DETAILED ACTION
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
The present application, final filed on July 8, 2019, is accepted.
Claims 1 – 21 are being considered on the merits.

Drawings
The drawings, filed on July 8, 2019, are accepted.

Specification
The disclosure is objected to because of the following informalities:
In specification paragraph 3, line 1, “secretes” should read as “secrets”.
  Appropriate correction is required.

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1, 7, 12 - 13, and 20 are rejected under 35 U.S.C. 103 as being unpatentable over US 20200261673 A1 to Hickey et al., (hereafter, “Hickey”) in view of US 20050076216 A1 to Nyberg.
Regarding claim 1, Hickey teaches a method of sharing a secret between an isolated device connected to a network through a transmit-only unidirectional secure channel and a network connected user device, [Hickey, para. 194 discloses the control device 6010 sends the upgrade file to the RT device 4000. At step 9040, the RT device 4000 sends its unique identifier to the control device 6010. (In the further variation mentioned above, step 9040 is not needed as the control device 6010 already knows the unique identifier of the RT device 4000.) Step 9045 follows, at which the control device 6010 requests an authorisation code for the upgrade from the server 6040, passing the unique identifier of the RT device 4000. Step 9050 follows, at which the server 6040 obtains a key from the secret associated with the unique identifier received from the control device 6010, i.e. the secret that is shared with the RT device 4000. In one implementation, the key is a subset of data from the secret. The server 6040 then uses the key to derive an authorisation code from the upgrade file sent to the control device 6010 at step 9030. In one implementation of step 9050, the authorisation code is a Hashed Message Authorisation Code (HMAC) derived from a hash of the upgrade file. In another implementation, the authorisation code is a hash of the upgrade file, encrypted using the key] comprising: using at least one processor of the isolated device associated with a user for: [Hickey, para. 193 discloses In a further variation of the method 9000, step 9005 requests the RT device's unique identifier rather than its firmware version number. The RT device 4000 replies to the control device 6010 at step 9010 with its unique identifier. At step 9020, the control device 6010 asks the server 6040 for a firmware upgrade, passing the unique identifier. The server 6040 responds at step 9030 by sending a firmware upgrade file to the control device 6010, if one is requisite, based on the unique identifier. Such a variation allows the server 6040 to target specific devices for a firmware upgrade, rather than all devices with a certain firmware version number] transmitting the first component, via the unidirectional secure channel, to at least one computing node of a distributed system; [Hickey, para. 36 discloses obtaining the first shared secret comprises receiving, by the control device, the first shared secret entered via a user interface of the control device. The method may include confirming, by the control device, that the second shared secret is known to the respiratory therapy device. In some versions, the confirming may include computing a first hash value using the second shared secret; receiving from the respiratory therapy device over the insecure wireless communication channel, a second hash value; and comparing the first hash value with the second hash value. The method may include, upon the first hash value not being equal to the second hash value, generating user output via a user interface of the control device. The second shared secret may be used to establish a secure wireless communication channel between the control device and the respiratory therapy device. In some versions, the method may include computing a session key from the second shared secret. The method may include sending, by the control device over the secure wireless communication channel, a control parameter for controlling a respiratory therapy operation of the respiratory therapy device. The control parameter may include one of a pressure setting and a flow rate setting. The method may include receiving, by the control device over said secure wireless communication channel, data relating to respiratory therapy operation of the respiratory therapy device. The data may include any one or more of a number of respiratory events and a time of usage of the respiratory therapy device], but Hickey does not teach generating a secret value divided to first and second components; transferring the second component, via a tamper-resistant unidirectional insecure channel, to the network connected user device associated with the user to enable the network connected user device to reproduce the secret value by combining the first component received from the at least one computing node with the second component.
	However, Nyberg does teach generating a secret value divided to first and second components; [Nyberg, para. 22 discloses to attain said first and/or said second key, it is proposed that these keys are generated within the responder. Para. 86 discloses the responder R generates a Diffie-Hellman exchange token KEr, a short shared secret K, and computes an authentication code C using a MAC function MAC(K, KEr)] transferring the second component, via a tamper-resistant unidirectional insecure channel, to the network connected user device associated with the user to enable the network connected user device to reproduce the secret value by combining the first component received from the at least one computing node with the second component. [Nyberg, para. 21 discloses as the second key is already transmitted via a secure channel, it is possible to transmit said first key via an open communication channel, and the receiver can verify the authenticity of the first key. Para. 29 discloses transmitting said raw public key from said responder to said initiator within an encrypted certification payload using a second communication channel, extracting said raw public key from said encrypted certification payload, computing a verification code using said raw public key and said second key within said initiator, and comparing said verification code with said authentication code within said initiator.]
Therefore, it would have been obvious to one of ordinary skill within the art before the effective filling date to combine Nyberg’s system with Hickey’s system, with a motivation to provide an easy to use, secure way of communicating via a protocol for secure communication of peer devices, where no previous security relationship or online trusted third party can be used. [Nyberg, para. 11]

As per claim 7, modified Hickey teaches the method of claim 1, wherein the unidirectional insecure channel is a display of the isolated device, transferring the second component to the network connected user device via the unidirectional insecure channel comprises projecting a visually encoded version of the second component via the display which is scanned by the network connected device. [Hickey, para. 35 discloses obtaining the first shared secret via the different channel may rely on a physical access of the control device to the respiratory therapy device. Obtaining the first shared secret may include scanning, by the control device, a machine-readable form of the first shared secret printed on a housing of the respiratory therapy device. The machine-readable form may be a barcode. The barcode may be a QR code. Para. 39 discloses the control device may include a barcode reader. The processor may be further configured to obtain the first shared secret by utilising the barcode reader to scan a barcode printed on a housing of the respiratory therapy device. The barcode may encode the first shared secret. In some versions, the control device may include a user interface. The processor may be further configured to obtain the first shared secret via input entered through the user interface.]

