DETAILED ACTION
This Non Final Office Action is in response to Application filed on 05/26/2020.
Claims 1-12 filed on 05/26/2020 are being considered on the merits.

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Information Disclosure Statement
The information disclosure statements (IDS) submitted on 08/13/2020 have been considered. The submission is in compliance with the provisions of 37 CFR 1.97.  Accordingly an initialed and dated copy of Applicant's IDS form 1449 filed 08/13/2020 are attached to the instant Office action. 

Drawings
The drawings are objected to because Figure 5 (S28) should swap the conditional statement, i.e. the conditional statement Cr <threshold value? Yes, then proceed to block S21, No, then proceed to S29. The same correction is required to the conditional block of Figure 7, (S56).  This is supported in [0033-0034] of the instant application  Corrected drawing sheets in compliance with 37 CFR 1.121(d) are required in reply to the Office action to avoid abandonment of the application. Any amended replacement drawing sheet should include all of the figures appearing on the immediate prior version of the sheet, even if only one figure is being amended. The figure or figure number of an amended drawing should not be labeled as “amended.” If a drawing figure is to be canceled, the appropriate figure must be removed from the replacement sheet, and where necessary, the remaining figures must be renumbered and appropriate changes made to the brief description of the several views of the drawings for consistency. Additional replacement sheets may be necessary to show the renumbering of the remaining figures. Each drawing sheet submitted after the filing date of an application must be labeled in the top margin as either “Replacement Sheet” or “New Sheet” pursuant to 37 CFR 1.121(d). If the changes are not accepted by the examiner, the applicant will be notified and informed of any required corrective action in the next Office action. The objection to the drawings will not be held in abeyance.

Specification
Applicant is reminded of the proper language and format for an abstract of the disclosure.
should describe the disclosure sufficiently to assist readers in deciding whether there is a need for consulting the full patent text for details.

The language should be clear and concise and should not repeat information given in the title. It should avoid using phrases which can be implied, such as, "The disclosure concerns," "The disclosure defined by this invention," "The disclosure describes," etc. In addition, the form and legal phraseology often used in patent claims, such as "means" and "said," should be avoided.

The abstract of the disclosure is objected to because it contains a phrase, i.e. “an embodiment” recited in the abstract, which implies that part of the invention is described the abstract. Examiner recommends removing the recitation of “embodiment” from the abstract.
The title of the invention is not descriptive: “INFORMATION PROCESSING DEVICE, INFORMATION PROCESSING SYSTEM, AND METHOD FOR CONTROLLING INFORMATION PROCESSING DEVICE”.  A new title is required that is clearly indicative of the invention to which the claims are directed. 

Claim Objections
Claim 1, 5 and 9 are objected to because of the following informalities:  
Claims 1, 5 and 9 recite “…request order information that enables identification of order of the update request… order comparison information that enables comparison of the order… compares the request order information and the order comparison information, and in a case where it has been determined that the order is authorized”.  Emphasis in bold-italic. While the aforementioned claims recite two order quantities, i.e.  order comparison information & request order information, and further recite comparison of the order, however, reciting “determined that the order is authorized” does not definitively indicate determining that the order of the “request order information” is authorized, as explicitly described in the specification in e.g. [0007] “in a case where it has been determined that the order of the update request is authorized”, and [0035] “updating order comparison information when an authorized update request message has been received”. Examiner recommends definitively clarifying the authorized order as described in the specification of the instant application. 
Appropriate correction is required.

Claim Interpretation
The following is a quotation of 35 U.S.C. 112(f):
(f) Element in Claim for a Combination. – An element in a claim for a combination may be expressed as a means or step for performing a specified function without the recital of structure, material, or acts in support thereof, and such claim shall be construed to cover the corresponding structure, material, or acts described in the specification and equivalents thereof. 

The following is a quotation of pre-AIA  35 U.S.C. 112, sixth paragraph:
An element in a claim for a combination may be expressed as a means or step for performing a specified function without the recital of structure, material, or acts in support thereof, and such claim shall be construed to cover the corresponding structure, material, or acts described in the specification and equivalents thereof.

The claims in this application are given their broadest reasonable interpretation using the plain meaning of the claim language in light of the specification as it would be understood by one of ordinary skill in the art.  The broadest reasonable interpretation of a claim element (also commonly referred to as a claim limitation) is limited by the description in the specification when 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, is invoked. 

