DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Information Disclosure Statement
The information disclosure statement (IDS) submitted on 11/4/20 and 11/14/20 are in compliance with the provisions of 37 CFR 1.97.  Accordingly, the information disclosure statement is being considered by the examiner. 
Response to Arguments
Applicant’s arguments, filed 12/14/2020, with respect to the rejection(s) of claim(s) 1-41 been fully considered and are persuasive.  Therefore, the rejection has been withdrawn.  However, upon further consideration, a new ground(s) of rejection is made in view of Lambert (US 20130246792).
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
Claims 1-4, 19, 28-30, and 40 are rejected under 35 U.S.C. 103 as being unpatentable over Rosati (US 20130046976) in view of Lambert (US 20130246792).
As per claims 1, 29 and 40, Rosati discloses a method, performed in a wireless device, for obtaining initial access to a network in order to establish a connection to a server connected to the network, the wireless device storing a device public key and a device private key, the server storing the device public key, the method comprising:
 transmitting an initial access request to a network node of the network (Rosati, Para. 0021, user initially requests access to the private network; Para. 0026); 
receiving an authentication request from the network node, the authentication request comprising a challenge (Rosati, Para. 0021, initiating a challenge/response protocol and having a challenge sent to the mobile communication device after receiving a request from a private network client); 
transmitting an authentication response to the network node, the authentication response comprising the device authenticator (Rosati, Para. 0028, To respond to the challenge received from the authentication server, the cryptographic module on the mobile device obtains a PIN from the user. The cryptographic module uses the entered PIN, and private value such as a private key a stored on the mobile device in a secure location, to sign the challenge, and returns a response, the response including the signed challenge.); 
receiving an initial access response from the network node, the initial access response comprising an indicator of whether the initial access has been granted or denied (Rosati, Para. 0028, The authentication server receives the response and verifies the signature on the challenge. If the signature can be verified, the authentication server confirms verification with the VPN gateway. The VPN gateway then allows access to the private network.); and 
Rosati does not disclose; however, Lambert discloses generating a device authenticator based on the challenge and the device public key (Lambert, Para. 0048, The second device 150 authenticates the other device based on the identification. The first device 110 and the second device 150 are acquainted devices. The second device 150 keeps information, such as identification ID-A, public key A, and the like, of the first device 110 in an entry within an internal database. The second device 150 looks up the extracted value in the internal database. When the extracted value corresponds to the entry of the first device 110, the second device 150 determines that the first device 110 is the source device of the received MAC frame, and processes the received MAC frame accordingly).
Therefore, it would have been obvious to one ordinary skilled in the art before the effective filing date of the claimed invention to incorporate the teaching of Lambert with the system and method of Rosati given the benefit of conducting the communication in a secure manner. 
As per claim 2, Rosati does not disclose; however, Lambert discloses the method according to claim 1, wherein transmitting comprises generating a device identifier based on the device public key (Lambert, Para. 0004, generating an identification based on a public key of an asymmetric key pair for a device, including the identification into an information unit to identify the device as a source of the information unit and transmitting the information unit.); and 
(Lambert, Para. 0004, generating an identification based on a public key of an asymmetric key pair for a device, including the identification into an information unit to identify the device as a source of the information unit and transmitting the information unit.)
Therefore, it would have been obvious to one ordinary skilled in the art before the effective filing date of the claimed invention to incorporate the teaching of Lambert with the system and method of Rosati given the benefit of conducting the communication in a secure manner. 
As per claim 3, Rosati does not disclose; however, Lambert discloses the method according to claim 2, wherein generating the device identifier comprises receiving an identity request from the network node (Lambert, Para. 0004, generating an identification based on a public key of an asymmetric key pair for a device, including the identification into an information unit to identify the device as a source of the information unit and transmitting the information unit.)
Therefore, it would have been obvious to one ordinary skilled in the art before the effective filing date of the claimed invention to incorporate the teaching of Lambert with the system and method of Rosati given the benefit of conducting the communication in a secure manner. 
