DETAILED ACTION

This final office action is in response to applicant’s claim amendments/arguments filed February 08, 2021. Claims 16-37 are being examined and are pending. 
Notice of Pre-AIA  or AIA  Status

The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . 
Information Disclosure Statement

The information disclosure statement filed 02/26/2021 has been placed in the application file and the information referred to therein has been considered as to the merits. 
Response to Arguments
Independent claim 16 has been amended to incorporate new limitation as “which is generated once for every derived key-pair-specific transport key such that all derived key-pair-specific transport keys for different cryptographic key pairs differ among one another;”.  The other independent claims 20, 23, and 25 have a similar added limitation. Applicant’s claim amendments necessitated the new ground(s) of rejection. Hence, Applicant’s arguments with respect to rejection of claims 16-37 have been considered but are moot in view of the new ground(s) of rejection. 

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  

A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

The factual inquiries for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or non-obviousness.
This application currently names joint inventors. In considering patentability of the claims the examiner presumes that the subject matter of the various claims was commonly owned as of the effective filing date of the claimed invention(s) absent any evidence to the contrary.  Applicant is advised of the obligation under 37 CFR 1.56 to point out the inventor and effective filing dates of each claim that was not commonly owned as of the effective filing date of the later invention in order for the examiner to consider the applicability of 35 U.S.C. 102(b)(2)(C) for any potential 35 U.S.C. 102(a)(2) prior art against the later invention.
Claims 16-33 are rejected under 35 U.S.C. 103 as being unpatentable over US 2007/0288745 A1 to Kwan et al. (hereinafter “Kwan”) in view of US 2014/0164254 A1 to Dimmick et al. (hereinafter “Dimmick”).
Regarding claim 16, Kwan disclosed a programmable hardware security module, comprising: 
an application device for generating a cryptographic key pair (Para. 0009. The security server selects a profile for enrolling the token and generates a subject key pair within the security server. The subject key pair includes a subject public key and the subject private key. See further Para. 0008.); 
a memory area having a master transport key (Para. 0024. The TKS module may include an encrypted secure database where the server transport key, STK, is stored.); and 
a key derivation module for deriving a key-pair-specific transport key from the master transport key via a key-pair-specific derivation parameter; (Para. 0023. The TKS (token key service) module may be configured to derive a series of keys based on the server master key and the CID. The TKS module is also configured to generate a key transport session key, KTSK (i.e. key-pair-specific transport key). Para. 0020. The derivation of the keys may be implemented by applying a pre-defined function(s) to the master key and the card identification number.) wherein the key-pair-specific transport key is utilized to encrypt a private key of the cryptographic key pair (Para. 0008. The subject private key is encrypted with a key transport session key to arrive at a wrapped private key. See further Para. 0009).
Kwan disclosed the TKS (token key service) module may be configured to derive a series of keys based on the server master key and the CID and the TKS module is also configured to generate a key transport session key, KTSK (i.e. key-pair-specific transport key) while the derivation of the keys may be implemented by applying a pre-defined function(s) to the master key and the card identification number as discussed above but did not explicitly teach deriving a key-pair-specific transport key from the master transport key via a key-pair-specific derivation Dimmick explicitly taught a memory area having a master transport key and deriving a key-pair-specific transport key from the master transport key via a key-pair-specific derivation parameter which is generated once for every derived key-pair-specific transport key such that all derived key-pair-specific transport keys for different cryptographic key pairs differ among one another (Dimmick, [0051] In some embodiments of the invention, the issuer 114 may provide a financial key/financial key pair (e.g., issuer key/issuer key pair provided by an issuer) to a mobile network operator (MNO). In one embodiment, the financial key/financial key pair or issuer key/issuer key pair used for performing a transaction may be a Derived Unique Key Per Transaction (DUKPT) key/key pair that is unique for each transaction. In such embodiments, an algorithm and/or a master key provided by the issuer 114 for generating the issuer DUKPT keys can be installed on new SIM cards at the point of manufacture.).
Therefore, it would have been obvious to one having ordinary skill in the art before the applicant(s) invention was filed to modify the invention of Kwan by including the idea of a memory area having a master transport key and deriving a key-pair-specific transport key from the master transport key via a key-pair-specific derivation parameter which is generated once for every derived key-pair-specific transport key such that all derived key-pair-specific transport keys for different cryptographic key pairs differ among one another as taught by Dimmick in order to gain consumer confidence that the system requiring authentication is genuine and is not fraudulent. (Dimmick, Para. 0050).
Claim 23 recites similar limitations to claim 16, mutatis mutandis, the subject matter of claim 23, which is therefore, also considered to be taught by Kwan-Dimmick combination as above.
Regarding claim 17, Kwan in view of Dimmick further taught the programmable hardware security module as claimed in claim 16, further comprising: an output unit for outputting the private key as an encrypted file (Kwan, Para. 0054-0055. The DRM module 215 may then wrap the subject private key, SPrivK, with the key transport session key, KTSK, as a wrapped private key, KTSK(SPrivK). The DRM module 215 may forward the wrapped private key, KTSK(SPrivK) and the subject public key, SPuK, to the TPS 205. The TPS 205 may forward the wrapped private key, KTSK(SPrivK) and the first wrapped key transport session key, KEK(KTSK), to the security client 130 to write into the token.). 
Regarding claim 18, Kwan in view of Dimmick further taught the programmable hardware security module as claimed in claim 16, further comprising: a device for generating a digital certificate comprising a public key of the cryptographic key pair (Kwan, Para. 0044. CA module generate digital certificate with the public key information). 
Regarding claim 19, Kwan in view of Dimmick further taught the programmable hardware security module as claimed in claim 17, further comprising: a device for generating a digital certificate comprising a public key of the cryptographic key pair (Para. 0044, 0056).
Claim 24 recites similar limitations to claim 19, mutatis mutandis, the subject matter of claim 24, which is therefore, also considered to be taught by Kwan-Dimmick combination as above.
Regarding claim 20, Kwan disclosed a corresponding programmable hardware security module, comprising: 
Para. 0055. The TPS 205 may forward the wrapped private key, KTSK(SPrivK) and the first wrapped key transport session key, KEK(KTSK), to the security client 130 to write into the token. The forwarded wrapped keys (KEK(KTSK) and KTSK(SPrivK)) are received at the token to be injected therein. Para. 0056. The TPS 205 may subsequently forward received certificates from the CA module 220 to the security client 130. Subsequently, the certificates are written into the token.) 