(A)  the claim limitation uses the term “means” or “step” or a term used as a substitute for “means” that is a generic placeholder (also called a nonce term or a non-structural term having no specific structural meaning) for performing the claimed function; 
(B)  the term “means” or “step” or the generic placeholder is modified by functional language, typically, but not always linked by the transition word “for” (e.g., “means for”) or another linking word or phrase, such as “configured to” or “so that”; and 
(C)  the term “means” or “step” or the generic placeholder is not modified by sufficient structure, material, or acts for performing the claimed function. 
Use of the word “means” (or “step”) in a claim with functional language creates a rebuttable presumption that the claim limitation is to be treated in accordance with 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph. The presumption that the claim limitation is interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, is rebutted when the claim limitation recites sufficient structure, material, or acts to entirely perform the recited function. 
Absence of the word “means” (or “step”) in a claim creates a rebuttable presumption that the claim limitation is not to be treated in accordance with 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph. The presumption that the claim limitation is not interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth 
Claim limitations in this application that use the word “means” (or “step”) are being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, except as otherwise indicated in an Office action. Conversely, claim limitations in this application that do not use the word “means” (or “step”) are not being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, except as otherwise indicated in an Office action.
This application includes one or more claim limitations that do not use the word “means,” but are nonetheless being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, because the claim limitation(s) uses a generic placeholder that is coupled with functional language without reciting sufficient structure to perform the recited function and the generic placeholder is not preceded by a structural modifier.  Such claim limitation(s) are: “update unit” in claims 1-3 and 5-7, “verification unit” in claims 2 and 6, “key update unit” in claims 4 and 8, “update request unit” in claim 5 and “request order information update unit” in claim 5.
Note: storage unit stores, in a nonvolatile manner, indicates nonvolatile storage structure. Information processing device in claim base 5 includes structure, i.e. storage unit.
Because this claim limitation is being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, it is being interpreted to cover the corresponding structure described in the specification as performing the claimed function, and equivalents thereof.


Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b): 

(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.


The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:

The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.


Claims 1-8 is rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor, or for pre-AIA  the applicant regards as the invention. 
Claim 6 recites “wherein the update request is transmitted through a communication network by a management information processing device…verifies a signature by using a public key of the management information processing device”. 
 information processing device that is connected to the management server device through a communication network”
It is unclear how a management information processing device is different from the management server device recited in the base claim 5. 
For examination purpose, the examiner interprets the management information processing device as the management server, consistent with the specification of the instant application in Figure 1 and [0013, 0014, 0020-0021, 0031-0032] where the management server (13) in Figure 1 performs the transmission of the signed request, where the verification of the signature at the information processing device is performed by using the public key of the management server.
Claim limitations (“update unit” in claims 1-3 and 5-7, “verification unit” in claims 2 and 6, “key update unit” in claims 4 and 8, “update request unit” in claim 5 and “request order information update unit” in claim 5)  invoke 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph. However, the written description fails to disclose the corresponding structure, material, or acts for performing the entire claimed function and to clearly link the structure, material, or acts to the function. The specification is devoid of adequate structure to perform the claimed function.  In particular, the specification merely states the claimed functions of the aforementioned units, where the units are recited as part of a program modules in [0041], however, there is no disclosure of any particular structure, either explicitly or inherently, to perform the functions of the aforementioned units.  The use of the term “unit” is not adequate to structure for performing the function because performing the claimed function can be done in a number of ways, hardware, software program or combination, hence, “unit” does not describe a particular structure for the function and provide enough description for one of ordinary skill in the art to understand which “unit” structure or structures perform the claimed function. Therefore, the claim is indefinite and is rejected under 35 U.S.C. 112(b) or pre-AIA  35 U.S.C. 112, second paragraph. Dependent clams are also rejected based on dependency.
Applicant may:
(a)        Amend the claim so that the claim limitation will no longer be interpreted as a limitation under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph; 
(b)        Amend the written description of the specification such that it expressly recites what structure, material, or acts perform the entire claimed function, without introducing any new matter (35 U.S.C. 132(a)); or 
(c)        Amend the written description of the specification such that it clearly links the structure, material, or acts disclosed therein to the function recited in the claim, without introducing any new matter (35 U.S.C. 132(a)).
If applicant is of the opinion that the written description of the specification already implicitly or inherently discloses the corresponding structure, material, or acts and clearly links them to the function so that one of ordinary skill in the art would recognize what structure, material, or acts perform the claimed function, applicant should clarify the record by either: 

(b)        Stating on the record what the corresponding structure, material, or acts, which are implicitly or inherently set forth in the written description of the specification, perform the claimed function. For more information, see 37 CFR 1.75(d) and MPEP §§ 608.01(o) and 2181.