As per claims 4 and 30, Rosati  does not disclose; however, Lambert discloses the method according to claim 1, wherein the authentication request further comprises a network authenticator, and wherein the network authenticator provides a proof of the server's possession of the device public key, the method further comprising verifying the authentication request based on the network authenticator and the device public key (Lambert, Para. 0048, The second device 150 authenticates the other device based on the identification. The first device 110 and the second device 150 are acquainted devices. The second device 150 keeps information, such as identification ID-A, public key A, and the like, of the first device 110 in an entry within an internal database. The second device 150 looks up the extracted value in the internal database. When the extracted value corresponds to the entry of the first device 110, the second device 150 determines that the first device 110 is the source device of the received MAC frame, and processes the received MAC frame accordingly).
Therefore, it would have been obvious to one ordinary skilled in the art before the effective filing date of the claimed invention to incorporate the teaching of Lambert with the system and method of Rosati given the benefit of conducting the communication in a secure manner. 
Lambert does not disclose; however, Rosati discloses proceeding to the step of generating upon successful verification (Rosati, Para. 0035, The authentication server also includes a communication subsystem for communicating with either the mobile device or the VPN gateway for sending a challenge, and receiving a response. The communication subsystem may also be used to receive an authentication initiation request from the VPN gateway and return a confirmation of verification or rejection of the response to the VPN gateway. ).
Therefore, it would have been obvious to one ordinary skilled in the art before the effective filing date of the claimed invention to incorporate the teaching of Rosati with the system and method of Lambert given the benefit of conducting the communication in a secure manner. 
As per claim 19, Rosati discloses the method according to claim 1, the credential comprises a server public key, a server certificate, a certificate authority, CA, certificate for one or more servers configured to communicate with the device, a device certificate, a symmetric key and/or an identifier (Rosati, Para. 0024, private/public key pair and certificate authority (CA); Para. 0028, PIN). 
As per claim 28, Rosati discloses the method according to claim 1, wherein the network is a home network, an enterprise network and/or a visited network (Rosati, Para. 0024, enterprise network). 
Claims 5 and 31 are rejected under 35 U.S.C. 103 as being unpatentable over Rosati (US 20130046976) in view of Lambert (US 20130246792) in view of Stirbu (US 20030200433).
 As per claims 5 and 31, Rosati and Lambert do not disclose; however, Stirbu discloses the method according to claim 1, wherein the verification of the authentication request is performed according to an Authentication and Key Agreement, AKA, protocol using a shared secret derived from the device public key (Stirbu, Para. 0032, while public key encryption only authenticates and encrypts some parameters, AKA authenticates the peers and provides an integrity key (IK) as an input to the formula used to calculate a shared secret, )). 
Therefore, it would have been obvious to one ordinary skilled in the art before the effective filing date of the claimed invention to incorporate the teaching of Stirbu with the system and method of Rosati and Lambert given the benefit of authenticating a network equipment by determining whether to initiate the authentication request or to respond with the authentication access. 

Claims 6, 32 are rejected under 35 U.S.C. 103 as being unpatentable over Rosati (US 20130046976) in view of Lambert (US 20130246792) in view of Yamada (US 20130246281).
As per claims 6 and 32, Rosati and Lambert do not disclose; however, Yamada discloses the method according to claim 1, wherein generating the device authenticator comprises deriving a shared secret from the device public key and generating the device authenticator using the AKA protocol taking the challenge and the derived shared secret as input  (Yamada, Para. 0049-0050, The user identification information certificate storage module stores a user identification information certificate issued to a user of the user terminal by a third-party organization in accordance with a public key encryption method. The user identification information certificate includes a certificate body and a digital signature generated for the certificate body by a secret key to the third-party organization. The authenticator generating module of at least one of the unit devices generates the authenticator by the use of the secret information in accordance with the equipment certificate, the evaluation report, the challenge value, the user identification information certificate, and the execution result.).
Therefore, it would have been obvious to one ordinary skilled in the art before the effective filing date of the claimed invention to incorporate the teaching of Yamada with the system and method of Rosati and Lambert given the benefit of verifying the user identification information and the execution result that indicates properness when all the verification results are proper. 