As per claim 12, modified Hickey teaches the method of claim 1, wherein the at least one computing node provides the first component in response to a first request to obtain the first component and declines any successive request to obtain the first component. [Hickey, para. 149 discloses Returning to the method 7000, once the control device 6010 succeeds in establishing an insecure communication channel with the RT device 4000 in step 7010, the RT device 4000 may make itself no longer discoverable by other devices communicating on the standard protocol.]

As per claim 13, modified Hickey teaches the method of claim 12, further comprising, in case the network connected user device fails to obtain the first component due to a previous request for the first component received by the at least one computing node, the network connected user device generates a failure indication, in response to the failure indication the user informs the isolated device of the failure. [Hickey, para. 147 discloses if the unauthorised control device 6020 should succeed in pairing with the RT device 4000, this situation is detectable by the control device 6010 since its own pairing fails to complete with a certain predetermined time limit.  The control device 6010 may communicate this failure to the user, and prompt the user to repeat the initiating action (e.g. by pressing a button 4220 on the RT device 4000), which as mentioned above disconnects any control device paired with the RT device 4000.  In one implementation, the discoverable window may be of longer duration for the second and subsequent attempts at pairing than for the first attempt at pairing.]

Regarding claim 20, Hickey teaches an isolated device, comprising: at least one processor coupled to the first and second interfaces, the at least one processor is adapted to execute a code, the code comprising: [Hickey, para. 193 discloses In a further variation of the method 9000, step 9005 requests the RT device's unique identifier rather than its firmware version number. The RT device 4000 replies to the control device 6010 at step 9010 with its unique identifier. At step 9020, the control device 6010 asks the server 6040 for a firmware upgrade, passing the unique identifier. The server 6040 responds at step 9030 by sending a firmware upgrade file to the control device 6010, if one is requisite, based on the unique identifier. Such a variation allows the server 6040 to target specific devices for a firmware upgrade, rather than all devices with a certain firmware version number] code instructions to transmit the first component, via the unidirectional secure channel, to at least one computing node of a distributed system, [Hickey, para. 36 discloses obtaining the first shared secret comprises receiving, by the control device, the first shared secret entered via a user interface of the control device. The method may include confirming, by the control device, that the second shared secret is known to the respiratory therapy device. In some versions, the confirming may include computing a first hash value using the second shared secret; receiving from the respiratory therapy device over the insecure wireless communication channel, a second hash value; and comparing the first hash value with the second hash value. The method may include, upon the first hash value not being equal to the second hash value, generating user output via a user interface of the control device. The second shared secret may be used to establish a secure wireless communication channel between the control device and the respiratory therapy device. In some versions, the method may include computing a session key from the second shared secret. The method may include sending, by the control device over the secure wireless communication channel, a control parameter for controlling a respiratory therapy operation of the respiratory therapy device. The control parameter may include one of a pressure setting and a flow rate setting. The method may include receiving, by the control device over said secure wireless communication channel, data relating to respiratory therapy operation of the respiratory therapy device. The data may include any one or more of a number of respiratory events and a time of usage of the respiratory therapy device], but Hickey does not teach a transmit-only first interface, adapted to transmit data via a unidirectional secure channel; a transmit only second interface adapted to transmit data via a tamper-resistant unidirectional insecure channel; code instructions to generate a secret value divided to first and second components, and code instructions to transfer the second component, via the tamper- resistant unidirectional insecure channel, to the network connected user device associated with the user to enable the network connected user device to reproduce the secret value by combining the first component received from the at least one computing node with the second component.
	However, Nyberg does teach a transmit-only first interface, adapted to transmit data via a unidirectional secure channel; [Nyberg, para. 51 discloses a module for providing secure communication with a communication device, said module comprising first transmission means for receiving a second key and an authentication code from a responder via said first communication channel] a transmit only second interface adapted to transmit data via a tamper-resistant unidirectional insecure channel; [Nyberg, para. 51 discloses second transmission means for receiving a first key from said responder via a second communication channel] code instructions to generate a secret value divided to first and second components, [Nyberg, para. 22 discloses to attain said first and/or said second key, it is proposed that these keys are generated within the responder. Para. 86 discloses the responder R generates a Diffie-Hellman exchange token KEr, a short shared secret K, and computes an authentication code C using a MAC function MAC(K, KEr)] code instructions to transmit the first component, via the unidirectional secure channel, to at least one computing node of a distributed system, [Nyberg, para. 20 discloses to prevent said second key and said authentication code from eavesdropping and tampering, it is proposed that these are transmitted via a confidential and/or authenticated communication channel such as the first communication channel. Para. 28 discloses To authenticate messages transmitted from initiator to responder, it is proposed that said authentication value is used for authenticating messages transmitted from said initiator to said responder, and vice versa. In case a standard protocol, such as IKEv2, is used, the steps of computing an authentication code using a first key and a second key within said responder, and transmitting said second key and said authentication code from said responder to said initiator using a first communication channel may be understood as pre-authentication messages] and code instructions to transfer the second component, via the tamper- resistant unidirectional insecure channel, to the network connected user device associated with the user to enable the network connected user device to reproduce the secret value by combining the first component received from the at least one computing node with the second component. [Nyberg, para. 21 discloses as the second key is already transmitted via a secure channel, it is possible to transmit said first key via an open communication channel, and the receiver can verify the authenticity of the first key. Para. 29 discloses transmitting said raw public key from said responder to said initiator within an encrypted certification payload using a second communication channel, extracting said raw public key from said encrypted certification payload, computing a verification code using said raw public key and said second key within said initiator, and comparing said verification code with said authentication code within said initiator.]
Therefore, it would have been obvious to one of ordinary skill within the art before the effective filling date to combine Nyberg’s system with Hickey’s system, with a motivation to provide an easy to use, secure way of communicating via a protocol for secure communication of peer devices, where no previous security relationship or online trusted third party can be used. [Nyberg, para. 11]