The following is a quotation of the first paragraph of 35 U.S.C. 112(a):
(a) IN GENERAL.—The specification shall contain a written description of the invention, and of the manner and process of making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it pertains, or with which it is most nearly connected, to make and use the same, and shall set forth the best mode contemplated by the inventor or joint inventor of carrying out the invention.

The following is a quotation of the first paragraph of pre-AIA  35 U.S.C. 112:
The specification shall contain a written description of the invention, and of the manner and process of making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it pertains, or with which it is most nearly connected, to make and use the same, and shall set forth the best mode contemplated by the inventor of carrying out his invention.

Claims 1-8 are rejected under 35 U.S.C. 112(a) or pre-AIA  35 U.S.C. 112, first paragraph, as failing to comply with the written description requirement. The claims contain subject matter which was not described in the specification in such a way as to reasonably convey to one skilled in the relevant art that the inventor or a joint inventor, or for pre-AIA  the inventor(s), at the time the application was filed, had possession of the claimed invention. As described above, the disclosure does not provide adequate structure to perform the claimed functions of the aforementioned units. The specification does not demonstrate that applicant has made an invention that achieves the claimed function because the invention is not described with sufficient detail such that one of ordinary skill in the art can reasonably conclude that the inventor had possession of the claimed invention.

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459 (1966), that are applied for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.


Claims 1, 3, 5, 7, 9 and 11 are rejected under 35 U.S.C. 103 as being unpatentable over Adler (US 20170359717 A1), hereinafter Adler in view of Yamanaka et.al (US 20120239937 A1), hereinafter Yamanaka.
	