Claims 7-11, 15, 17, 20-27, 33-39 and 41 are rejected under 35 U.S.C. 103 as being unpatentable over Rosati (US 20130046976) in view of Lambert (US 20130246792) in view of Horn (US 20110004762).
As per claim 7, Rosati and Lambert do not disclose; however, Horn discloses the method according to claim 1, the method comprising generating a session key to enable the secure provisioning of a credential from the server (Horn, Para. 0035, session key). 
Therefore, it would have been obvious to one ordinary skilled in the art before the effective filing date of the claimed invention to incorporate the teaching of Horn with the system and method of Rosati and Lambert given the benefit of preventing an attacker from impersonating a serving network entity .
As per claim 8, Rosati and Lambert do not disclose; however, Horn discloses the the method according to claim 7, wherein the session key comprises a cipher key and/or an integrity key (Horn, Para. 0008, The EPS AKA produces keys forming a basis for user plane and control plane protection (ciphering, integrity).). 
Therefore, it would have been obvious to one ordinary skilled in the art before the effective filing date of the claimed invention to incorporate the teaching of Horn with the system and method of Rosati and Lambert given the benefit of preventing an attacker from impersonating a serving network entity .
As per claim 9, Rosati and Lambert do not disclose; however, Horn discloses the method according to claim 2, wherein generating the device identifier comprises generating a temporary device network identifier based on the device identifier (Horn, Para. 0084-0085, The AAA server may send the IMSI within the AA-Answer, if the Authorization Request message in step a contains a temporary identity, i.e. if an AA-Request does not contain the IMSI.). 
Therefore, it would have been obvious to one ordinary skilled in the art before the effective filing date of the claimed invention to incorporate the teaching of Horn with the 
As per claims 10 and 34, Rosati and Lambert do not disclose; however, Horn discloses the method according to claim 9, wherein generating the temporary device network identifier comprises encoding the device identifier to match a network identifier format, wherein the network identifier format comprises a cellular network identifier format and/or a wireless local area network identifier format (Horn, Para. 0065, the authenticator 20 in the access network sends the EAP Response/AKA-Challenge message to the AAA server 30. In step S118 the AAA server 30 checks the received MAC and compares XRES to the received RES.).
Therefore, it would have been obvious to one ordinary skilled in the art before the effective filing date of the claimed invention to incorporate the teaching of Horn with the system and method of Rosati  and Lambert given the benefit of preventing an attacker from impersonating a serving network entity .
As per claim 11, Rosati and Lambert do not disclose; however, Horn discloses the method according to claim 2, wherein generating the device identifier further comprises receiving an additional identity request from the network, generating an additional temporary device network identifier and sending an additional temporary device network identifier in an additional identity response (Horn, Para. 0084-0085, The AAA server may send the IMSI within the AA-Answer, if the Authorization Request message in step a contains a temporary identity, i.e. if an AA-Request does not contain the IMSI.). 
Therefore, it would have been obvious to one ordinary skilled in the art before the effective filing date of the claimed invention to incorporate the teaching of Horn with the 
As per claim 15, Rosati and Lambert do not disclose; however, Horn discloses the method according to claim 1, the method further comprising generating a device nonce (Para. 0071, generating nonce), and transmitting the device nonce in the authentication response to the network node (Horn, Para.0072, exchanging nonces ). 
Therefore, it would have been obvious to one ordinary skilled in the art before the effective filing date of the claimed invention to incorporate the teaching of Horn with the system and method of Rosati, Lambert, given the benefit of preventing an attacker from impersonating a serving network entity .
As per claim 17, Rosati, discloses the method according to claim 15, wherein receiving an authentication request from the network node comprises receiving a first authentication request comprising a challenge and a second authentication request comprising a network authenticator, wherein the network authenticator is generated based on the device nonce (Rosati, Para. 0028, To respond to the challenge received from the authentication server, the cryptographic module on the mobile device obtains a PIN from the user. The cryptographic module uses the entered PIN, and private value such as a private key a stored on the mobile device in a secure location, to sign the challenge, and returns a response, the response including the signed challenge.)