Claims 2 - 4, 8- 11, 18 - 19 and 21  are rejected under 35 U.S.C. 103 as being unpatentable over US 20200261673 A1 to Hickey et al., (hereafter, “Hickey”) in view of US 20050076216 A1 to Nyberg in further view of US 20200252382 A1 to Peddada IV, et al. (hereafter, “Peddada”).
Regarding claim 2, modified Hickey teaches the method of claim 1, but modified Hickey does not teach further comprising verifying the secret value is correctly shared with the network connected user device by analyzing a limited length string generated by the network connected user device based on the secret value.
However, Peddada does teach further comprising verifying the secret value is correctly shared with the network connected user device by analyzing a limited length string generated by the network connected user device based on the secret value. [Peddada, para. 18 discloses the disclosed systems and methods allow the client system to verify that a message is actually from a server system that it is attempting to access, rather than a malicious third-party (e.g., implementing a man-in-the-middle attack). This, in turn, may allow the client and server systems to securely perform authentication operations without reliance on a secure connection (e.g., using TLS) between the two systems, improving the security of the authentication process.]
	Therefore, it would have been obvious to one of ordinary skill within the art before the effective filling date to combine Peddada’s system with modified Hickey’s system, with a motivation to communicate over a secure connection by the client and server systems and improve data security for both a web service and its users [Peddada, para. 18]

 Regarding claim 3, modified Hickey teaches the method of claim 2, but modified Hickey does not teach wherein the limited length string is received from the user operating a limited capacity input interface of the isolated device. 
However, Peddada does teach wherein the limited length string is received from the user operating a limited capacity input interface of the isolated device. [Peddada, para. 74 discloses the client system receives, from a server system, an authentication challenge that includes challenge information and a first partial signature value.]
Therefore, it would have been obvious to one of ordinary skill within the art before the effective filling date to combine Peddada’s system with modified Hickey’s system, with a motivation to communicate over a secure connection by the client and server systems and improve data security for both a web service and its users [Peddada, para. 18]

Regarding claim 4, modified Hickey teaches the method of claim 2, but modified Hickey does not teach further comprising verifying the secret value is correctly shared with the network user connected device based on a challenge by: transferring the challenge to the network connected user device via the unidirectional insecure channel, receiving, from the user, a limited length string generated by the network connected user device based on the challenge and the secret value, and verifying correctness of the secret value by analyzing the received limited length string. 
However, Nyberg teach transferring the challenge to the network connected user device via the unidirectional insecure channel [Nyberg, para. 28 discloses transmitting said second key and said authentication code from said responder to said initiator using a first communication channel may be understood as pre-authentication messages and steps of transmitting said first key from said responder to said initiator using a second communication channel and using said authentication value for authenticating messages transmitted from said initiator to said responder. Para. 21 discloses as the second key is already transmitted via a secure channel, it is possible to transmit said first key via an open communication channel, and the receiver can verify the authenticity of the first key.], but Hickey in view of Nyberg does not teach receiving, from the user, a limited length string generated by the network connected user device based on the challenge and the secret value, and verifying correctness of the secret value by analyzing the received limited length string.
However, Peddada does teach receiving, from the user, a limited length string generated by the network connected user device based on the challenge and the secret value, [Peddada, para. 30 discloses server system 120 may determine whether to authenticate the user of client system 102 to the service 122 based on the authentication value 148. For example, in embodiments in which the authentication value 148 is a digest value based on the recovered challenge value, the server system 120 may similarly generate a digest value (e.g., using the same hash function) based on the challenge value 138 and compare] and verifying correctness of the secret value by analyzing the received limited length string [Peddada, para. 30 discloses the authentication value 148 is a digest value based on the recovered challenge value, the server system 120 may similarly generate a digest value (e.g., using the same hash function) based on the challenge value 138 and compare. If the two values match, the server system 120 may authenticate the user and allow the user to access the service 122. If, however, the two values do not match, the server system 120 may take one or more corrective actions, such as denying the user access to the service 122, initiating additional authentication operations, etc] 
Therefore, it would have been obvious to one of ordinary skill within the art before the effective filling date to combine Peddada’s system and Nyberg’s system with modified Hickey’s system, with a motivation to communicate over a secure connection by the client and server systems and improve data security for both a web service and its users [Peddada, para. 18] and provide an easy to use, secure way of communicating via a protocol for secure communication of peer devices, where no previous security relationship or online trusted third party can be used. [Nyberg, para. 11]

