Notice of Pre-AIA  or AIA  Status
The present application, filed on or after June 10, 2020, is being examined under the first inventor to file provisions of the AIA .
Specification 
The specification filed on June 10, 2020 is accepted. 
Drawings
The drawings filed on June 10, 2020 are accepted.
Information Disclosure Statement
The information disclosure statement (IDS) submitted on 06/10/2020 was filed after the mailing date of the application 16/771524 on 06/10/2020.  The submission is in compliance with the provisions of 37 CFR 1.97.  Accordingly, the information disclosure statement is being considered by the examiner.

Claim Objections
Claims 1, 3-4, 7, 12, 14, 15 and 17 objected to because of the following informalities: 
Claim 1 recites “- a step”. The examiner suggest to delete the term “-a step” the claim should recite “A secure communication method…….comprising steps of:” The first limitation should read as “encrypting by the first entity content using first key specific to the first entity utilizing a symmetric encryption algorithm”. Similar remarks for other such limitations.
Claim 1 recites “-” before each limitations. The examiner suggest to delete “-”
Claim 3 recites “initialising” and “memorising” should read as “initializing” and “memorizing”
Claim 4 recites “a step of generating, by the managing entity, each second key specific to each first entity using said first secret held by the managing entity, said key generation parameter specific to each first entity and said key generation function”. The examiner suggest to clarify the limitation. For example the above limitation should simply read as

Claim 4 recites the term “key generation parameter”, “derivation parameter”, “key generation function” and “derivation function”. The examiner suggest to clarify these terms.
Claim 7 recites “ wherein the request for obtaining the second key and the response to said request are encrypted using a third key memorised by each first entity and regenerated by the managing entity using a second secret
The limitation should read as “wherein the request for obtaining the second key and the response to said request are encrypted using a third key memorized by each first entity and wherein the third key is regenerated by the managing entity using a second secret, said key generation parameter and said key generation function” Similar remarks for other such limitations.
Claim 12 recites “first and second entities comprising modules for calculating and memorising” should read as” first and second entities comprising a calculation module, a memorizing module…..”
Claim 12 recites the term “memorising” the examiner suggest to clarify the term “memorising”. is it equivalent to “storing”?
Claim 12 line 2 recites “memorising” should read as “memorizing” 
Claim 12 line 3 and 5 recites “memorises” should read as “memorizes” 
Claim 12 recites “-” before each limitations. The examiner suggest to delete “-”
Claim 12 recites “an encrypting and decrypting program using a symmetric encryption algorithm, using a first key” should read as “a program for encrypting and decrypting using a first key 
Claim 14 recites “initialising” and “initialisation” should read as “initializing” and “initialization”
Claim 15 recites “organised” should read as “organized”
	Claim 17 the method of claim 1 should be re-written in claim 17 to properly consider claim 17 as an independent claim.
CLAIM INTERPRETATION

The following is a quotation of 35 U.S.C. 112(f):
(f) Element in Claim for a Combination. – An element in a claim for a combination may be expressed as a means or step for performing a specified function without the recital of structure, material, or acts in support thereof, and such claim shall be construed to cover the corresponding structure, material, or acts described in the specification and equivalents thereof. 

The following is a quotation of pre-AIA  35 U.S.C. 112, sixth paragraph:
An element in a claim for a combination may be expressed as a means or step for performing a specified function without the recital of structure, material, or acts in support thereof, and such claim shall be construed to cover the corresponding structure, material, or acts described in the specification and equivalents thereof.

The claims in this application are given their broadest reasonable interpretation using the plain meaning of the claim language in light of the specification as it would be understood by one of ordinary skill in the art.  The broadest reasonable interpretation of a claim element (also commonly referred to as a claim limitation) is limited by the 

As explained in MPEP § 2181, subsection I, claim limitations that meet the following three-prong test will be interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph:
(A)	the claim limitation uses the term “means” or “step” or a term used as a substitute for “means” that is a generic placeholder (also called a nonce term or a non-structural term having no specific structural meaning) for performing the claimed function; 
(B)	the term “means” or “step” or the generic placeholder is modified by functional language, typically, but not always linked by the transition word “for” (e.g., “means for”) or another linking word or phrase, such as “configured to” or “so that”; and 
(C)	the term “means” or “step” or the generic placeholder is not modified by sufficient structure, material, or acts for performing the claimed function. 