As per claims 20, 35 and 41, Rosati discloses a method, performed in a network node, for providing initial network access to a wireless device, the network node being connected to a first server storing a device public key of the wireless device and to a second server, the method comprising: 
Rosati, Para. 0027, request access to network);
obtaining, from the second server, authentication data corresponding to the device network identifier, the authentication data comprising a challenge (Rosati, Para. 0037-0038, The VPN gateway receives the request and in addition to establishing a secure channel with the VPN client, initiates authentication of a user associated with the request. The authentication server after detecting a request to initiate an authentication initiates a challenge/response protocol by generating a challenge by generating a random number. The authentication server then sends the challenge over-the-air to the mobile device, and the mobile device receives the challenge. The mobile device after receiving the challenge obtains the PIN from the user, e.g. by requesting entry of the PIN through the authentication UI. The cryptographic module may then generate a response using the challenge, the private key a, and the PIN. ); 
transmitting an authentication request to the wireless device, the authentication request comprising the challenge (Rosati, Para. 0028, To respond to the challenge received from the authentication server); 
 verifying the received authentication response based on the device authenticator and the authentication data (Rosati, Para. 0028, The authentication server receives the response and verifies the signature on the challenge. If the signature can be verified, the authentication server confirms verification with the VPN gateway. The VPN gateway then allows access to the private network.); 
(Rosati, Para. 0028, The authentication server receives the response and verifies the signature on the challenge.);
Rosati does not disclose; however, Lambert discloses receiving an authentication response from the wireless device, the authentication response comprising a device authenticator, the device authenticator being based on the challenge and the device public key (Lambert, Para. 0004, generating an identification based on a public key of an asymmetric key pair for a device, including the identification into an information unit to identify the device as a source of the information unit and transmitting the information unit.)
Therefore, it would have been obvious to one ordinary skilled in the art before the effective filing date of the claimed invention to incorporate the teaching of Lambert with the system and method of Rosati given the benefit of conducting the communication in a secure manner. 
Rosati and Lambert do not disclose; however, Horn discloses determining a device network identifier of the wireless device (Horn, Para. 0062, The UE derives required additional new keying material, including the key MSK, from the new computed IK and CK (i.e. CK_new, IK_new) in the same way as the AAA server, and checks the received MAC with the new derived keying material. If a protected pseudonym and/or re-authentication identity were received, then the UE stores the temporary identity(s) for future authentications.).
Therefore, it would have been obvious to one ordinary skilled in the art before the effective filing date of the claimed invention to incorporate the teaching of Horn with the 
As per claim 21, Rosati does not disclose; however, Lambert discloses the method according to claim 20, requesting from an identity register the device network identifier using the device identifier (Lambert, Para. 0048, the first device 110 and the second device 150 are acquainted devices. The second device 150 keeps information, such as identification ID-A, public key A, and the like, of the first device 110 in an entry within an internal database. The second device 150 looks up the extracted value in the internal database. When the extracted value corresponds to the entry of the first device 110, the second device 150 determines that the first device 110 is the source device of the received MAC frame, and processes the received MAC frame accordingly); and 
Therefore, it would have been obvious to one ordinary skilled in the art before the effective filing date of the claimed invention to incorporate the teaching of Lambert with the system and method of Rosati given the benefit of conducting the communication in a secure manner. 
Rosati and Lambert do not disclose; however, Horn discloses wherein determining the device network identifier comprises receiving a device identifier from the wireless device (Horn, Para. 0062, The UE derives required additional new keying material, including the key MSK, from the new computed IK and CK (i.e. CK_new, IK_new) in the same way as the AAA server, and checks the received MAC with the new derived keying material. If a protected pseudonym and/or re-authentication identity were received, then the UE stores the temporary identity(s) for future authentications.).