Regarding claim 8, modified Hickey teaches the method of claim 1, but modified Hickey does not teach wherein the network connected user device receives the first component via a secure connection established with the at least one computing node by encrypting communication transmitted between the network connected user device and the at least one computing node using respective encryption keys of respective encryption-decryption key pairs uniquely associated with the network connected user device and with the at least one computing node. 
However, Peddada does teach wherein the network connected user device receives the first component via a secure connection established with the at least one computing node by encrypting communication transmitted between the network connected user device and the at least one computing node using respective encryption keys of respective encryption-decryption key pairs uniquely associated with the network connected user device and with the at least one computing node. [Peddada, para. 38 discloses the server private key has been split into two components (that is, components 118 and 136), the two partial signature values 144 and 146 may be combined in a manner that produces a final signature value that is the same as a signature value generated based on the entire server private key. Para. 31 discloses server system 120 may generate a partial signature value 144 using the server private key component 136 and send partial signature value 144 to the client system 102. The client system 102 may then generate its own partial signature value 146 using its server private key component 118, and combine the partial signature values 144 and 146 to generate a final signature value. In doing so, both the server system 120 and the client system 102 contributed to the computation of the final signature value without revealing their respective server private key components. Para. 66 discloses the server system and the client system may communicate via either a secured or unsecured network connection. For example, in some embodiments, the server system and client system communicate over a secured network connection using the TLS protocol]
	Therefore, it would have been obvious to one of ordinary skill within the art before the effective filling date to combine Peddada’s system with modified Hickey’s system, with a motivation to communicate over a secure connection by the client and server systems and improve data security for both a web service and its users [Peddada, para. 18]

Regarding claim 9, modified Hickey teaches the method of claim 8, but modified Hickey does not teach wherein the isolated device transfers the respective encryption key of the at least one computing node to the network connected user device via a tamper-resistant unidirectional insecure channel.
However, Nyberg does teach wherein the isolated device transfers the respective encryption key of the at least one computing node to the network connected user device via a tamper-resistant unidirectional insecure channel. [Nyberg, para. 40 discloses second transmission means for transmitting said first key from said responder to said initiator using a second communication channel, said initiator comprises first transmission means for receiving said second key and said authentication code from said responder via said first communication channel, second transmission means for receiving said first key from said responder via a second communication channel. Para. 18 discloses the second communication channel may be any wireless or wired communication channel, which might be insecure. para. 21 discloses as the second key is already transmitted via a secure channel, it is possible to transmit said first key via an open communication channel, and the receiver can verify the authenticity of the first key.]
Therefore, it would have been obvious to one of ordinary skill within the art before the effective filling date to combine Nyberg’s system with modified Hickey’s system, with a motivation to provide an easy to use, secure way of communicating via a protocol for secure communication of peer devices, where no previous security relationship or online trusted third party can be used. [Nyberg, para. 11]

Regarding claim 10, modified Hickey teaches the method of claim 8, but modified Hickey does not teach further comprising signing the first component transmitted to the at least one computing node to enable the network connected user device to authenticate that the first component received from the at least one computing node genuinely originates from the isolated device.
However, Peddada does teach further comprising signing the first component transmitted to the at least one computing node to enable the network connected user device to authenticate that the first component received from the at least one computing node genuinely originates from the isolated device. [Peddada, para. 69 discloses the server system generates a partial signature value based on the first component of the server private key but not an entire server private key. In some embodiments, for example, generating the partial signature value includes generating a digest value based on an initial input value, which may help to prevent and detect tampering in the middle by a third-party. Para. 70 discloses the server system sends, to the client system, an authentication challenge that includes the challenge information and the partial signature value. Para. 71 discloses the server system receives an authentication response from the client system. In various embodiments, the authentication response indicates a decrypted challenge value generated, by the client system, based on a second component of the client private key. For example, in some embodiments, the authentication response may include the decrypted challenge value generated by the client system. In other embodiments, however, the authentication response may include an authentication value (e.g., authentication value 148), such as hash value generated based on the decrypted challenge value, which may be considered to be “indicative” of the decrypted challenge value.]
Therefore, it would have been obvious to one of ordinary skill within the art before the effective filling date to combine Peddada’s system with modified Hickey’s system, with a motivation to verify that a message is actually from a server system that it is attempting to access, rather than a malicious third-party, and allow the client and server systems to securely perform authentication operations without reliance on a secure connection (e.g., using TLS) between the two systems, improving the security of the authentication process. [Peddada, para. 18]

