ACTION IS MADE FINAL.  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any 

15.	Any inquiry concerning this communication or earlier communications from the examiner should be directed to DAVID J PEARSON whose telephone number is (571)272-0711.  The examiner can normally be reached on 6:00 - 5:30 pm; Monday through Thursday.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Taghi Arani can be reached on (571)272-3787.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access 






/David J Pearson/Primary Examiner, Art Unit 2438