As per claim 22, Rosati, and Horn do not disclose; however, Lambert discloses the method according to claim 21, wherein receiving the device identifier from the wireless device comprises transmitting an identity request to the wireless device and receiving an identity response comprising the device identifier (Lambert, Para. 0004, generating an identification based on a public key of an asymmetric key pair for a device, including the identification into an information unit to identify the device as a source of the information unit and transmitting the information unit.)
Therefore, it would have been obvious to one ordinary skilled in the art before the effective filing date of the claimed invention to incorporate the teaching of Lambert with the system and method of Rosati, and Horn given the benefit of conducting the communication in a secure manner. 
As per claim 23, Rosati and Lambert do not disclose; however, Horn discloses the method according to claim 20, wherein determining the device network identifier comprises receiving a temporary device network identifier from the wireless device (Horn, Para. 0084-0085, The AAA server may send the IMSI within the AA-Answer, if the Authorization Request message in step a contains a temporary identity, i.e. if an AA-Request does not contain the IMSI.); and
requesting from the identity register the device network identifier using the temporary device network identifier (Horn, Para. 0084-0085, The AAA server may send the IMSI within the AA-Answer, if the Authorization Request message in step a contains a temporary identity, i.e. if an AA-Request does not contain the IMSI.)
Therefore, it would have been obvious to one ordinary skilled in the art before the effective filing date of the claimed invention to incorporate the teaching of Horn with the system and method of Rosati and Lambert given the benefit of preventing an attacker from impersonating a serving network entity .
As per claim 24, Rosati and Horn do not disclose; however, Lambert discloses the method according to claim 20, wherein the authentication data comprises a network authenticator, wherein the network authenticator provides a proof of the first server's possession of the device public key (Lambert, Para. 0048, The second device 150 authenticates the other device based on the identification. The first device 110 and the second device 150 are acquainted devices. The second device 150 keeps information, such as identification ID-A, public key A, and the like, of the first device 110 in an entry within an internal database. The second device 150 looks up the extracted value in the internal database. When the extracted value corresponds to the entry of the first device 110, the second device 150 determines that the first device 110 is the source device of the received MAC frame, and processes the received MAC frame accordingly); and 
wherein the authentication request further comprises the network authenticator (Lambert, Para. 0048, The second device 150 authenticates the other device based on the identification. The first device 110 and the second device 150 are acquainted devices. The second device 150 keeps information, such as identification ID-A, public key A, and the like, of the first device 110 in an entry within an internal database. The second device 150 looks up the extracted value in the internal database. When the extracted value corresponds to the entry of the first device 110, the second device 150 determines that the first device 110 is the source device of the received MAC frame, and processes the received MAC frame accordingly).
Therefore, it would have been obvious to one ordinary skilled in the art before the effective filing date of the claimed invention to incorporate the teaching of Lambert with the system and method of Rosati and Horn given the benefit of conducting the communication in a secure manner. 
As per claim 25, Rosati discloses the method according to claim 20, wherein obtaining from the second server an authentication data corresponding to the device network identifier comprises requesting the authentication data corresponding the device network identifier from an authentication server and receiving the authentication data from the authentication server (Rosati, Para. 0037-0038, The VPN gateway receives the request and in addition to establishing a secure channel with the VPN client, initiates authentication of a user associated with the request. The authentication server after detecting a request to initiate an authentication initiates a challenge/response protocol by generating a challenge by generating a random number. The authentication server then sends the challenge over-the-air to the mobile device, and the mobile device receives the challenge. The mobile device after receiving the challenge obtains the PIN from the user, e.g. by requesting entry of the PIN through the authentication UI. The cryptographic module may then generate a response using the challenge, the private key a, and the PIN. ).