Regarding claim 1, Adler teaches an information processing device that updates its own secret key according to an update [request] including request order information that enables identification of order of the update [request] (Adler [0089] “…the third stage 503 shows that accessory 120 responds with an encrypted message 555…the encrypted message 555 also includes an unencrypted header 560 that contains the counter 9 (i.e. request order information).”, [0090] “Ratcheting module 535 of device 510 uses the stored shared key LK2 with counter 6, and the counter 9 received in the unencrypted header from accessory 120, to generate an updated shared key LK2' with incremented counter 9. The stored shared key LK2 is ratcheted based on the counters stored at the device 510 and received from the accessory 120…the ratcheting module 535 ratchets the shared key LK2 three times, incrementing the counter, to synchronize the shared keys at the device 110 and the accessory device 120. The ratcheted key LK2', with counter 9, now matches the corresponding link key LK2' at accessory 120 and is then used to generate the derived key to decrypt the encrypted message 555.”
Adler discloses in Figure 5B STAGE (503) a device 510, i.e. information processing device, which receives message (in contrast with request) that includes (560) counter 9 value, corresponding to request order information, where the counter information enables identification of the order of the updated link key by the device 510, where the updated link key is used for deriving the updated devices encryption/decryption key, where the device 510 should update its own key according to the counter value, i.e. order information, included in the received message (555-560), Figure 5B STAGE (503) illustrates that the device initially stored in 515 its link key, Lk2, with the order 6, then, receiving the message (555-560) with the counter 9 order information, enables the device 510 to compare its initially stored counter 6 and received counter 9, and accordingly work on synchronizing the link keys on both devices, and update the Lk2 to Lk2’, where Lk2’ is associated with counter order 9 and store LK2’ and its associated order 9 in Figure 5B, stage 504. 
the information processing device comprising: 
a storage unit that stores, in a nonvolatile manner, [a master secret key], the secret key, and order comparison information that enables comparison of the order (Adler Figure 5B (503) illustrates device 510 comprising storage 515 storing secret key LK2 and its associated counter 6, corresponding to order comparison information, [0088] “…device 510 stores information 515 for a link key LK2 associated with accessory 120 for a particular user account associated with the device 510. The information 515 includes a hint H2, a shared link key LK2, and a counter 6.”); and 
[by using the master secret key] (Adler discloses [0090] “Ratcheting module 535 (i.e. an update unit) of device 510 uses the stored shared key LK2 with counter 6 (i.e. order comparison information), and the counter 9 (i.e. request order information) received in the unencrypted header from accessory 120, to generate an updated shared key LK2' with incremented counter 9. The stored shared key LK2 is ratcheted based on the counters stored at the device 510 and received from the accessory 120. In this example, the ratcheting module 535 ratchets the shared key LK2 three times, incrementing the counter, to synchronize the shared keys at the device 110 and the accessory device 120. The ratcheted key LK2', with counter 9, now matches the corresponding link key LK2' at accessory 120 and is then used to generate the derived key (i.e. updated secret key) to decrypt the encrypted message 555.”, where the Ratcheting module 535 identifies that counter 6 needs is compared with counter 9 and accordingly increment three times before updating the LK2, in order to eventually update the LK2, and updating the counter 9 to be used in place of the counter 6 by storing the counter 9 in 515 as illustrated in Figure 5 (515) in stage (504), where Adler discloses that the previous LKs and their associated counter are deleted as disclosed in [0085],
the above process is performed after ensuring that the received counter is not tampered with, i.e. authorized, [0090] “in order to ensure that the counter is not tampered with, the encrypted message 555 of some embodiments is encrypted with a validation value (e.g., a checksum) that is used to validate the integrity of the header 560 and the encrypted portion 555.”).  
	Adler discloses the aforementioned limitations, where the above described transmitted message of Adler includes counter, i.e. update order information, which is compared with a stored counter, i.e. order comparison information, in order to update a secret key for encryption/decryption. While Adler teaches the above message, which includes the same content and performs the same purpose as a request, however, Adler does not explicitly disclose that the above message is a request, and that updating the secret key using stored master key. Emphasis in italic.
	Yamanaka from analogues field of invention teaches a user terminal device updating its secret key according to an update request and update processing of the secret key is performed by using the master secret key, where the  master secret key is stored in nonvolatile storage (Yamanaka Figure 11, [0070] “Subsequently, the control unit 11 generates the secret key sk_i by using a master key sk* included in the key set stored in the key set storage unit 14”, [0083] “First, in the application server 30, the control unit 31 transmits a "secret key update application" command (i.e. update request) to the user terminal 10 via the transmitting/receiving unit 32 (step S91).”, [0084] “In the user terminal 10, when the transmitting/receiving unit 12 receives the secret key update application command from the application server 30 (step S101), the control unit 11 verifies the authentication information contained in the secret key update application command (step S102) to confirm the authenticity of the application server 30 (step S103).”, [0086] “Subsequently, the key update information generating unit 18 generates key update information upd_[i,j] by using the master key sk* included in the key set stored in the key set storage unit 14”, [0087] “Then, the control unit 11 transmits the key update information upd_[i,j] generated in step S106, the new index j to be used to update the secret key”).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Adler to incorporate the teaching of Yamanaka to utilize the above feature, with the motivation of reducing leakage to secret keys, as recognized by (Yamanaka [0005, 0029]).

Claim 9 is directed to a method claim, associated with the information processing device claimed in claim 1. Claim 9 is similar in scope to claim 1, and is therefore rejected with the same rationale and motivation as claim 1. 

Regarding claim 3, Adler in view of Yamanaka teaches the information processing device according to claim 1, wherein the update unit replaces the order comparison information with the request order information (Adler [0085] “The eighth stage 408 shows that the devices store the updated link keys LK2' with the incremented counters (i.e. request order information). The previous versions of the link keys are deleted permanently.”, as illustrated in Figure 4C stage 408, the device 110 stores the updated LK2’ and its associated counter 9, i.e. request order information, where the previous LK2 and its associated counter 8 illustrated in the previous stage, Figure 4C stage 407 deleted from device 110 in stage 408).  

Claim 11 is directed to a method claim, associated with the information processing device claimed in claim 3. Claim 11 is similar in scope to claim 3, and is therefore rejected with the same rationale and motivation as claim 3. 

