DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
This office Action is in response to Application 16495283 filed on 09/18/2019.
As per the Preliminary Amendment filed on 09/18/2019, claim 6, 7, 9-13 and 16 are currently amended. Claims 1-18 have been examined and are pending in this application. 
This Office Action is made Non-Final.
Information Disclosure Statement
The information disclosure statement (IDS) submitted on 09/18/2019 is in compliance with the provisions of 37 CFR 1.97.  Accordingly, the information disclosure statement is being considered by the examiner.
Claim Objections
Claim 1 is objected to because of the following informalities:

Regarding Claim 1; for better clarity and to positively recite active steps of the claimed method, it's suggested that the claim be further amended to:
"A method of storing data on target data processing devices, the method comprising: 
obtaining a device cryptographic certificate, by using a security data processing device …; 
verifying the device cryptographic …; 
generating second data …; and 
storing the second data …”
Regarding Claims 2-16; Claims 2-16 recites in the preamble “A method according to Claim …,” It’s suggested that said limitation be further amended to "The method according to Claim …"  (emphasis added).
Regarding Claim 18; Claim 18 recites in the preamble “A security data processing device to Claim 17, It’s suggested that the aforementioned limitation be further amended to "The security data processing device to Claim 17;"  (emphasis added).  Appropriate corrections are required.



Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
This application currently names joint inventors. In considering patentability of the claims the examiner presumes that the subject matter of the various claims was commonly owned as of the effective filing date of the claimed invention(s) absent 
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1-2, 6 and 9-18 are rejected under 35 U.S.C. 103 as being unpatentable over Kocher et al. (“Kocher,” US 20140044265, published on 02/13/2014) in view of Martin et al. (“Martin,” US 20140237255, published on 08/21/2014)

Regarding Claim 1;
Kocher discloses a method of storing data on target data processing devices, the method comprising (par 0036; IC manufacturer may embed one or more security keys, a device ID, initial Feature configuration settings, or some combination thereof, into the SM core as part of its manufacturing process): 
for each target data processing device, using a security data processing device on which first data has been stored to (par 0049; fig. 2A; a delegate authority with certain limited abilities to authorize configuration changes (e.g., via key management operations, feature management operations, or some combination thereof) involving the SM-enabled ICs; par 0207; the delegate-authority system acquires information to be programmed into the SM-enabled IC): 
obtain a device cryptographic certificate from the target data processing device (par 0065; the RSB contains at least one digital certificate signed by root-authority system using a root-private key (e.g., an RSA private key) that corresponds to a public key in the SM core), 
the device cryptographic certificate having been generated by, and being verifiable as having been generated by, a trusted entity (par 0065; the RSB contains at least one digital certificate signed by root-authority system; par 0077; SM enabled devices verify signatures or other authorizations from root-authority system, which in turn can authorize, delegate-authority systems; par 0127; the SM core then verifies the digital signature of the RSB using the root-authority system public key [] if the digital signature is valid, the SM core processes one or more SM commands contained in the RSB);
verify the device cryptographic certificate as having been generated by the trusted entity (par 0065; the RSB contains at least one digital certificate signed by root-authority system; par 0077; SM enabled devices verify signatures or other authorizations from root-authority system, which in turn can authorize, delegate-authority systems; par 0127; the SM core then verifies the digital signature of the RSB using the root-authority system public key [] if the digital signature is valid, the SM core processes one or more SM commands contained in the RSB); 
Kocher discloses all the limitations as recited above, but do not explicitly disclose generate second data using the first data; and store the second data on the target data processing device.

generate second data using the first data; and store the second data on the target data processing device (Martin: par 0047; fig. 6; the processor executes receiving a first encrypted application data instructions, decryption process instructions, validating the integrity instructions of the first decrypted application data, encryption instructions to generate a second encrypted application data, and storing instruction).
Therefore, it would have been obvious to a person of ordinary skill in the art, before the effective filing date of the claimed invention to combine the teachings of Martin with the method/system of Kocher to include generate second data using the first data; and store the second data on the target data processing device. One would have been motivated to include encrypting the decrypted application data using a technique different from that used to provide the first encrypted application data and then storing the encrypted application data (Martin: abstract).
Regarding Claim 2;
Kocher in combination with Martin disclose a method according to claim 1,
Kocher further discloses receiving encrypted first data, storing the encrypted first data on the security data processing device (Kocher: par 0167; the delegate-authority system receives one or more delegate input parameters and encrypted payload key; par 0164; payload keys may be stored encrypted), and, using the security data processing device, decrypting the encrypted first data and storing them on the security data processing device (Kocher: par 0167; the delegate-authority system receives one or more delegate input parameters and encrypted payload key; par 0164; decrypted by the delegate authority system as part of the process of obtaining the payload key).  