As per claim 26, Rosati discloses the method according to claim 20, wherein the authentication data is generated by the second server, and wherein the network Rosati, Para. 0037-0038, The VPN gateway receives the request and in addition to establishing a secure channel with the VPN client, initiates authentication of a user associated with the request. The authentication server after detecting a request to initiate an authentication initiates a challenge/response protocol by generating a challenge by generating a random number. The authentication server then sends the challenge over-the-air to the mobile device, and the mobile device receives the challenge. The mobile device after receiving the challenge obtains the PIN from the user, e.g. by requesting entry of the PIN through the authentication UI. The cryptographic module may then generate a response using the challenge, the private key a, and the PIN. ),
As per claim 27, Rosati discloses the method according to claim 25, wherein verifying the received authentication response comprises requesting the authentication server to verify the received authentication response (Rosati, Para. 0035, The authentication server includes a cryptographic module that is configured or otherwise operable to at least participate in a challenge/response protocol by generating a challenge (e.g. using a random number generator (RNG)) and performing a signature verification operation using a public key associated with the user requesting access to the private network). 
As per claim 33, Rosati and Lambert do not disclose; however, Horn discloses the wireless device according to claim 29, wherein the processor is configured to generate a device identifier by generating a temporary device network identifier based on the device identifier and wherein the processor is configured to transmit the temporary device network Horn, Para. 0084-0085, The AAA server may send the IMSI within the AA-Answer, if the Authorization Request message in step a contains a temporary identity, i.e. if an AA-Request does not contain the IMSI.). 
Therefore, it would have been obvious to one ordinary skilled in the art before the effective filing date of the claimed invention to incorporate the teaching of Horn with the system and method of Rosati and Lambert given the benefit of preventing an attacker from impersonating a serving network entity .
As per claim 36, Rosati and Lambert do not disclose; however, Horn discloses the network node according to claim 35, wherein the processor is configured to determine the device network identifier by receiving a device identifier from the wireless device (Horn, Para. 0084-0085, The AAA server may send the IMSI within the AA-Answer, if the Authorization Request message in step a contains a temporary identity, i.e. if an AA-Request does not contain the IMSI.); and 
requesting from an identity register the device network identifier using the device identifier (Horn, Para. 0084-0085, The AAA server may send the IMSI within the AA-Answer, if the Authorization Request message in step a contains a temporary identity, i.e. if an AA-Request does not contain the IMSI.)
Therefore, it would have been obvious to one ordinary skilled in the art before the effective filing date of the claimed invention to incorporate the teaching of Horn with the system and method of Rosati and Lambert given the benefit of preventing an attacker from impersonating a serving network entity .
As per claim 37, Rosati and Lambert do not disclose; however, Horn discloses the network node according to claim 36, wherein the device identifier is a temporary device Horn, Para. 0084-0085, The AAA server may send the IMSI within the AA-Answer, if the Authorization Request message in step a contains a temporary identity, i.e. if an AA-Request does not contain the IMSI.). 
Therefore, it would have been obvious to one ordinary skilled in the art before the effective filing date of the claimed invention to incorporate the teaching of Horn with the system and method of Rosati and Lambert given the benefit of preventing an attacker from impersonating a serving network entity .
As per claim 38, Rosati and Horn do not disclose; however, Lambert discloses the network node according to claim 35, wherein the authentication data further comprises a network authenticator, wherein the network authenticator provides a proof of the first server's possession of the device public key, and wherein the authentication request further comprises the network authenticator (Lambert, Para. 0048, The second device 150 authenticates the other device based on the identification. The first device 110 and the second device 150 are acquainted devices. The second device 150 keeps information, such as identification ID-A, public key A, and the like, of the first device 110 in an entry within an internal database. The second device 150 looks up the extracted value in the internal database. When the extracted value corresponds to the entry of the first device 110, the second device 150 determines that the first device 110 is the source device of the received MAC frame, and processes the received MAC frame accordingly).
Therefore, it would have been obvious to one ordinary skilled in the art before the effective filing date of the claimed invention to incorporate the teaching of Lambert with  
As per claim 39, Rosati discloses the network node according to claim 35, wherein the processor is configured to obtain the authentication data corresponding to the device network identifier by requesting the authentication data corresponding the device network identifier from an authentication server and receiving the authentication data from the authentication server (Rosati, Para. 0037-0038, The VPN gateway receives the request and in addition to establishing a secure channel with the VPN client, initiates authentication of a user associated with the request. The authentication server after detecting a request to initiate an authentication initiates a challenge/response protocol by generating a challenge by generating a random number. The authentication server then sends the challenge over-the-air to the mobile device, and the mobile device receives the challenge. The mobile device after receiving the challenge obtains the PIN from the user, e.g. by requesting entry of the PIN through the authentication UI. The cryptographic module may then generate a response using the challenge, the private key a, and the PIN. )
Claims 14 are rejected under 35 U.S.C. 103 as being unpatentable over Rosati (US 20130046976) in view of Lambert (US 20130246792) in view of Ligatti (US 20160180072).