Use of the word “means” (or “step”) in a claim with functional language creates a rebuttable presumption that the claim limitation is to be treated in accordance with 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph. The presumption that the claim limitation is interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, is rebutted when the claim limitation recites sufficient structure, material, or acts to entirely perform the recited function. 

Absence of the word “means” (or “step”) in a claim creates a rebuttable presumption that the claim limitation is not to be treated in accordance with 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph. The presumption that the claim limitation is not interpreted under 35 U.S.C. 112(f) or pre-
Claim limitations in this application that use the word “means” (or “step”) are being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, except as otherwise indicated in an Office action. Conversely, claim limitations in this application that do not use the word “means” (or “step”) are not being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, except as otherwise indicated in an Office action.

This application includes one or more claim limitations that do not use the word “means,” but are nonetheless being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, because the claim limitation(s) uses a generic placeholder that is coupled with functional language without reciting sufficient structure to perform the recited function and the generic placeholder is not preceded by a structural modifier.  Such claim limitation(s) is/are: A secure system, modules for calculating and memorising in claim 12 and a system in claim 17.

Claim limitation(s) “A secure system, modules for calculating and memorising” and “a system” of claims 12 and 17 respectively gives their broadest reasonable interpretation of the claim elements with a limited description in the specification. The examiner notes that A system comprises first and second entity modulus for calculating and memorsing are within the entities and the entities are smartphone, table computer etc. See spec [page 8 line 5-20]. Accordingly claims 12 and 17 invoke 35 U.S.C. 112 (f) or sixth paragraph, but the corresponding structure is described.

Because these claim limitation(s) are being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, they are being interpreted to cover the corresponding structure described in the specification as performing the claimed function, and equivalents thereof.




Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.


The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.


Claim 2 recites "the memory".  There is insufficient antecedent basis for this limitation in the claim.
Claim 6 recites "the generation parameter".  There is insufficient antecedent basis for this limitation in the claim.
Claim 7 recites "the memory".  There is insufficient antecedent basis for this limitation in the claim.
Claim 9 recites "the corresponding private key".  There is insufficient antecedent basis for this limitation in the claim.
Claim 9 recites "the third key".  There is insufficient antecedent basis for this limitation in the claim.

Claim 13 rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA  35 U.S.C. 112, the applicant), regards as the invention. The claim recites “a managing entity comprising a key generation program
Claim 14 recites "the first known secret".  There is insufficient antecedent basis for this limitation in the claim.
Claim 15 recites “the same resource”, “the same secret” and “the same batch".  There is insufficient antecedent basis for this limitation in the claim.