Regarding Claim 6;
Kocher in combination with Martin disclose a method according to claim 2, 
Kocher further discloses wherein receiving the encrypted first data comprises receiving them on the security data processing device via an Internet connection (Kocher: Kocher: par 0167; fig. 2A; the delegate-authority system receives one or more delegate input parameters and encrypted payload key; par 0164; payload keys may be stored encrypted; par 0040; transmitting a request over a network and receiving a chip-specific message that authorizes the requested configuration changes; par 0064; a private extranet may connect IC provider and root authority even if the other entities are connected by the Internet). 

Regarding Claim 9;
Kocher in combination with Martin disclose a method according to claim 1, 
Kocher further discloses wherein the first data comprise computer-readable instructions for use by the security data processing device (Kocher: par 0116; the RSB contain encrypted payload portions; par 0065; root-authority system may be configured to provide the RSB when instructed by a user of root-authority system; par 0235; digital signal processors capable of executing particular sets of instructions. The computer may be implanted using computer-readable instructions).

Regarding Claim 10;
Kocher in combination with Martin disclose a method according to claim 1, 
Kocher further discloses wherein the first data comprise program code for execution by the target data processing devices (Kocher par 0032; the root-authority system may authorize the SM core to securely deliver payloads (e.g., secret keys, or other values) to other parts of the SM-enabled IC (including to software executing on the SM-enabled IC)).  

Regarding Claim 11;
Kocher in combination with Martin disclose a method according to claim 1, 
Kocher further discloses wherein the first data comprise configuration data that determine the operation of program code stored on the target data processing devices (Kocher par 0161; the delegate-authority system may also determine the base key by decrypting or otherwise processing a value stored in the product (e.g. in the secure memory for the SM core)).

Regarding Claim 12;
Kocher in combination with Martin disclose a method according to claim 10, 
Martin further discloses wherein generating the second data further comprises encrypting the at least part of the first data (Martin: par 0047; the processor executes receiving a first encrypted application data instructions, decryption process instructions, validating the integrity instructions of the first decrypted application data, encryption instructions to generate a second encrypted application data, and storing instruction).  
(Martin: abstract).

Regarding Claim 13;
Kocher in combination with Martin disclose a method according to claim 1, 
Kocher further discloses wherein the first data comprise a private key of a public key cryptographic key pair (Kocher: par 0065; the RSB contains at least one digital certificate signed by root-authority system using a root-private key that corresponds to a public key in the SM core).

Regarding Claim 14;
Kocher in combination with Martin disclose a method according to claim 13, 
Kocher further discloses wherein generating the second data comprises, for each target data processing device, generating a further cryptographic certificate for the target data processing device by signing the device cryptographic certificate using the private key (Kocher: par 0065; root authority is associated with root-authority system that contains the cryptographic keys that manage the SM enabled ICs. Root-authority system is configured to generate one or more root signed blocks ("RSBs") [] The RSB contains at least one digital certificate signed by root-authority system using a root-private key (e.g., an RSA private key) that corresponds to a public key in the SM core. Root-authority system may be configured to provide one or more RSBs or other data to SM-enabled ICs).
Martin further discloses generate second data using the first data (Martin: par 0047; fig. 6; the processor executes receiving a first encrypted application data instructions, decryption process instructions, validating the integrity instructions of the first decrypted application data, encryption instructions to generate a second encrypted application data, and storing instruction).
Therefore, it would have been obvious to a person of ordinary skill in the art, before the effective filing date of the claimed invention to combine the teachings of Martin with the method/system of Kocher to include generate second data using the first data. One would have been motivated to include encrypting the decrypted application data using a technique different from that used to provide the first encrypted application data and then storing the encrypted application data (Martin: abstract).