a memory area having a master transport key; (Para. 0024. The TKS module may include an encrypted secure database where the server transport key, STK, is stored.) and a key derivation module for deriving a key-pair-specific transport key from the master transport key via a key-pair-specific derivation parameter; (Para. 0023. The TKS (token key service) module may be configured to derive a series of keys based on the server master key and the CID. The TKS module is also configured to generate a key transport session key, KTSK (i.e. key-pair-specific transport key). Para. 0020. The derivation of the keys may be implemented by applying a pre-defined function(s) to the master key and the card identification number.) wherein the key-pair-specific transport key is utilized to decrypt the encrypted file. (Para. 0055. the applet may unwrap the first wrapped key transport session key, KEK(KTSK) to retrieve the key transport session key, KTSK. The applet then uses the key transport session key, KTSK, to unwrap the wrapped private key, KTK(SPrivK) to retrieve the subject private key, SPrivK. See further Para. 0027 (decrypt, i.e. unwrap)
Kwan disclosed the TKS (token key service) module may be configured to derive a series of keys based on the server master key and the CID and the TKS module is also configured to Dimmick explicitly taught a memory area having a master transport key and deriving a key-pair-specific transport key from the master transport key via a key-pair-specific derivation parameter which is generated once for every derived key-pair-specific transport key such that all derived key-pair-specific transport keys for different cryptographic key pairs differ among one another (Dimmick, [0051] In some embodiments of the invention, the issuer 114 may provide a financial key/financial key pair (e.g., issuer key/issuer key pair provided by an issuer) to a mobile network operator (MNO). In one embodiment, the financial key/financial key pair or issuer key/issuer key pair used for performing a transaction may be a Derived Unique Key Per Transaction (DUKPT) key/key pair that is unique for each transaction. In such embodiments, an algorithm and/or a master key provided by the issuer 114 for generating the issuer DUKPT keys can be installed on new SIM cards at the point of manufacture.).
Therefore, it would have been obvious to one having ordinary skill in the art before the applicant(s) invention was filed to modify the invention of Kwan by including the idea of a memory area having a master transport key and deriving a key-pair-specific transport key from the master transport key via a key-pair-specific derivation parameter  which is generated once for  gain consumer confidence that the system requiring authentication is genuine and is not fraudulent. (Dimmick, Para. 0050).
Claim 25 recites similar limitations to claim 20, mutatis mutandis, the subject matter of claim 25, which is therefore, also considered to be taught by Kwan-Dimmick combination as above.
Regarding claim 21, Kwan in view of Dimmick further taught the corresponding programmable hardware security module as claimed in claim 20, further comprising: an interface for transferring the key-pair-specific transport key to a target device (Kwan, Para. 0009. The security server configured to interface with the security client….forward the wrapped private key to the token. Para. 0018. The security client may be configured to interface with the ES system. Para. 0019, 0034-0036, 0055, 0058). 
Regarding claim 22, Kwan in view of Dimmick further taught the corresponding programmable hardware security module as claimed in claim 20, further comprising: an interface for transferring the private key to a target device. (Kwan, Para. 0019, 0034-0036, 0055, 0058)
Regarding claim 26, Kwan in view of Dimmick further taught the method as claimed in claim 25, further comprising: providing the digital certificate to a target device (Kwan, Para. 0044.); decrypting the encrypted file via the key-pair-specific transport key; and providing the decrypted private key to the target device (Para. 0055, 0027). 
Regarding claim 27, Kwan in view of Dimmick further taught the method as claimed in claim 25, further comprising: providing the digital certificate to a target device (Kwan, Para. 0044.); providing the encrypted file to the target device; and providing the key-pair-specific transport key to the target device (Para. 0054). 
Regarding claim 28, Kwan in view of Dimmick further taught the method as claimed in claim 25, wherein the corresponding programmable hardware security module authenticates the target device. (Para. 0034-0036. Security client authenticate the client device as security client prompts for user credentials and PIN) 
Regarding claim 29, Kwan in view of Dimmick further taught the method as claimed in claim 26, wherein the corresponding programmable hardware security module authenticates the target device. (Para. 0034-0036. Security client authenticate the client device as security client prompts for user credentials and PIN)
Regarding claim 30, Kwan in view of Dimmick further taught the method as claimed in claim 27, wherein the corresponding programmable hardware security module authenticates the target device. (Para. 0034-0036. Security client authenticate the client device as security client prompts for user credentials and PIN) 
Regarding claim 31, Kwan in view of Dimmick further taught the method as claimed in claim 25, wherein the corresponding programmable hardware security module generates a target-device-specific key (Para. 0020, Para. 0023. the security client may transmit a serial number, card unique identification, or card identification (CID) to the TPS of the TMS. The TPS may be configured to forward the CID of the token to the TKS module. The TKS module may be configured to derive a series of keys based on the server master key and the CID. One of the derived keys is the key encryption key, KEK) and provides one of (i) the private key and (ii) the key-pair-specific transport key to the target device in a manner protected utilizing the target-device-specific key. (Para. 0028. The TPS may forward the wrapped private key, KTSK(SPrivK) and the first wrapped key transport session key, KEK(KTSK), to the security client to write into the token.)
Regarding claim 32, Kwan-Dimmick combination further taught the method as claimed in claim 23, wherein the key-pair-specific transport key is derived via a key derivation function for which at least the key-pair-specific derivation parameter and the master transport key are prescribed as input parameters. (Kwan, Para. 0020. The derivation of the keys may be implemented by applying a pre-defined function(s) to the master key and the card identification number.) 
Regarding claim 33, Kwan-Dimmick combination further taught the method as claimed in claim 25, wherein the key-pair-specific transport key is derived via a key derivation function for which at least the key-pair-specific derivation parameter and the master transport key are prescribed as input parameters. (Kwan, Para. 0020. The derivation of the keys may be implemented by applying a pre-defined function(s) to the master key and the card identification number.)
Claims 34, 36 are rejected under 35 U.S.C. 103 as being unpatentable over Kwan in view of Dimmick as applied to claims 23 and 25 above, and further in view of US 2011/0296172 A1 to Fu et al. (hereinafter “Fu”) (from the IDS).
Regarding claim 34, Kwan-Dimmick combination taught the method as claimed in claim 23, the combination does not but the analogous art Fu taught wherein the key-pair-specific derivation parameter is formed from certificate information of the digital certificate. (Fu, Para. 0027. The certificate generator generates key pair which includes validity period, grace period for renewal, DN. See Para. 0030, 0033).