                                               Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1-6, 10 and 17 are rejected under 35 U.S.C. 103 as being unpatentable over Mansour et al (hereinafter Mansour) (US 20170149740) in view of Le Saint et al (hereinafter Le Saint) (US 20180375663).
Regarding claim 1 Mansour teaches A secure communication method between at least one first entity and at least one second entity with a communication link in at least one network comprising: (Mansour on [0010] teaches method for securing communications between a first computer and a second computer over a communications network);
a step of encryption, by the first entity, using a symmetric encryption algorithm, of content using a first key specific to the first entity (Mansour on [0010] teaches first computer may be an authorization entity computer (i.e. first entity) for encrypting data packet with symmetric key. See on [0011] teaches the symmetric key may be a first symmetric key. See on [0133] teaches the first computer may encrypt data block 340 using symmetric key. See on [0169] teaches the symmetric key may be derived by taking the Entity ID OR'ed with SequenceNo and taking the result XOR'ed with the value stored in the cache (i.e. key for specific entity));
 a step of aggregation, in a message, of the encrypted content with at least one key generation parameter specific to the first entity (Mansour Fig 4 block 320 and text on [0023] teaches a request data packet 300 (i.e. message) with at least on entity device ID (i.e. key generation parameter));
 a step of sending, by the first entity, of the message to the second entity (Mansour on [0010] teaches receiving, by the second computer (i.e. second entity) from the first computer over a communications network, a request data packet (i.e. message). The request data packet can include a control block comprising a symmetric key and a data block encrypted with the symmetric key. See on [0135] teaches the first computer may send, over a communications network, request data packet 300 to the second computer);
a step of decryption, by the second entity, of the encrypted content of the message received, using the first key (Mansour on [0010] teaches extracting, by the second computer, the symmetric key from the control block and decrypting, by the second computer, the encrypted data block with the extracted symmetric key. See on [0138 and 0147] teaches the second computer may then decrypt the encrypted data block 340 with the extracted symmetric key 320E. The second computer may decrypt data block 340 based on the algorithm indicated in symmetric algorithm type 320H).
(Le Saint on [0055, 0058 and 0224] teaches the client computer 240 may determine a first session key using a key derivation function based on the shared secret (i.e. secret), an identifier (i.e. generation parameter) of the server computer 280, and an identifier of the communication session).
Thus, it would have been obvious to one ordinary skill in the art before the effective filing date to implement the teaching of Le Saint into the teaching of Mansour by determining first key based on generation parameter, secret and key generation function. One would be motivated to do so in order to perform secure communication (Le Saint on [0001]).

Regarding claim 2 the combination of Mansour and Le Saint teaches all the limitations of claim 1 above, Mansour further teaches further comprising a step of sending a response to the message, encrypted by the symmetric encryption algorithm using the first key and/or an additional step of erasing the first key in the memory of the second entity (Mansour on [0139-0141] teaches the second computer may then generate a response data packet 400 to return to the first computer. The second computer may include in response data packet 400 the leader block 410 comprising entity name 410A, zone 4108, and control block encryption type 410C. The entity name 410A and zone 410B in leader block 410 may be echoed from those in leader block 310 of request data packet 300. The second computer may also encrypt control block 420 using encryption key 450. In some cases, the second computer may derive encryption key 450 by computing Hash(Symmetric Key.parallel.Entity Name.parallel.Zone), where the symmetric key is symmetric key 320E received in request data packet 300. The second computer may include information indicating the symmetric encryption type utilized to encrypt control block 420 in control block encryption type 410C).
Regarding claim 3 the combination of Mansour and Le Saint teaches all the limitations of claim 1 above, Le Saint further teaches further comprising a prior step of initialising each second entity comprising a memorising of said first secret (Le Saint on [0029] teaches the first computer may generate a shared secret using the second public key of the second computer and the first private key of the first computer. The second computer may generate the same shared secret using the first public key of the first computer and the second private key of the second computer).
Regarding claim 4 the combination of Mansour and Le Saint teaches all the limitations of claim 1 above, Mansour further teaches further comprising prior steps, that are: 34821-5796-9599.v1PABST, et al. - New (US National Phase of PCT/EP2018/084203)Attorney Docket: 022044-0513560a step of transmission, by each first entity, to a managing entity, of the key generation parameter specific to each first entity in order to obtain a second key (Mansour on [0070] teaches At step 1, during the out-of-band enrollment of the authorization entity with the token service (shown as path 104), the authorization entity backend server 114 may exchange an Entity Name, Entity ID(s), and Zone(s) with the processor server computer 118. See on [0090] teaches Authorization entity mobile application 210A may send its Device ID to authorization entity backend server 214. In some cases, the Device ID may be computed as Hash(Serial #.parallel.NEI). While one example of computing the Device ID is provided above, it is understood that other device parameters besides Serial # or IMEI may also be used, along with other user-specific or application-specific values); 
a step of supplying each first key to each first entity (Mansour on [0010] teaches first computer may be an authorization entity computer (i.e. first entity) for encrypting data packet with symmetric key. See on [0011] teaches the symmetric key may be a first symmetric key);
(Mansour on [0100] teaches  generating symmetric key by symmetric encryption algorithms such as AES-256 and 3DES (i.e. derivation function). See on [0107] teaches symmetric key 320E may be randomly generated using a secure random number generator (i.e. derivation parameter). See on [0169] teaches The API function for decoding may derive the symmetric key from the value stored in the cache. For example, the symmetric key may be derived by taking the Entity ID OR'ed with SequenceNo and taking the result XOR'ed with the value stored in the cache);
a step of aggregating, by each first entity, of said derivation parameter to the message intended for the second entity (Mansour on [0105] teaches Sequence number 320C can be a random value (i.e. derivation parameter) that may be generated using a secure random number generator or a pseudo-random number generator in included in the data packet).
Le saint teaches a step of generating, by the managing entity, each second key specific to each first entity using said first secret held by the managing entity, said key generation parameter specific to each first entity and said key generation function (Le Saint on [0055, 0058 and 0224] teaches the client computer 240 may determine a first session key using a key derivation function based on the shared secret, an identifier of the server computer 280, and an identifier of the communication session);
a step of derivation, by the second entity in order to obtain the first key using the second key generated using the first secret and the key generation parameter specific to the first entity supplied as input of said key generation function (Le Saint on [0055, 0058 and 0224] teaches the client computer 240 may determine a first session key using a key derivation function based on the shared secret, an identifier of the server computer 280, and an identifier of the communication session).

