Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
The present Office Action is responsive to communications received 6/8/2021. Claims 1-20 are pending.

Response to Arguments
Applicant’s arguments received on 6/8/2021 are addressed as follows:
Regarding the 101 rejection, the amendments to claims 1-9 overcome the rejection. The rejection is withdrawn.
Regarding the 112 rejection, the amendments to claims 1-18 overcome the rejection, the rejection is withdrawn.
Regarding the prior art rejection, Applicant’s arguments are respectfully considered. The presented amendments however, are insufficient to overcome the teachings of the prior art: the claims recite “authenticate with a service entity” ...Curtis discloses a registry storing a plurality of programs including program controlling authentication of the agent devices ([0116]), such 
Curtis does not teach the device sending a response to the challenge to the service entity. However, in the context of Public Key Infrastructure PKI, in which an entity private key is kept secret and its public key made public (e.g send to other parties), authentication of the device and the registry as taught by Curtis is one way of authenticating (authentication based on digital signature); another means of authenticating based on PKI is disclosed by Corella: entity A and entity B exchange public keys, entity A receives from entity B a challenge represented by a nonce encrypted with entity A ‘s public key, 


Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:


Claims 1-20 are rejected under 35 U.S.C. 103 as being unpatentable overUS 20190349348 to Curtis et al., hereinafter Curtis, in view of US 20160269393 to Corella et al., hereinafter Corella.
Regarding claim 1, Curtis discloses
A device for secure self-identification, the device comprising: at least one processor and at least one memory, configured to  execute and store respectively, a set of computer-readable instructions, that when executed by the processor are  configured to: generate within the device a private key and a public key, wherein the private and public keys are paired ([0127]: device generates key pair; also Fig. 14 step 102); provide the public key to a registry via a trusted intermediary ([0127], also Fig. 14, step 106: send to registry public key, via a cloud service ([0105])), the registry having an identification tag associated with the public key (Fig. 8A, [0117]: example of entry in registry comprises device ID ; authenticate with a service entity, the service entity having received the public key from the registry ([0116] the service entity is a computer program performing the authentication of devices at the registry), the authentication comprising: sending the identification tag to the service entity ([0107]: the cloud platform within the registry authenticates the device identifier, the identifier registered at the registry [0105]); receiving , via the device, a challenge from the service entity ([0138]: the registry sends a hashed message to the device).  
Curtis teaches the challenge sent from the registry (including the claimed service entity) is a hashed messaged encrypted with the registry’s private key and does not teach wherein the challenge is generated based at least in part on the public key of the device and providing, via the device, an answer to the service entity in response to the challenge, wherein the answer is based at least in part on the private key. 
In an analogous art, Corella discloses a back-end server receiving a public key of a front-end device (Fig. 10, step 1020), the back-end encrypts a receiving, via the device, a challenge from the service entity, wherein the challenge is generated based at least in part on the public key of the device; and providing, via the device,  an answer to the service entity based at least in part on the private key in response to the challenge. It would have been obvious to a skilled artisan before the present application was effectively filed to implement the claimed authentication process using a challenge/response as taught by Corella because once the public keys between the registry and the agent device are exchanged, using a challenge-response based on public-key decryption is a well-known, standard practice and would yield to expected results without needing any further testing.
Regarding claim 2, Curtis in view of Corella discloses the device of claim 1, wherein the identification tag is generated based at least in part on a MAC address or a hardware serial number of at least one component of the 
Regarding claim 3, Curtis in view of Corella discloses the device of claim 1, wherein the public and private keys are generated within a Trusted Execution Environment (TEE) (Corella [0060]: front-end storage is a TEE, [0127]: generate key pair in storage circuitry; it would have been obvious to generate the keys in a TEE for security purposes).  
Regarding claim 4, Curtis in view of Corella discloses the device of claim 1, wherein the public and private keys are generated automatically (Curtis [0010] automatically provide keys for device communication; [0127]: key pair generated by SoC).  
Regarding claim 5, Curtis in view of Corella discloses the device of claim 1, wherein the registry is a public repository (Curtis [0127]: public key stored in registry, in publicly readable area).  
Regarding claim 6, Curtis in view of Corella discloses the device of claim 1, wherein the registry is a repository maintained by a trusted entity 
Regarding claim 7, Curtis in view of Corella discloses the device of claim 1, wherein the public key and the identification tag as associated are unique (Curtis : each record in registry include unique device identifier ([0108], public key, and other fields (Fig. 8A) and unique hash from the other fields [0120]).
Regarding claim 8, Curtis in view of Corella discloses the device of claim 1, wherein the at least one processor is further configured to generate the identification tag associated with the public key and provide it to the registry when providing the public key via the trusted intermediary (Curtis [0132][0133]: generate device ID and upload device ID and public key to registry – see also Fig. 14, step 106).
Regarding claim 9, Curtis in view of Corella discloses the device of claim 1, wherein the service entity is arranged to issue an identity token upon 
Regarding claims 10 and 19, the claims recite substantially the same content as claim 1 and are rejected using the rationales for rejecting claim 1.
Regarding claim 11, the claim recites substantially the same content as claim 2 and is rejected using the rationales for rejecting claim 2.
Regarding claim 12, the claim recites substantially the same content as claim 3 and is rejected using the rationales for rejecting claim 3.
Regarding claim 13, the claim recites substantially the same content as claim 4 and is rejected using the rationales for rejecting claim 4.
Regarding claim 14, the claim recites substantially the same content as claim 5 and is rejected using the rationales for rejecting claim 5.
Regarding claim 15, the claim recites substantially the same content as claim 6 and is rejected using the rationales for rejecting claim 6.
Regarding claim 16, the claim recites substantially the same content as claim 7 and is rejected using the rationales for rejecting claim 7.
Regarding claim 17, the claim recites substantially the same content as claim 8 and is rejected using the rationales for rejecting claim 8.
Regarding claim 18, the claim recites substantially the same content as claim 9 and is rejected using the rationales for rejecting claim 9.
Regarding claim 20, the claim recites substantially the same content as claim 8 and is rejected using the rationales for rejecting claim 8.

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure:
Chumbley 20200021448 discloses a device generating a public-private key pair, storing the private key in a secure storage, sending a registration request including the public key to a server; to authenticate the user, the server sends to the user a challenge encrypted with the user’s public key, the users decrypts the challenge using his private kept and provides the decrypted challenge to the server for verification.
Paaredi et al 20210150018 disclose authentication of a first entity by a second entity by generating a challenge, encrypted with the second ‘s entity public key, and provided to the second entity from the first entity; the second entity decrypts the challenge with its private key.

Menezes et al “Handbook of Applied Cryptography”, 1996, excerpt p. 403-405


Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to CATHERINE B THIAW whose telephone number is (571)270-1138.  The examiner can normally be reached on Monday-Friday 7am-4pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, CARL G COLIN can be reached on 571-272-3862.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.







/Catherine Thiaw/Primary Examiner, Art Unit 2493                                                                                                                                                                                                        9/21/2021