Regarding claim 11, modified Hickey teaches the method of claim 1, modified Hickey does not teach wherein a unique identifier associating the first component with the second component is transferred by the isolated device to the at least one computing node and to the network connected user device, the network connected user device uses the unique identifier to identify, to the at least one computing node, the requested first component associated with the second component.
However, Nyberg does teach wherein a unique identifier associating the first component with the second component is transferred by the isolated device to the at least one computing node and to the network connected user device, [Nyberg, para. 51 discloses a module for providing secure communication with a communication device, said module comprising first transmission means for receiving a second key and an authentication code from a responder via said first communication channel, second transmission means for receiving a first key from said responder via a second communication channel, computing means to compute a verification code from said first key and said second key, and comparing means for comparing said verification code with said authentication code ciphering means, ciphering a message to be sent to said responder, where said ciphered message is ciphered with a shared secret key at least partially derived from said first key. Para. 17 discloses the first communication channel is in particular a proximity-based, narrow band communication channel. Such a location-limited channel should have two properties. First, it should support demonstrative identification; that is, identification based on physical context. Communication technologies that have inherent physical limitations in their transmissions are good candidates. The second property of the location-limited channel should be authenticity, which means that it is impossible or difficult for an attacker to transmit in that channel, or at least to transmit without being detected by the legitimate participants] the network connected user device uses the unique identifier to identify, to the at least one computing node, the requested first component associated with the second component. [Nyberg, Para. 77 discloses the responder R asserts his identity with the IDr payload, optionally sends one or more certificates (again with the certificate containing the public key used to verify AUTH listed first), authenticates his identity with the AUTH payload, and completes negotiation with the additional fields in message 8.]
Therefore, it would have been obvious to one of ordinary skill within the art before the effective filling date to combine Nyberg’s system with modified Hickey’s system, with a motivation to provide an easy to use, secure way of communicating via a protocol for secure communication of peer devices, where no previous security relationship or online trusted third party can be used. [Nyberg, para. 11]

Regarding claim 18, modified Hickey teaches the method of claim 1, but modified Hickey does not teach wherein the secret value shared with the network connected user device is an encryption-decryption key pair uniquely associated with the network connected user device to associate the network connected user device with the isolated device and the user, the network connected user device uses the encryption-decryption key pair to securely communicate on behalf of the associated user with the at least one computing node to which the decryption key of the encryption-decryption key pair is published.
However, Peddada does teach wherein the secret value shared with the network connected user device is an encryption-decryption key pair uniquely associated with the network connected user device to associate the network connected user device with the isolated device and the user, the network connected user device uses the encryption-decryption key pair to securely communicate on behalf of the associated user with the at least one computing node to which the decryption key of the encryption-decryption key pair is published. [Peddada, Para. 16 discloses the server and client systems may establish an asymmetric key-pair (e.g., based on RSA, ElGamal, or any other suitable asymmetric key encryption scheme) and split the private key into multiple parts or “components.” (As used herein, splitting a key into “components” refers to the process of decomposing the key value into multiple addends that, when summed, add up to the entire key. In various embodiments, each such addend may be referred to as a “component” of the key.) In various embodiments, some—but not all—of the components are stored at the server system and some—but not all—of the components are stored at the client system such that no one entity has access to the entire private key. By not storing the entire private key at any one location, the risk of discovery of the private key by a malicious third-party is greatly reduced. In various embodiments, both the server and the client may use their respective components of the private key to independently generate signature values (e.g., based on some message or value, such as a digest value). These “partial” signature values (generated by the client and server systems) may then be combined to create a “final” signature value, which may be the same value as a signature value generated based on the entire private key.]
Therefore, it would have been obvious to one of ordinary skill within the art before the effective filling date to combine Peddada’s system with modified Hickey’s system, with a motivation to verify that a message is actually from a server system that it is attempting to access, rather than a malicious third-party, and allow the client and server systems to securely perform authentication operations without reliance on a secure connection (e.g., using TLS) between the two systems, improving the security of the authentication process. [Peddada, para. 18]

Regarding claim 19, modified Hickey teaches the method of claim 1, but modified Hickey does not teach wherein the secret value shared with the network connected user device is an encryption-decryption key pair uniquely associated with the network connected user device to associate the network connected user device with the isolated device and the user, the isolated device uses a decryption key of the encryption-decryption key pair to securely transmit data to the network connected user device, the isolated device securely transmits the data to the network connected user device via at least one of: the unidirectional secure channel.
However, Nyberg does teach wherein the secret value shared with the network connected user device is an encryption-decryption key pair uniquely associated with the network connected user device to associate the network connected user device with the isolated device and the user, the isolated device uses a decryption key of the encryption-decryption key pair to securely transmit data to the network connected user device, [Nyberg, para. 29 discloses a method for securing a communication between at least one initiator and one responder of said communication using legacy authentication comprising: computing an authentication code using a raw public key and a second key within said responder, transmitting said second key and said authentication code from said responder to said initiator using a first communication channel, transmitting said raw public key from said responder to said initiator within an encrypted certification payload using a second communication channel, extracting said raw public key from said encrypted certification payload, computing a verification code using said raw public key and said second key within said initiator, and comparing said verification code with said authentication code within said initiator] the isolated device securely transmits the data to the network connected user device via at least one of: the unidirectional secure channel [Nyberg, para. 40 discloses first transmission means for transmitting said second key and said authentication code from said responder to said initiator using a first communication channel. Para. 17 discloses said first communication channel can be realised for example over infrared, radio frequency RF, audio, video, human communication or other interfaces. The first communication channel is in particular a proximity-based, narrow band communication channel. Such a location-limited channel should have two properties. First, it should support demonstrative identification; that is, identification based on physical context. Communication technologies that have inherent physical limitations in their transmissions are good candidates. The second property of the location-limited channel should be authenticity, which means that it is impossible or difficult for an attacker to transmit in that channel, or at least to transmit without being detected by the legitimate participants.] and the tamper- resistant unidirectional insecure channel which is made secure by use of the encryption-decryption key pair. [Nyberg, para. 40 discloses second transmission means for transmitting said first key from said responder to said initiator using a second communication channel. Para. 18 discloses the second communication channel may be any wireless or wired communication channel, which might be insecure in terms of eavesdropping and/or tampering of the communication.]
Therefore, it would have been obvious to one of ordinary skill within the art before the effective filling date to combine Nyberg’s system with modified Hickey’s system, with a motivation to provide an easy to use, secure way of communicating via a protocol for secure communication of peer devices, where no previous security relationship or online trusted third party can be used. [Nyberg, para. 11]