 into the teaching of Mansour by determining first key based on generation parameter, secret and key generation function. One would be motivated to do so in order to perform secure communication (Le Saint on [0001]).
Regarding claim 5 the combination of Mansour and Le Saint teaches all the limitations of claim 4 above, Mansour further teaches wherein said derivation parameter comprises at least one random key generated by said first entity (Mansour on [0105] teaches Sequence number 320C can be a random value (i.e. derivation parameter) that may be generated using a secure random number generator or a pseudo-random number generator in included in the data packet).
Regarding claim 6 the combination of Mansour and Le Saint teaches all the limitations of claim 4 above, Mansour further teaches wherein the steps of transmitting the generation parameter for the second key and of supplying said second key are carried out by sending a request for obtaining the second key and a response to said request (Mansour Fig 3-4 and text on [0140-0142] teaches first computer sends request data packet containing keys parameters shared secret random value etc. and the second computer receives the request data packet and generated a respond data packet 400);
 each first entity being in a communication link with the managing entity in said network (Mansour on [0058] teaches an authorization entity web application server 112 (i.e. managing entity) in communication with an authorization entity backend server 114 and a service provider computer 116. The authorization entity backend server 114 and service provider computer 116 may be in communication with a processor server computer 118. The processor server computer 118 may provide tokenization services and may also be known as a token service computer or token service provider computer).
Regarding claim 10 the combination of Mansour and Le Saint teaches all the limitations of claim 1 above, Mansour further teaches wherein said at least one key generation parameter specific to the (Mansour Fig 4 block 320 and text on [0023] teaches a request data packet 300 (i.e. message) with at least on entity device ID (i.e. key generation parameter)).
Regarding claim 17, the claim recites substantially similar subject matter as claim 1. Therefore, the response set forth above with respect to the claim 1 is equally applicable to the claim 17 of “a system”.

Claims 7-9 and 11 are rejected under 35 U.S.C. 103 as being unpatentable over Mansour et al (hereinafter Mansour) (US 20170149740) in view of Le Saint et al (hereinafter Le Saint) (US 20180375663) and further in view of Chawan (US 20190139039).