Regarding Claim 15;
Kocher in combination with Martin disclose a method according to claim 14,
Kocher further discloses wherein generating the further cryptographic certificate further comprises signing the device certificate and a device identifier for the target data processing device using the private key (Kocher: par 0065; root authority is associated with root-authority system that contains the cryptographic keys that manage the SM enabled ICs. Root-authority system is configured to generate one or more root signed blocks ("RSBs") [] the RSB contains at least one digital certificate signed by root-authority system using a root-private key (e.g., an RSA private key) that corresponds to a public key in the SM core. Root-authority system may be configured to provide one or more RSBs or other data to SM-enabled ICs; par 0108; HW constants may include for example, a product chip ID, one or more keys for the root-authority system [] a product chip ID can uniquely identify a particular SM-enabled IC, or a particular SM-enabled IC series, or both, with an identification value).

Regarding Claim 16;
Kocher in combination with Martin disclose a method according to claim 2, 
Kocher further discloses wherein receiving the encrypted first data and the value comprise receiving a cryptographic certificate comprising the encrypted first data and an encrypted value of the permitted number of target data processing devices (Kocher: par 0065; root authority is associated with root-authority system that contains the cryptographic keys that manage the SM enabled ICs. Root-authority system is configured to generate one or more root signed blocks ("RSBs"). A RSB can include one or more SM commands, command templates, one or more delegate permissions, one or more keys (e.g., a delegate-public key), or some combination thereof. The RSB contains at least one digital certificate signed by root-authority system 217 using a root-private key that corresponds to a public key in the SM core. Root-authority system may be configured to provide one or more RSBs or other data to SM-enabled ICs; par 0115; the RSB and/or DS may contain encrypted payload portion(s). Crypto module may be configured to decrypt and validate the encrypted payload portion(s); par 0147; Note that forcing binding of DSBs to single devices forces the delegate authority system sign make a new DSB for each device—thereby ensuring that limits imposed on the number of signing operations by the delegate authority system effectively limits the number of devices that a delegate authority can configure).

Regarding Claim 17;
Kocher discloses a security data processing device comprising a processor and a memory containing a decryption key and program code executable by the processor to (par 0032; the root-authority system may also control key management for the SM-enabled ICs. The root-authority system may authorize the SM core to securely deliver payloads (e.g., secret keys, or other values) to other parts of the SM-enabled IC (including to software executing on the SM-enabled IC; par 0092; system may include a secure memory, a processor).
obtain a device cryptographic certificate from a target data processing device (par 0065; the RSB contains at least one digital certificate signed by root-authority system using a root-private key (e.g., an RSA private key) that corresponds to a public key in the SM core); 
verify the device cryptographic certificate (par 0065; the RSB contains at least one digital certificate signed by root-authority system; par 0077; SM enabled devices verify signatures or other authorizations from root-authority system, which in turn can authorize, delegate-authority systems; par 0127; the SM core then verifies the digital signature of the RSB using the root-authority system public key [] if the digital signature is valid, the SM core processes one or more SM commands contained in the RSB). 
Burch discloses all the limitations as recited above, but do not explicitly disclose generate second data using first data stored in the memory; and store the second data on the target data processing device.  

generate second data using first data stored in the memory; and store the second data on the target data processing device (Martin: par 0047; fig. 6; the processor executes receiving a first encrypted application data instructions, decryption process instructions, validating the integrity instructions of the first decrypted application data, encryption instructions to generate a second encrypted application data, and storing instruction).
Therefore, it would have been obvious to a person of ordinary skill in the art, before the effective filing date of the claimed invention to combine the teachings of Martin with the method/system of Kocher to include generate second data using first data stored in the memory; and store the second data on the target data processing device. One would have been motivated to include encrypting the decrypted application data using a technique different from that used to provide the first encrypted application data and then storing the encrypted application data (Martin: abstract).