Regarding claim 21, modified Hickey teaches the isolated device of claim 20, but modified Hickey does not teach further comprising a third interface adapted to receive limited length strings, the code further comprising code instructions to verify the secret value is correctly shared with the network connected user device by analyzing a limited length string generated by the network connected user device based on the secret value. 
However, Peddada does teach further comprising a third interface adapted to receive limited length strings, the code further comprising code instructions to verify the secret value is correctly shared with the network connected user device by analyzing a limited length string generated by the network connected user device based on the secret value. [Peddada, para. 18 discloses the disclosed systems and methods allow the client system to verify that a message is actually from a server system that it is attempting to access, rather than a malicious third-party (e.g., implementing a man-in-the-middle attack). This, in turn, may allow the client and server systems to securely perform authentication operations without reliance on a secure connection (e.g., using TLS) between the two systems, improving the security of the authentication process.]
	Therefore, it would have been obvious to one of ordinary skill within the art before the effective filling date to combine Peddada’s system with modified Hickey’s system, with a motivation to communicate over a secure connection by the client and server systems and improve data security for both a web service and its users [Peddada, para. 18]

Claim 5 is rejected under 35 U.S.C. 103 as being unpatentable over US 20200261673 A1 to Hickey et al., (hereafter, “Hickey”) in view of US 20050076216 A1 to Nyberg in further view of US 20200366653 A1 to Caceres et al., (hereafter “Caceres”).
Regarding claim 5, modified Peddada teaches the method of claim 1, but modified Peddada does not teach wherein the distributed system comprises a plurality of computing nodes providing at least one service to the isolated device, the isolated device locally stores a plurality of encryption keys each of a respective one of a plurality of encryption-decryption key pairs each uniquely associated with a respective one of the plurality of computing nodes. 
	However, Caceres does teach wherein the distributed system comprises a plurality of computing nodes providing at least one service to the isolated device, [Caceres, para. 12 discloses a client device may offload one or more application workloads to a network compute node, which may be one of a plurality of network compute nodes deployed in a multi-access edge computing (MEC) environment, a decentralized fog computing environment, a public or private cloud computing environment, a data center, a compute cluster, and/or the like] the isolated device locally stores a plurality of encryption keys each of a respective one of a plurality of encryption-decryption key pairs each uniquely associated with a respective one of the plurality of computing nodes. [Caceres, para. 13 discloses each network compute node may be associated with a hardware security module (HSM), which may be similarly deployed in a MEC environment, a decentralized fog computing environment, a public or private cloud computing environment, a data center, a compute cluster, and/or the like, and each network compute node may include a trusted execution environment (TEE) to execute the application workload(s) offloaded to the network compute node in hardware that is isolated from a rich execution environment associated with the network compute node. The HSM associated with a particular network compute node may be used to store one or more cryptographic keys that are used to encrypt and decrypt data associated with the application workload(s) processed in the TEE associated with the corresponding network compute node, and the HSM may be granted permission to access and use the cryptographic keys based on a state of a blockchain controlled by the client device using one or more private or secret keys maintained in a secure element of the client device.]
Therefore, it would have been obvious to one of ordinary skill within the art before the effective filling date to combine Caceres’s system with Peddada’s system, with a motivation to store and process data associated with the application workload(s) offloaded to the network compute node may be logically separated into a compute layer where the data is stored and processed, and use a privacy layer to ensure that unauthorized parties cannot access the data stored and processed in the compute layer. [Caceres, para. 14]

Claim 6 is rejected under 35 U.S.C. 103 as being unpatentable over US 20200261673 A1 to Hickey et al., (hereafter, “Hickey”) in view of US 20050076216 A1 to Nyberg in further view of US 20200366653 A1 to Caceres et al., (hereafter “Caceres”) and in further view of US 20180212762 A1 to Peddada et al., (hereafter, "Pedda").
Regarding claim 6, modified Hickey teaches the method of claim 5, but modified Hickey does  not teach wherein the unidirectional secure channel established with the at least one computing node is secured by encrypting communication transmitted from the isolated device using the encryption key of the respective encryption-decryption key pair uniquely associated with the at least one computing node.
However, Pedda does teach wherein the unidirectional secure channel established with the at least one computing node is secured by encrypting communication transmitted from the isolated device using the encryption key of the respective encryption-decryption key pair uniquely associated with the at least one computing node. [Pedda, para. 59 discloses The message (or more than one message) conveys at least two things from the system or service to the remote client; namely, (1) a “challenge,” encrypted with the user's public key, and (2) a partial decryption result, i.e. a result of decrypting the encrypted challenge using a fragment of the user's private key that was previously provided to the identity service. Para. 60 discloses the client side app utilizes the remaining fragments of the user's private key (one or more fragments that were not sent to the server side) to complete decryption of the encrypted challenge. Para. 72 discloses the server side creates and encrypts a challenge, block 554, and transmits it to the requesting client app via a communication path 556, which may comprise a network. The client side app 550 receives the encrypted challenge. That app conducts a partial decryption of the challenge using a fragment of the user's private key, in this illustration Fragment 2, to form a partial result]
Therefore, it would have been obvious to one of ordinary skill within the art before the effective filling date to combine Pedda’s system with modified Hickey’s system, with a motivation to enable secure remote user login without requiring a password. [Pedda, para. 72]