Regarding claim 5, Adler teaches an information processing system comprising: 
a management server device that includes a request order information update unit that, when an update [request] including request order information that enables identification of order of the update [request] is generated, updates the request order information (Adler discloses in Figure 5B accessory 120 corresponding to a management server device, where the accessory can be a receiving device, where the receiving electronic device referred to a server as disclosed in [0005 and 0121], the accessory 120 includes a mechanism to update the key and its associated counter, while device 510 may not be able to when its not connected, e.g. lost access, as disclosed in [0086], Figure 5B stage 503 illustrates the accessory has updated its LK2’ and its associated counter 9, i.e. order information, where the updating process/mechanism at the accessory is performed [0088] “…each of the devices ratchets the key and updates the ratcheted key associated with the account. Meanwhile, the key stored on device 510 has not been ratcheted and will remain out of sync, until it is synchronized with the network 130 (e.g., when the device initiates another connection with the accessory while connected to the cloud service).”, the updating of the LK2’ and it associated counter 9, i.e. order information, at the accessory 120 is performed by a mechanism corresponding to the update unit), and 
an update request unit that transmits the generated update [request] (Adler discloses in [0089] and Figure 5B stage 503 transmitting a message (555 and 560) by the accessory 120, where the message (555 and 560) includes the updated/generated counter/order information); and 
an information processing device that is connected to the management server device through a communication network (Adler discloses in Figure 5B communication network between accessory, i.e. management server device, and device 510, i.e. information processing device), and 
updates its own secret key according to the update [request] (Adler Figure 5B and [0089] “…the third stage 503 shows that accessory 120 responds with an encrypted message 555…the encrypted message 555 also includes an unencrypted header 560 that contains the counter 9 (i.e. request order information).”, [0090] “Ratcheting module 535 of device 510 uses the stored shared key LK2 with counter 6, and the counter 9 received in the unencrypted header from accessory 120, to generate an updated shared key LK2' with incremented counter 9. The stored shared key LK2 is ratcheted based on the counters stored at the device 510 and received from the accessory 120…the ratcheting module 535 ratchets the shared key LK2 three times, incrementing the counter, to synchronize the shared keys at the device 110 and the accessory device 120. The ratcheted key LK2', with counter 9, now matches the corresponding link key LK2' at accessory 120 and is then used to generate the derived key to decrypt the encrypted message 555.”), 
wherein the information processing device includes: 
a storage unit that stores, in a nonvolatile manner, [a master secret key], the secret key, and order comparison information that enables comparison of the order (Adler Figure 5B (503) illustrates device 510 comprising storage 515 storing secret key LK2 and its associated counter 6, corresponding to order comparison information, [0088] “…device 510 stores information 515 for a link key LK2 associated with accessory 120 for a particular user account associated with the device 510. The information 515 includes a hint H2, a shared link key LK2, and a counter 6.”); and 
an update unit that, in a case where the update [request] has been made, compares the request order information and the order comparison information, and in a case where it has been determined that the order is authorized, updates the order comparison information to information corresponding to the request order information before update processing of the secret key is performed [by using the master secret key] (Adler discloses [0090] “Ratcheting module 535 (i.e. an update unit) of device 510 uses the stored shared key LK2 with counter 6 (i.e. order comparison information), and the counter 9 (i.e. request order information) received in the unencrypted header from accessory 120, to generate an updated shared key LK2' with incremented counter 9. The stored shared key LK2 is ratcheted based on the counters stored at the device 510 and received from the accessory 120. In this example, the ratcheting module 535 ratchets the shared key LK2 three times, incrementing the counter, to synchronize the shared keys at the device 110 and the accessory device 120. The ratcheted key LK2', with counter 9, now matches the corresponding link key LK2' at accessory 120 and is then used to generate the derived key (i.e. updated secret key) to decrypt the encrypted message 555.”, where the Ratcheting module 535 identifies that counter 6 needs is compared with counter 9 and accordingly increment three times before updating the LK2, in order to eventually update the LK2, and updating the counter 9 to be used in place of the counter 6 by storing the counter 9 in 515 as illustrated in Figure 5 (515) in stage (504), where Adler discloses that previous LKs and their associated counter are deleted as disclosed in [0085]
the above process is performed after ensuring that the received counter is not tampered with, i.e. authorized, [0090] “in order to ensure that the counter is not tampered with, the encrypted message 555 of some embodiments is encrypted with a validation value (e.g., a checksum) that is used to validate the integrity of the header 560 and the encrypted portion 555.”).
Adler discloses the aforementioned limitations, where the above described transmitted message of Adler includes counter, i.e. update order information, which is contracted with a stored counter, i.e. order comparison information, in order to update a secret key for encryption/decryption. While Adler teaches the above message, which includes the same content and performs the same purpose as a request, however, Adler does not explicitly disclose that the above message is a request, and that updating the secret key using stored master key. Emphasis in italic.
request and update processing of the secret key is performed by using the master secret key, where the  master secret key is stored in nonvolatile storage (Yamanaka Figure 11, [0070] “Subsequently, the control unit 11 generates the secret key sk_i by using a master key sk* included in the key set stored in the key set storage unit 14”, [0083] “First, in the application server 30, the control unit 31 transmits a "secret key update application" command (i.e. update request) to the user terminal 10 via the transmitting/receiving unit 32 (step S91).”, [0084] “In the user terminal 10, when the transmitting/receiving unit 12 receives the secret key update application command from the application server 30 (step S101), the control unit 11 verifies the authentication information contained in the secret key update application command (step S102) to confirm the authenticity of the application server 30 (step S103).”, [0086] “Subsequently, the key update information generating unit 18 generates key update information upd_[i,j] by using the master key sk* included in the key set stored in the key set storage unit 14”, [0087] “Then, the control unit 11 transmits the key update information upd_[i,j] generated in step S106, the new index j to be used to update the secret key”).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Adler to incorporate the teaching of Yamanaka to utilize the above feature, with the motivation of reducing leakage to secret keys, as recognized by (Yamanaka [0005, 0029]).