Claim 36 recites similar limitations to claim 34, mutatis mutandis, the subject matter of claim 36, which is therefore, also considered to be taught by Kwan-Dimmick-Fu combination as above.
Claims 35, 37 are rejected under 35 U.S.C. 103 as being unpatentable over Kwan in view of Dimmick & Fu as applied to claims 34 and 36 above, and further in view of US 2006/0253702 A1 to Lowell et al. (hereinafter “Lowell”)
Regarding claim 35, Kwan-Dimmick-Fu combination taught the method as claimed in claim 34, the combination does not but the analogous art Lowell disclosed wherein the certificate information of the digital certificate comprises one of (i) the public key, (ii) a device identifier and (iii) a hash value of the digital certificate. (Para. 0023. A digital certificate contains device name or id, public key, hashed value).
Therefore, it would have been obvious to one having ordinary skill in the art before the applicant(s) invention was filed to modify the combined invention of Kwan, Dimmick, and Fu by including the idea of the certificate information of the digital certificate comprises one of (i) the public key, (ii) a device identifier and (iii) a hash value of the digital certificate as taught by Lowell in order to provide a secured system. (Lowell, Para. 0006).
Claim 37 recites similar limitations to claim 35, mutatis mutandis, the subject matter of claim 37, which is therefore, also considered to be taught by Kwan-Dimmick-Fu-Lowell combination as above.

Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to SHAWNCHOY RAHMAN whose telephone number is (571)270-7471.  The examiner can normally be reached on Monday - Friday 8:30A-5P ET.

If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Taghi T Arani can be reached on 5712723787.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.




/Shawnchoy Rahman/Primary Examiner, Art Unit 2438