Claims 14 - 16 are rejected under 35 U.S.C. 103 as being unpatentable over US 20200261673 A1 to Hickey et al., (hereafter, “Hickey”) in view of US 20050076216 A1 to Nyberg in further view of US 10965448 B1 to Raman et al., (hereafter, “Raman”).
Regarding claim 14, modified Hickey teaches the method of claim 1, but modified Hickey does not teach further comprising transmitting a plurality of first components of the secret value to a group of computing nodes of the distributed system, the network connected user device communicates with each computing node of the group to receive the plurality of first components, the network connected user device reproduces the secret value by combining the plurality of first components with the second component. 
However, Raman does teach further comprising transmitting a plurality of first components of the secret value to a group of computing nodes of the distributed system, [Raman, col. 1 lines 63 – 67 to col. 2 lines 1 – 3 discloses using a secret sharing process, dividing, by the computing device, the private key into a number of shares equivalent to a number of nodes in the particular subset of the nodes. The first example embodiment may also involve distributing, by the computing device, the shares of the private key amongst the particular subset of the nodes, such that each node therein receives exactly one of the shares of the private key] the network connected user device communicates with each computing node of the group to receive the plurality of first components, [Raman, col. 12 lines 63 – 66 discloses let Cr represent the cost of communicating one unit of data by all peers in the network with each peer communicating the code word corresponding to the data block and the secret share of the encryption key. Col. 13 lines 7 – 8 discloses each peer could also communicate the secret shares of hash values corresponding to the next d blocks] the network connected user device reproduces the secret value by combining the plurality of first components with the second component. [Raman, col. 12 lines 10 – 16 discloses recovery process 416 involves decoding key 418 and decrypting blocks 420. Decoding key 418 may involve obtaining shares of a private key from a given zone (e.g., zone 414A) and using a combination of the shares to recreate the private key. The recreated private key can be used to decrypt the sub-blocks obtained from the same zone.]
	Therefore, it would have been obvious to one of ordinary skill within the art before the effective filling date to combine Raman’s system with modified Hickey’s system, with a motivation to use a combination of distributed storage, private key encryption, and secret sharing techniques to distribute and securely store data blocks. [Raman, col. 1 lines 42 - 44]

 Regarding claim 15, modified Hickey teaches the method of claim 1, but modified Hickey does not teach further comprising splitting the first component to a plurality of first components using at least one secret sharing algorithm applied according to at least one configuration parameter and transmitting the plurality of first components to a group of computing nodes of the distributed system, the network connected user device reproduces the secret value by combining a subset of the plurality of first components with the second component, the subset of first components is received from a sufficient number of computing nodes defined by the at least one configuration parameter. 
However, Raman does teach further comprising splitting the first component to a plurality of first components using at least one secret sharing algorithm applied according to at least one configuration parameter [Raman, para. 58 discloses in addition to divide and distribute, the storage process 404 also includes secret sharing 412, which may involve using a secret sharing process to divide and distribute the private keys used for encryption amongst the nodes in the zone storing the sub-blocks of the encrypted data block 402. For instance, after encrypting the data block 402 using a first private key in order to store the data block 402 as sub-blocks in the first zone 414A, the first private key can be partitioned into shares to enable the shares to be distributed among the peers in the first zone 414 using a secret sharing process. When the private key is divided and distributed across the peers in a given zone, a single peer cannot use the private key without collusion with the other peers within the zone to decrypt the encrypted data block 402. The secret sharing process can increase security and may correspond to various types of secret sharing processes within examples, such as Shamir's secret sharing, Reed-Solomon codes, or linear codes for minimal secret sharing] and transmitting the plurality of first components to a group of computing nodes of the distributed system, [Raman, col. 1 lines 63 – 67 to col. 2 lines 1 – 3 discloses using a secret sharing process, dividing, by the computing device, the private key into a number of shares equivalent to a number of nodes in the particular subset of the nodes. The first example embodiment may also involve distributing, by the computing device, the shares of the private key amongst the particular subset of the nodes, such that each node therein receives exactly one of the shares of the private key] the network connected user device reproduces the secret value by combining a subset of the plurality of first components with the second component, [Raman, col. 12 lines 10 - 16discloses recovery process 416 involves decoding key 418 and decrypting blocks 420. Decoding key 418 may involve obtaining shares of a private key from a given zone (e.g., zone 414A) and using a combination of the shares to recreate the private key. The recreated private key can be used to decrypt the sub-blocks obtained from the same zone] the subset of first components is received from a sufficient number of computing nodes defined by the at least one configuration parameter. [Raman, col. 11 lines 3 – 17 discloses the computing system 100 may also logically partition the network of nodes into non-overlapping hash zones, each hash zone containing a subset of the nodes. In some examples, the non-overlapping hash zones can differ from the non-overlapping zones. In other examples, the non-overlapping hash zones can match the non-overlapping zones. The computing system 100 may determine a hash value corresponding to the data block and use a secret sharing process to divide the hash value. The computing system 100 may divide the hash value into a number of hash shares equivalent to a number of nodes in a particular hash zone of the non-overlapping hash zones and distribute the hash shares amongst the nodes in the particular hash zone such that each node receives exactly one of the hash shares of the hash value]
Therefore, it would have been obvious to one of ordinary skill within the art before the effective filling date to combine Raman’s system with modified Hickey’s system, with a motivation to use a combination of distributed storage, private key encryption, and secret sharing techniques to distribute and securely store data blocks. [Raman, col. 1 lines 42 - 44]