Regarding Claim 18;
Kocher in combination with Martin disclose a security data processing device according to claim 17, 
Kocher further discloses wherein the security data processing device is operable to receive an encrypted cryptographic certificate that includes the first data and instructions executable by the processor (Kocher: par 0065; root authority is associated with root-authority system that contains the cryptographic keys that manage the SM enabled ICs. Root-authority system is configured to generate one or more root signed blocks ("RSBs"), a RSB can include one or more SM commands, command templates, one or more delegate permissions, one or more keys (e.g., a delegate-public key), or some combination thereof. The RSB contains at least one digital certificate signed by root-authority system using a root-private key (e.g., an RSA private key) that corresponds to a public key in the SM core. Root-authority system configured to provide one or more RSBs or other data to configurator system, SM-enabled ICs), to decrypt the encrypted cryptographic certificate (Kocher: par 0065; root-authority system is configured to generate one or more root signed blocks [] the RSB contains at least one digital certificate signed by root-authority system using a root-private key; par 0106; SM core may be configured to authenticate the payload using a public key of the root authority, and to extract (e.g., decrypt) the payload from the signed blocks), to verify the cryptographic certificate as having been generated by a trusted entity using a public key of the trusted entity (Kocher: par 0065; root-authority system is configured to generate one or more root signed blocks [] the RSB contains at least one digital certificate signed by root-authority system using a root-private key; PAR 0116; the RSB and/or DSB may contain encrypted payload portion(s). crypto module may be configured to decrypt and validate the encrypted payload portion(s), e.g. using base keys or keys derived from base keys).
 Martin further discloses the application data system to execute the instructions executable by the processor to generate the second data from the first data (Martin: par 0047; fig. 6; the processor executes receiving a first encrypted application data instructions, decryption process instructions, validating the integrity instructions of the first decrypted application data, encryption instructions to generate a second encrypted application data, and storing instruction).
 One would have been motivated to include encrypting the decrypted application data using a technique different from that used to provide the first encrypted application data and then storing the encrypted application data (Martin: abstract).
   
Claims 3-5 and 7 are rejected under 35 U.S.C. 103 as being unpatentable over Kocher et al. (US 20140044265) in view of Martin et al. (US 20140237255) and further in view of Kean et al. (“Kean,” US 20020199110, published 12/26/2002)
Regarding Claim 3;
Kocher in combination with Martin disclose a method according to claim 2, 
Kocher in combination with Martin disclose all the limitations as recited above, but do not explicitly disclose receiving a value of a permitted number of target data processing devices on which the second data are permitted to be stored, and storing the value on the security data processing device; and for each target data processing device, using the security data processing device to: determine whether the value of the permitted number of target data processing devices is greater than zero; if so, obtain and verify the device cryptographic certificate, generate and store the second data, and decrement the value of the permitted number of target data processing devices.  
However, in an analogous art, Kean discloses programmable gate array system/method that includes:
(Kean: par 0099; the customer buys licenses in blocks from core vendors and the TEP merely maintains a count of available licenses for a given core, decrementing the count each time the core is configured; par 0102; hardware devices such as smartcards or tokens provided by the TEP can be connected to the designer or customer's computer to undertake cryptographic tasks and shield secret information such as cryptographic keys; par 0107; for additional security, the secret information is stored on and encryption is carried out by a hardware token or smartcard coupled to the software running on the user computer); and for each target data processing device, using the security data processing device to: determine whether the value of the permitted number of target data processing devices is greater than zero (Kean: par 0108; the trusted software would then manage these licenses decrementing the available license count every time a chip was programmed and refusing to program chips once the licenses were exhausted); if so, obtain and verify the device cryptographic certificate (Kean: par 0016; the identification code of the programmable integrated circuit may be determined by accessing a JTAG interface of the programmable integrated circuit. The programmable integrated circuit may be an FPGA. Obtaining an encryption key may include looking up in a database an encryption key associated with the identification code. Obtaining an encryption key may include generating the encryption key using the identification code. Obtaining an encryption key may include loading an encrypted header file into the programmable integrated circuit), generate and store the second data certificate (Kean: par 0016; obtaining an encryption key may include generating the encryption key using the identification code), and decrement the value of the permitted number of target data processing devices (Kean: par 0108; the trusted software would then manage these licenses decrementing the available license count every time a chip was programmed).
 Therefore, it would have been obvious to a person of ordinary skill in the art, before the effective filing date of the claimed invention to combine the teachings of Kean with the method/system of Kocher in combination with Martin to include receiving a value of a permitted number of target data processing devices on which the second data are permitted to be stored, and storing the value on the security data processing device; and for each target data processing device, using the security data processing device to: determine whether the value of the permitted number of target data processing devices is greater than zero; if so, obtain and verify the device cryptographic certificate, generate and store the second data, and decrement the value of the permitted number of target data processing devices. One would have been motivated to associate a limited number of field programmable gate arrays, with a secret key. Each field programmable gate array may only be properly configured or programmed by an appropriate encrypted bitstream. This encrypted bitstream has been encoded by or for the secret key associated with a particular FPGA (Kean: abstract).
	