Regarding claim 7, Adler in view of Yamanaka teaches the information processing system according to claim 5, wherein the update unit replaces the order comparison information with the request order information (Adler [0085] “The eighth stage 408 shows that the devices store the updated link keys LK2' with the incremented counters (i.e. request order information). The previous versions of the link keys are deleted permanently.”, as illustrated in Figure 4C stage 408, the device 110 stores the updated LK2’ and its associated counter 9, i.e. request order information, where the previous LK2 and its associated counter 8 illustrated in the previous stage, Figure 4C stage 407 deleted from device 110 in stage 408).   

Claims 2, 6 and 10 are rejected under 35 U.S.C. 103 as being unpatentable over Adler in view of Yamanaka, and further in view of Athmalingam et. al. (US 20200195431 A1), hereinafter Athmalingam.

Regarding claim 2, Adler in view of Yamanaka teaches the information processing device according to claim 1, 
wherein, the update [request] is transmitted through a communication network by a management information processing device (Adler illustrates in Figure 5B transmitting, through communication protocol network e.g. [0029], message (560-555) which is responsible for updating the LK2 at the device 510 corresponding to the information processing device, where the updated LK2 used to generate updated key, as described in [0090], where the message is transmitted through the accessory device as disclosed in [0089], where the accessory corresponds to management information processing device as described in [0005 and 0121]), 
[the information processing device includes a verification unit that verifies a signature by using a public key of the management information processing device, the signature having been given to the update request], and 
in a case where the verification has been succeeded, the update unit compares the request order information and the order comparison information (Adler [0013, 0039, 0075, 0090, 0097], e.g. [0090] “the encrypted message 555 of some embodiments is encrypted with a validation value (e.g., a checksum) that is used to validate the integrity of the header 560 and the encrypted portion 555.”, where verification/validation is a condition of performing the link key updates, [0097] “…the message cannot be decrypted when the validation value is modified”, once validated, the comparison between the received counter 9 and stored center 6, corresponding to request order information and the order comparison information, respectively, is reformed and accordingly incrementing counter 6 three times to synchronize the link key and replace counter 9 value with counter 9 value, as disclosed in [0090]).
 Adler does not disclose the update request as discussed in claim1.
 Yamanaka discloses update request as described in claim 1, rational and motivation in claim 1 applies.
Adler discloses that the update message transmitted to the device 510 is verified by a verification mechanism, construed as a verification unit, to ensure that the message with the counter is not tampered with and ensuring that the message is not checksum or hash is used or an encryption function is used as further described in [0097]. However, Adler does not use the use of signature on the message using public key of the sending device, i.e. accessory device.
Yamanaka further discloses the server generating signing a data request using the signature data generating unit illustrated in Figure 7(34), where the signature is verified by the signature verifying unit of the data store illustrated in Figure 5 (24) and Figure 10 (S83), disclosed in [0078 and 0081] using the public key of the server. However, Yamanaka does not disclose that the verification is performed at the user terminal, i.e. information processing device.
Athmalingam discloses the information processing device includes a verification unit that verifies a signature by using a public key of the management information processing device, the signature having been given to the update request (Athmalingam Figure 7 [0049] “At operation 720, the first IPsec networking device may decrypt the received incoming security key update request transaction (e.g., digitally signed message) to verify that the second IPsec networking device is the source of the request. For example, the first IPsec networking device may apply the second IPsec networking device's public key”, where validation is required to update the key request, where the mechanism corresponding to verifying/validating signature corresponds to the verification unit).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Adler in view of Yamanaka to 

Claim 10 is directed to a method claim, associated with the information processing device claimed in claim 2. Claim 10 is similar in scope to claim 2, and is therefore rejected with the same rationale and motivation as claim 2.