Regarding claim 7 the combination of Mansour and Le Saint teaches all the limitations of claim 6 above, Mansour further teaches (Le Saint on [0055, 0058 and 0224] teaches the client computer 240 may determine a first session key using a key derivation function based on the shared secret (i.e. secret), an identifier (i.e. generation parameter) of the server computer 280, and an identifier of the communication session);
a step of generating, by the managing entity, each third key specific to each first entity, using said second secret held by the managing entity, said key generation parameter specific to each first entity and said key generation function  (Le Saint on [0055, 0058 and 0224] teaches the client computer 240 may determine a first session key using a key derivation function based on the shared secret (i.e. secret), an identifier (i.e. generation parameter) of the server computer 280, and an identifier of the communication session);
a step of supplying each third key to each first entity;  a step of erasing, in the memory of said managing entity, each third key (Le Saint on [0039] teaches  new and different public keys may be used in each key exchange and deleted immediately or shortly after establishing a shared secret. See on [0050] teaches a client computer can generate an ephemeral key pair that is different from its static key pair and use the ephemeral public key in the key exchange. The client computer can delete this ephemeral key pair after a shared secret has been established and generate new ephemeral key pairs in establishing subsequent secure communication channels).
	The combination fails to explicitly teach wherein the request for obtaining the second key and the response to said request are encrypted using a third key memorised by each first entity, the method comprising prior steps, that are  a step of transmission, by each first entity to the managing entity, of the key generation parameter specific to each first entity for obtaining the third key, however Chawan from analogous art teaches wherein the request for obtaining the second key and the response to said request are encrypted using a third key memorised by each first entity (Chawan on [0037] teaches request is encrypted using a first symmetric key, and the first symmetric key is encrypted using the public key of the issuer's KMS 221. See on [0088] teaches the payment gateway 203 may encrypt an authorization response by using the public key);
the method comprising prior steps, that are a step of transmission, by each first entity to the managing entity, of the key generation parameter specific to each first entity for obtaining the third key (Chawan on [0029] teaches the information in a KMS certificate enables an entity to communicate with the KMS to obtain a private-key material that is subsequently used to conduct a secure transaction. See on [0037] teaches an identifier of the KMS that is used by a merchant may be received to search for a KMS public key corresponding to a KMS identifier from the memory (i.e. identifier as a key generation parameter for obtaining third key)).
Thus, it would have been obvious to one ordinary skill in the art before the effective filing date to implement the teaching of Chawan into the combined teaching of Mansour and Le Saint by encrypting request and response based on a key and obtaining the key based on identifier. One would be motivated to do so in order to perform secure authentication (Chawan on [0002-0004]).
Regarding claim 8 the combination of Mansour, Le Saint and Chawan teaches all the limitations of claim 7 above, Chawan further teaches wherein the transmission by each first entity, to the managing entity, of the key generation parameter specific to each first entity for obtaining the third key is carried out at the same time as an authentication of each first entity with the managing entity (Chawan Fig 9 and text on [0075] teaches obtaining the key during authorization process shown on Fig 9. See also Fig 4 and text on [0036-0037] teaches obtaining key during signature validation process).
Regarding claim 9 the combination of Mansour and Le Saint teaches all the limitations of claim 6 above, Mansour further teaches wherein the transmission by each first entity, to the managing entity, of the key generation parameter specific to each first entity for obtaining the third key is carried out jointly with the transmission of a public key (Mansour on [0086] teaches receives from the processor server computer 218 a unique public key for each Zone plus a seed for each Entity ID for generating the Entity token service ID. The Entity token service ID may be one of the values with which processor server computer 218 identifies a corresponding authorization entity (i.e. server computer transmits public key with seed of each entity ID));
said public key and the corresponding private key being memorised by said first entity (Mansour on [0152] teaches one storing a particular private key corresponding to a particular public key);

(Chawan on [0037] teaches the first symmetric key is encrypted using the public key of the issuer's KMS 221).
Thus, it would have been obvious to one ordinary skill in the art before the effective filing date to implement the teaching of Chawan into the combined teaching of Mansour and Le Saint by encrypting key using public key. One would be motivated to do so in order to perform secure authentication (Chawan on [0002-0004]).
Regarding claim 11 the combination of Mansour and Le Saint teaches all the limitations of claim 1 above, the combination fails to explicitly teach wherein said at least one key generation parameter specific to the first entity further comprises an expiry date of the key generated by the first entity, however Chawan from analogous art teaches wherein said at least one key generation parameter specific to the first entity further comprises an expiry date of the key generated by the first entity (Chawan on [0028 and 0047] teaches information that may be included in a KMS certificate may include a master public key of the KMS, a unique resource identifier (URI) of the KMS, and a validity period of the master public key).
Thus, it would have been obvious to one ordinary skill in the art before the effective filing date to implement the teaching of Chawan into the combined teaching of Mansour and Le Saint by setting an expiry date of a key. One would be motivated to do so in order to perform secure authentication by validating key (Chawan on [0002-0004]).