Regarding Claim 4;
Kocher in combination with Martin disclose a method according to claim 1;
Kocher in combination with Martin disclose all the limitations as recited above, but do not explicitly disclose receiving the security data processing device on which have been stored the first data and a value of a permitted number of 
However, in an analogous art, Kean discloses programmable gate array system/method that includes:
receiving the security data processing device on which have been stored the first data and a value of a permitted number of target data processing devices on which the second data are permitted to be stored (Kean: par 0099; the customer buys licenses in blocks from core vendors and the TEP merely maintains a count of available licenses for a given core, decrementing the count each time the core is configured; par 0102; hardware devices such as smartcards or tokens provided by the TEP can be connected to the designer or customer's computer to undertake cryptographic tasks and shield secret information such as cryptographic keys; par 0107; for additional security, the secret information is stored on and encryption is carried out by a hardware token or smartcard coupled to the software running on the user computer); and for each target data processing device, using the security data processing device to: determine whether the value of the permitted number of target data processing devices is greater than zero (Kean: par 0108; the trusted software would then manage these licenses decrementing the available license count every time a chip was programmed and refusing to program chips once the licenses were exhausted); if so, obtain and verify the device cryptographic certificate (Kean: par 0016; the identification code of the programmable integrated circuit may be determined by accessing a JTAG interface of the programmable integrated circuit. The programmable integrated circuit may be an FPGA. Obtaining an encryption key may include looking up in a database an encryption key associated with the identification code. Obtaining an encryption key may include generating the encryption key using the identification code. Obtaining an encryption key may include loading an encrypted header file into the programmable integrated circuit), generate and store the second data (Kean: par 0016; obtaining an encryption key may include generating the encryption key using the identification code), and decrement the value of the permitted number of target data processing devices (Kean: par 0108; the trusted software would then manage these licenses decrementing the available license count every time a chip was programmed).  
 Therefore, it would have been obvious to a person of ordinary skill in the art, before the effective filing date of the claimed invention to combine the teachings of Kean with the method/system of Kocher in combination with Martin to include receiving the security data processing device on which have been stored the first data and a value of a permitted number of target data processing devices on which the second data are permitted to be stored; and for each target data processing device, using the security data processing device to: determine whether the value of the permitted number of target data processing devices is greater than zero; if so, obtain and verify the device cryptographic certificate, generate and store the second data, and decrement the value of the permitted number of target data processing devices. One would have been motivated to associate a limited number of field programmable gate arrays, with a secret key. Each field programmable gate array may only be properly configured or (Kean: abstract).

Regarding Claim 5;
Kocher in combination with Martin disclose a method according to claim 1, 
Kocher in combination with Martin disclose all the limitations as recited above, but do not explicitly disclose receiving the security data processing device on which have been stored the first data and receiving a value of a permitted number of target data processing devices on which the second data are permitted to be stored, and storing the value on the security data processing device; and for each target data processing device, using the security data processing device to: determine whether the value of the permitted number of target data processing devices is greater than zero; if so, obtain and verify the device cryptographic certificate, generate and store the second data, and decrement the value of the permitted number of target data processing devices.  
However, in an analogous art, Kean discloses programmable gate array system/method that includes:
receiving the security data processing device on which have been stored the first data and receiving a value of a permitted number of target data processing devices on which the second data are permitted to be stored, and storing the value on the security data processing device (Kean: par 0099; the customer buys licenses in blocks from core vendors and the TEP merely maintains a count of available licenses for a given core, decrementing the count each time the core is configured; par 0102; hardware devices such as smartcards or tokens provided by the TEP can be connected to the designer or customer's computer to undertake cryptographic tasks and shield secret information such as cryptographic keys; par 0107; for additional security, the secret information is stored on and encryption is carried out by a hardware token or smartcard coupled to the software running on the user computer); and for each target data processing device, using the security data processing device to: determine whether the value of the permitted number of target data processing devices is greater than zero (Kean: par 0108; the trusted software would then manage these licenses decrementing the available license count every time a chip was programmed and refusing to program chips once the licenses were exhausted); if so, obtain and verify the device cryptographic certificate (Kean: par 0016; the identification code of the programmable integrated circuit may be determined by accessing a JTAG interface of the programmable integrated circuit. The programmable integrated circuit may be an FPGA. Obtaining an encryption key may include looking up in a database an encryption key associated with the identification code. Obtaining an encryption key may include generating the encryption key using the identification code. Obtaining an encryption key may include loading an encrypted header file into the programmable integrated circuit), generate and store the second data (Kean: par 0016; obtaining an encryption key may include generating the encryption key using the identification code), and decrement the value of the permitted number of target data processing devices (Kean: par 0108; the trusted software would then manage these licenses decrementing the available license count every time a chip was programmed).
 Therefore, it would have been obvious to a person of ordinary skill in the art, before the effective filing date of the claimed invention to combine the (Kean: abstract).