Regarding claim 16, modified Hickey teaches the method of claim 1, but modified Hickey does not teach further comprising transmitting a plurality of first components to a plurality of computing nodes of the distributed system, the network connected user device reproduces the secret value by combining a subset of the plurality of first components with the second component, the network connected user device generates a limited length string indicative of the subset, the a limited length string is provided to the isolated device to enable the isolated device to confirm validity of the first components received by the network connected user device from the subset of computing nodes. 
However, Raman does teach further comprising transmitting a plurality of first components to a plurality of computing nodes of the distributed system, [Raman, col. 1 lines 63 – 67 to col. 2 lines 1 – 3 discloses using a secret sharing process, dividing, by the computing device, the private key into a number of shares equivalent to a number of nodes in the particular subset of the nodes. The first example embodiment may also involve distributing, by the computing device, the shares of the private key amongst the particular subset of the nodes, such that each node therein receives exactly one of the shares of the private key] the network connected user device reproduces the secret value by combining a subset of the plurality of first components with the second component, [Raman, col. 12 lines 10 - 16discloses recovery process 416 involves decoding key 418 and decrypting blocks 420. Decoding key 418 may involve obtaining shares of a private key from a given zone (e.g., zone 414A) and using a combination of the shares to recreate the private key. The recreated private key can be used to decrypt the sub-blocks obtained from the same zone] the network connected user device generates a limited length string indicative of the subset, [Raman, col. 10 lines 12 – 20 discloses n nodes represent an amount of nodes that is less than the q nodes available in the blockchain network. As such, Shamir's secret sharing holds that any subset of nodes that has a size less than k nodes is unable to obtain enough information to determine the secret shared with n nodes despite colluding together. Conversely, any subset of nodes that includes at least k nodes can obtain complete information regarding the stored secret through collusion], but modified Hickey in view of Raman does not teach the a limited length string is provided to the isolated device to enable the isolated device to confirm validity of the first components received by the network connected user device from the subset of computing nodes.
However, Peddada does teach the a limited length string is provided to the isolated device to enable the isolated device to confirm validity of the first components received by the network connected user device from the subset of computing nodes.. [Peddada, para. 18 discloses the disclosed systems and methods allow the client system to verify that a message is actually from a server system that it is attempting to access, rather than a malicious third-party (e.g., implementing a man-in-the-middle attack). This, in turn, may allow the client and server systems to securely perform authentication operations without reliance on a secure connection (e.g., using TLS) between the two systems, improving the security of the authentication process.]
	Therefore, it would have been obvious to one of ordinary skill within the art before the effective filling date to combine Peddada’s system and Raman’s system with modified Hickey’s system, with a motivation to communicate over a secure connection by the client and server systems and improve data security for both a web service and its users [Peddada, para. 18] and use a combination of distributed storage, private key encryption, and secret sharing techniques to distribute and securely store data blocks. [Raman, col. 1 lines 42 - 44]

Claim 17 is rejected under 35 U.S.C. 103 as being unpatentable over US 20200261673 A1 to Hickey et al., (hereafter, “Hickey”) in view of US 20050076216 A1 to Nyberg in further view of US 9589397 B1 to Christopher et al., (hereafter “Chris”).
Regarding claim 17, modified Hickey teaches the method of claim 1, but modified Hickey does not teach wherein the secret value is shared with the network connected user device to create a One-Time Password (OTP) used by the user to access the isolated device.
However, Chris does teach wherein the secret value is shared with the network connected user device to create a One-Time Password (OTP) used by the user to access the isolated device. [Chris, col. 4 lines 49 – 59 discloses obtain a current time as the access time of the identification device, retrieve the secret key from the data store, generate the time-based one time password based on the access time and the secret key, and determine whether the password received from the identification device matches the time-based one time password generated by the IoT device; and an entrance control module configured to, when the password received from the identification device matches the time-based one time password, control the IoT based entrance to grant access to the user of the identification device.]
Therefore, it would have been obvious to one of ordinary skill within the art before the effective filling date to combine Chris’s system with modified Hickey’s system, with a motivation to compare the time-based password generated with the password received from the identification device, and determine if the identification device passes the time-based one time password verification process. If the password received from the identification device matches the time-based password generated, the password verification module may determine that the identification device 120 passes the time-based one time password verification process. [Chris, col. 11 lines 10 – 19]

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to Phuc Pham whose telephone number is (571)272-8893.  The examiner can normally be reached on Monday - Thursday 7:30 AM - 4:30 PM; Friday 8:00 AM - 12:00 PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Kambiz Zand can be reached on (571)272-3811.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.




/P.P./Patent Examiner, Art Unit 2434                                                                                                                                                                                                        
/NOURA ZOUBAIR/Primary Examiner, Art Unit 2434