Claims 12-14 and 16 are rejected under 35 U.S.C. 103 as being unpatentable over Mansour et al (hereinafter Mansour) (US 20170149740) in view of Pauker et al (hereinafter Pauker) (US 20120143770).

Regarding claim 12 Mansour teaches A secure system for exchanging data between at least one first entity and at least one second entity with a communication link in at least one network (Mansour on [0010] teaches system for securing communications between a first computer and a second computer over a communications network);
said first and second entities comprising modules for calculating and memorising and network communication interfaces (Mansour on [0014] teaches computer (i.e. first and second computer) having memory (i.e. memorizing)  for storing instruction (i.e. Program). See on [0064] teaches network interface (e.g., by an external communication interface). See on [0135] teaches the first computer may send, over a communications network, request data packet 300 to the second computer. See on [0111] teaches hash algorithm 320I may indicate the hash algorithm utilized for signature calculation (i.e. calculation module));
 wherein each first entity memorises: an encrypting and decrypting program using a symmetric encryption algorithm, using a first key (Mansour on [0014] teaches computer (i.e. first and second computer) having memory (i.e. memorizing)  for storing instruction (i.e. Program). See on [0010] teaches first computer may be an authorization entity computer (i.e. first entity) for encrypting data packet with symmetric key and decrypting, by the second computer, the encrypted data block with the extracted symmetric key. See on [0011] teaches the symmetric key may be a first symmetric key. See on [0133] teaches the first computer may encrypt data block 340 using symmetric key);
and a program for transmitting aggregated encrypted data with at least one parameter specific to the first entity(Mansour Fig 4 block 320 and text on [0023-0024] teaches a request data packet 300, the request data packet may comprise a leader block, a control block, a data block, and a signature block. In some cases, the control block may be asymmetrically encrypted and the data block may be symmetrically encrypted (i.e. encrypted data) with at least on entity device ID (i.e. parameter specific to entity). Further teaches response packet generated in response to a request packet containing symmetric key (i.e. indication of generation of key based on request packet). See on [0011] teaches generating by the second computer, a second symmetric key using a predetermined algorithm based on data in the first control block);
a program for encrypting and decrypting by said symmetric encryption algorithm, using said first key (Mansour on [0014] teaches computer (i.e. first and second computer) having memory (i.e. memorizing)  for storing instruction (i.e. Program). See on [0010] teaches first computer may be an authorization entity computer (i.e. first entity) for encrypting data packet with symmetric key and decrypting, by the second computer, the encrypted data block with the extracted symmetric key. See on [0011] teaches the symmetric key may be a first symmetric key. See on [0133] teaches the first computer may encrypt data block 340 using symmetric key).
	Although Mansour teaches regenerating encryption keys (Mansour on [0021]), but fails to explicitly teach a program for regenerating a key using said key generation parameter specific to the first entity and a secret known by the second entity, however Pauker from analogous art teaches wherein each second entity memorises: - a program for regenerating a key using said key generation parameter specific to the first entity and a secret known by the second entity (Pauker on [0069] teaches the processor may, for example, provide the key ID (i.e. generation parameter) to key source 26. Key source 26 may use an internal key generator to regenerate the appropriate key from a master secret (i.e. secret) and the key ID (i.e. the master secret is known by processor [0025])).
Thus, it would have been obvious to one ordinary skill in the art before the effective filing date to implement the teaching of Pauker into the teaching of Mansour by regenerating keys using specific parameters and secret. One would be motivated to do so in order to secure transaction by third party (Pauker on [0004-0005]).
13 the combination of Mansour and Pauker teaches all the limitations of claim 12 above, Pauker further teaches further comprising a managing entity comprising a key generation program(Pauker Fig 1 and text on [0069] teaches computing equipment 24 (i.e. managing entity) utilizes key generator 26 for generating key based on secret and key ID).
Thus, it would have been obvious to one ordinary skill in the art before the effective filing date to implement the teaching of Pauker into the teaching of Mansour by regenerating keys using specific parameters and secret. One would be motivated to do so in order to secure transaction by third party (Pauker on [0004-0005]).
Regarding claim 14 the combination of Mansour and Pauker teaches all the limitations of claim 13 above, Pauker further teaches wherein the managing entity comprising a program for initialising each second entity comprising the initialisation of the first known secret of each second entity (Pauker on [0042-0043] teaches performing encryption operations, the user's browser may obtain code for implementing an encryption function at equipment 12 from processor 24 (e.g., encryption engine code 30) and may obtain key data such as a cryptographic key and an associated key ID from key source 24).
Thus, it would have been obvious to one ordinary skill in the art before the effective filing date to implement the teaching of Pauker into the teaching of Mansour by regenerating keys using specific parameters and secret. One would be motivated to do so in order to secure transaction by third party (Pauker on [0004-0005]).
Regarding claim 16 the combination of Mansour and Pauker teaches all the limitations of claim 12 above, Mansour further teaches wherein each first and second entity comprises a key derivation program according to at least one derivation parameter (Mansour Fig 4-5 block 320i, 320j, 420i and 420j teaches HMAC hash algorithm (i.e. key derivation program) and key value (i.e. parameter)).