Regarding Claim 7;
Kocher in combination with Martin and Kean disclose a method according to claim 3, 
Kocher further discloses receiving an encrypted value (Kocher: par 0170; one or more signed blocks are received. Additional unsigned data (such as an encrypted payload with validator) may also be received), and using the security data processing device to decrypt the encrypted value and store the decrypted value on the security data processing device (Kocher: par 0116; fig. 4; crypto module may be configured to decrypt and validate the encrypted payload portion(s), e.g. using base keys or keys derived from base keys; par 0164; decrypted by the delegate authority system as part of the process of obtaining the payload key).

Claim 8 is rejected under 35 U.S.C. 103 as being unpatentable over Kocher et al. (US 20140044265) in view of Martin et al. (US 20140237255) and further in view KIM et al. (“KIM,” US 20180227279, filed on 07/18/2016)
		
Regarding Claim 8; 
Kocher in combination with Martin disclose a method according to claim 2,
Kocher wherein receiving encrypted first data comprises the security data processing device receiving a public key of a first public key encryption key pair (Kocher: par 0065; root authority is associated with root-authority system that contains the cryptographic keys that manage the SM enabled ICs. Root-authority system is configured to generate one or more root signed blocks ("RSBs"). A RSB can include one or more SM commands, command templates, one or more delegate permissions, one or more keys (e.g., a delegate-public key).
Kocher in combination with Martin disclose all the limitations as recited above, but do not explicitly disclose transmitting a public key of a second public key encryption key pair stored on the security data processing device, combining the public key of the first key pair with a private key of the second key pair to produce a shared key, receiving encrypted first data that have been encrypted using the shared key, and decrypting the encrypted first data using the shared key.  
However, in an analogous art, KIM discloses communication between devices system/method that includes:
 (KIM: par 0133; fig. 7; transmit the encrypted second public key to the first device), combining the public key of the first key pair with a private key of the second key pair to produce a shared key (KIM: par 0135; fig. 7; the first device may generate a secret key by using the first private key and the second public key), receiving encrypted first data that have been encrypted using the shared key, and decrypting the encrypted first data using the shared key (KIM: par 0191; figs. 5 and 11; par 0104; the first device may generate a secret key by using the second public key and the first private key; par 0108; the second device may generate a secret key for encrypting the network key required for a communication channel; par 0111; the first device decrypt the encrypted network key by using the generated secret key).
Therefore, it would have been obvious to a person of ordinary skill in the art, before the effective filing date of the claimed invention to combine the teachings of KIM with the method/system of Kocher and Martin to include transmitting a public key of a second public key encryption key pair stored on the security data processing device, combining the public key of the first key pair with a private key of the second key pair to produce a shared key, receiving encrypted first data that have been encrypted using the shared key, and decrypting the encrypted first data using the shared key.  
One would have been motivated to decrypt the encrypted second authentication information by using the first authentication information, determining a secret key based on the decrypted second authentication information, and performing communication between the first device and the second device by using the determined secret key (Kim: abstract).


Conclusion

Any inquiry concerning this communication or earlier communications from the examiner should be directed to CHAO WANG whose telephone number is (313)446-6644.  The examiner can normally be reached on Monday-Friday 7:30-4:30PM EST.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Luu Pham can be reached on (571)270-5002.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service 




/C.W./Examiner, Art Unit 2439   


/LUU T PHAM/Supervisory Patent Examiner, Art Unit 2439