Regarding claim 6, Adler in view of Yamanaka teaches the information processing system according to claim 5, wherein the update [request] is transmitted through a communication network by a management information processing device (Adler illustrates in Figure 5B transmitting, through communication protocol network e.g. [0029], message (560-555) which is responsible for updating the LK2 at the device 510 corresponding to the information processing device, where the updated LK2 used to generate updated key, as described in [0090], where the message is transmitted through the accessory device as disclosed in [0089], where the accessory corresponds to management information processing device as described in [0005 and 0121]), 
[the information processing device includes a 16Docket No. PTCA-19181-USfinal verification unit that verifies a signature by using a public key of the management information processing device, the signature having been given to the update request], and 
in a case where the verification has been succeeded, the update unit compares the request order information and the order comparison information (Adler [0013, 0039, 0075, 0090, 0097], e.g. [0090] “the encrypted message 555 of some embodiments is encrypted with a validation value (e.g., a checksum) that is used to validate the integrity of the header 560 and the encrypted portion 555.”, where verification/validation is a condition of performing the link key updates, [0097] “…the message cannot be decrypted when the validation value is modified”, once validated, the comparison between the received counter 9 and stored center 6, corresponding to request order information and the order comparison information, respectively, is reformed and accordingly incrementing counter 6 three times to synchronize the link key and replace counter 9 value with counter 9 value, as disclosed in [0090]).
Adler does not disclose the update request as discussed in claim1.
Yamanaka discloses update request as described in claim 1, rational and motivation applies.
Adler discloses that the update message transmitted to the device 510 is verified by a verification mechanism, construed as a verification unit, to ensure that the message with the counter is not tampered with and ensuring that the message is not modified and authentic from the sending device as described in [0039, 0075, and 0090, 0097], where a validation value such as checksum or hash is used or an encryption function as further described in [0097]. However, Adler does not use the use of signature on the message using public key of the sending device, i.e. accessory device.
Yamanaka further discloses the server generating signing a data request using the signature data generating unit illustrated in Figure 7(34), where the signature is verified by the signature verifying unit of the data store illustrated in Figure 5 (24) and Figure 10 (S83), disclosed in [0078 and 0081] using the public key of the server. 
Athmalingam discloses the information processing device includes a 16Docket No. PTCA-19181-USfinal verification unit that verifies a signature by using a public key of the management information processing device, the signature having been given to the update request (Athmalingam Figure 7 [0049] “At operation 720, the first IPsec networking device may decrypt the received incoming security key update request transaction (e.g., digitally signed message) to verify that the second IPsec networking device is the source of the request. For example, the first IPsec networking device may apply the second IPsec networking device's public key”, where validation is required to update the key request, where the mechanism corresponding to verifying/validating signature corresponds to the verification unit).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Adler in view of Yamanaka to incorporate the teaching of Athmalingam to utilize the above feature, with the motivation of verifying the source of the request, as recognized by (Athmalingam [0049]).


Claims 4, 8 and 12 are rejected under 35 U.S.C. 103 as being unpatentable over Adler in view of Yamanaka, and further in view of Narimoto et. al. (US 20180076958 A1), hereinafter Narimoto.
 