As per claim 14, Rosati and Lambert do not disclose; however, Ligatti discloses the method according to claim 1, wherein generating the device authenticator comprises generating a message authentication code, MAC, using the challenge and the device public key (Ligatti, Para. 0029, In response to determining that there are at least two devices associated with the user, the verifier can send an authentication challenge, possibly encrypted, to the first device desiring to access the resource. For example, the authentication challenge can be dynamically generated random data (e.g., a cryptographic nonce) that the second device can receive to authenticate the first device. The first device can send, possibly by broadcasting, the authentication challenge to the second device registered with the user.).
Therefore, it would have been obvious to one ordinary skilled in the art before the effective filing date of the claimed invention to incorporate the teaching of Ligatti with the system and method of Rosati and Lambert given the benefit of increasing security by eliminating the possibility of unauthorized access through the use of a single registered user device.
Claims 16 and 18 are rejected under 35 U.S.C. 103 as being unpatentable over Rosati (US 20130046976) in view of Lambert (US 20130246792) in view of Horn (US 20110004762) in view of Ligatti (US 20160180072).
As per claim 16, Rosati, Lambert, and Horn do not disclose; however, Ligatti discloses the method according to claim 15, wherein generating the message authentication code using the challenge and the device public key comprises generating the MAC over the challenge and the device nonce using the device public key. (Ligatti, Para. 0029, In response to determining that there are at least two devices associated with the user, the verifier can send an authentication challenge, possibly encrypted, to the first device desiring to access the resource. For example, the authentication challenge can be dynamically generated random data (e.g., a cryptographic nonce) that the second device can receive to authenticate the first device. The first device can send, possibly by broadcasting, the authentication challenge to the second device registered with the user.).

As per claim 18, Rosati, Lambert, and Horn do not disclose; however, Ligatti discloses the method according to claim 15, wherein the network authenticator comprises a MAC over the challenge and/or the device nonce using the device public key and wherein verifying the authentication request comprises verifying the MAC (Ligatti, Para. 0029, In response to determining that there are at least two devices associated with the user, the verifier can send an authentication challenge, possibly encrypted, to the first device desiring to access the resource. For example, the authentication challenge can be dynamically generated random data (e.g., a cryptographic nonce) that the second device can receive to authenticate the first device. The first device can send, possibly by broadcasting, the authentication challenge to the second device registered with the user.).
Therefore, it would have been obvious to one ordinary skilled in the art before the effective filing date of the claimed invention to incorporate the teaching of Ligatti with the system and method of Rosati, Lambert, and Horn given the benefit of increasing security by eliminating the possibility of unauthorized access through the use of a single registered user device.
Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.
Ekberg (US 8621203): An approach is provided for authenticating a mobile device. A mobile device initiates transmission of a request to an authentication platform for generating a public-key certificate to access a service from the mobile device. The mobile device receives an identity challenge and responds by initiating transmission of a tag specific to the mobile device to the authentication platform. The authentication platform uses the tag to generate a public-key certificate.
Blanke (US 20160219043): A system, apparatus, method, and machine readable medium are described for establishing trust using secure communication protocols.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to ANGELA R HOLMES whose telephone number is (571)270-3357.  The examiner can normally be reached on Monday-Friday 8:00AM-4:00PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Yin-Chen Shaw can be reached on 571-272-8878.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to 


/ANGELA R HOLMES/Examiner, Art Unit 2498                                                                                                                                                                                                        
/THANHNGA B TRUONG/Primary Examiner, Art Unit 2498