Claim 15 is rejected under 35 U.S.C. 103 as being unpatentable over Mansour et al (hereinafter Mansour) (US 20170149740) in view of Pauker et al (hereinafter Pauker) (US 20120143770) and further in view of Le Saint et al (hereinafter Le Saint) (US 20180375663).

Regarding claim 15 the combination of Mansour and Pauker teaches all the limitations of claim 14 above, the combination fails to explicitly teach a plurality of second entities organised into at least one batch, in such a way as to access the same resource by the same batch of second entities that share the same secret, however Le Saint from analogous art teaches further comprising a plurality of second entities organised into at least one batch, in such a way as to access the same resource by the same batch of second entities that share the same secret (Le Saint on [0029] teaches the first and second computer share the same shared secret. The first computer and the second computer may both use the shared secret to generate a session key. See on [0040 and 0065] teaches the first and the second computer generate and share the same secret for generating session key (i.e. to access same resource) for encrypting communication. See on [0044-0045] teaches the client computer encrypts identification data using shared secret and the server computer decrypts the identification data using the shared secret (i.e. having access to same resource using same shared secret)).

Thus, it would have been obvious to one ordinary skill in the art before the effective filing date to implement the teaching of Le Saint into the combined teaching of Mansour and Pauker by using accessing same resource based on shared secret common between first and second entity. One would be motivated to do so in order to perform secure communication (Le Saint on [0001]).


Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. 
Leavy et al (US 20190140832) is directed towards method for end-to-end encryption during a secure communication session. The method includes a first device initializing a secure communication session with at least one second device. Initializing the secure communication session includes transmitting an invitation to a secure communication session to the at least one second device. The invitation may include a meeting identifier and a token. Next, the method receives the token from the at least one second device and validates the token. When the token is invalid, the first devices terminates the secure communication session. However, when the token is valid, the first device performs a three-way handshake with the at least one second device to negotiate a first encryption key and a second encryption key. The first encryption key is used to encrypt communication data transmitted by the first device and the second encryption key is used to decrypt communication data received from the at least one second device.
ALTIN et al (US 20180146367) is directed towards an Internet of Things (IoT) platform which may be utilized by developers to design and build new IoT devices and applications. In particular, one embodiment includes a base hardware/software platform for IoT devices including a predefined networking protocol stack and an IoT hub through which the IoT devices are coupled to the Internet. In addition, one embodiment includes an IoT service through which the IoT hubs and connected IoT devices may be accessed and managed as described below.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to MOEEN KHAN whose telephone number is (571)272-3522.  The examiner can normally be reached on 7AM-5PM EST M-TH Alternate Fridays.

If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Shewaye Gelagay can be reached on (571)272-4219.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.






/MOEEN KHAN/               Examiner, Art Unit 2436                                                                                                                                                                                         


/FATOUMATA TRAORE/               Primary Examiner, Art Unit 2436