 Regarding claim 4, Adler in view of Yamanaka teaches the information processing device according to claim 1, further comprising a key update unit that [decrypts the update request by using the master secret key], generates a new secret key, and updates the secret key (Adler discloses [0090] “Ratcheting module 535 (i.e. an update unit) of device 510 uses the stored shared key LK2 with counter 6 (i.e. order comparison information), and the counter 9 (i.e. request order information) received in the unencrypted header from accessory 120, to generate an updated shared key LK2' with incremented counter 9. The stored shared key LK2 is ratcheted based on the counters stored at the device 510 and received from the accessory 120. In this example, the ratcheting module 535 ratchets the shared key LK2 three times, incrementing the counter, to synchronize the shared keys at the device 110 and the accessory device 120. The ratcheted key LK2', with counter 9, now matches the corresponding link key LK2' at accessory 120 and is then used to generate the derived key (i.e. updated secret key) to decrypt the encrypted message 555.”, where the derived key, corresponding to the new secret key, is derived based on the synchronized link key as disclosed [0038] “derived key (derived from the synchronized link keys)”, where the “key deriver” that generates/derives the derived key based on the link key corresponds to key update unit).
Adler in view of Yamanaka disclose that the message/request for updating the secret key is authenticated, e.g. [0090] of Adler discloses the decryption of the encrypted message, and further illustrates in [0097] that the message is encrypted with 
Narimoto discloses decrypts the update request by using the master secret key (Narimoto discloses decrypting a key update request message with a particular key B which is generated from a master key [0072] “…the key issuing server 9 receives the message from the onboard apparatus 5 and decrypts the received message with use of the authentication key B. When the decrypted message corresponds to a key update request message”, [0048] The key issuing server 9 and the onboard apparatus 5 execute mutual authentication with use of an authentication key, which will hereinafter be called an authentication key B. The authentication key B is generated from a master key and an ID unique to the onboard apparatus 5 or the like.”).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Adler in view of Yamanaka to incorporate the teaching of Narimoto to utilize the above feature, with the motivation of executing mutual authentication between server and onboard apparatus, as recognized by (Narimoto [0048]).

Claim 12 is directed to a method claim, associated with the information processing device claimed in claim 4. Claim 12 is similar in scope to claim 4, and is therefore rejected with the same rationale and motivation as claim 4. 

Regarding claim 8, Adler in view of Yamanaka teaches the information processing system according to claim 5, wherein the information processing device includes a key update unit that [decrypts the update request by using the master secret key], generates a new secret key, and updates the secret key (Adler discloses [0090] “Ratcheting module 535 (i.e. an update unit) of device 510 uses the stored shared key LK2 with counter 6 (i.e. order comparison information), and the counter 9 (i.e. request order information) received in the unencrypted header from accessory 120, to generate an updated shared key LK2' with incremented counter 9. The stored shared key LK2 is ratcheted based on the counters stored at the device 510 and received from the accessory 120. In this example, the ratcheting module 535 ratchets the shared key LK2 three times, incrementing the counter, to synchronize the shared keys at the device 110 and the accessory device 120. The ratcheted key LK2', with counter 9, now matches the corresponding link key LK2' at accessory 120 and is then used to generate the derived key (i.e. updated secret key) to decrypt the encrypted message 555.”, where the derived key, corresponding to the new secret key, is derived based on the synchronized link key as disclosed [0038] “derived key (derived from the synchronized link keys)”, where the “key deriver” that generates/derives the derived key based on the link key corresponds to key update unit).  
Adler in view of Yamanaka disclose that the message/request for updating the secret key is authenticated, e.g. [0090] of Adler discloses the decryption of the encrypted message, and further illustrates in [0097] that the message is encrypted with 
Narimoto discloses decrypts the update request by using the master secret key (Narimoto discloses decrypting a key update request message with a particular key B which is generated from a master key [0072] “…the key issuing server 9 receives the message from the onboard apparatus 5 and decrypts the received message with use of the authentication key B. When the decrypted message corresponds to a key update request message”, [0048] The key issuing server 9 and the onboard apparatus 5 execute mutual authentication with use of an authentication key, which will hereinafter be called an authentication key B. The authentication key B is generated from a master key and an ID unique to the onboard apparatus 5 or the like.”).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Adler in view of Yamanaka to incorporate the teaching of Narimoto to utilize the above feature, with the motivation of executing mutual authentication between server and onboard apparatus, as recognized by (Narimoto [0048]).
Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure:
Kocher (US 7506165 B2) discloses, Figure 1, updating a key in accordance with a counter and deleting old key values to ensure that future leakage cannot reveal information about the now-deleted key.

Roth (US 9106405 B1) discloses, e.g. Figure 6, sending a key request update and process request upon validation.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to BASSAM A NOAMAN whose telephone number is (571)272-2705.  The examiner can normally be reached on Monday-Friday 8:30 AM-5:00PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Eleni A. Shiferaw can be reached on (571) 272-3867.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). 






/BASSAM A NOAMAN/Examiner, Art Unit 2497