Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

DETAILED ACTION
Claims 1-28 are presented for examination.
This is a first action on the merits based on Applicant’s claims submitted 2/05/2020.        
Priority
Receipt is acknowledged of applicant's claim for foreign priority under 35 U.S.C. 119(a)-(d), which papers have been placed of record in the file.
Should applicant desire to obtain the benefit of foreign priority under 35 U.S.C. 119(a)-(d), a certified English translation of the foreign application must be submitted in reply to this action.  37 CFR 41.154(b) and 41.202(e).
Failure to provide a certified translation may result in no benefit being accorded for the non-English application.

Information Disclosure Statement
The information disclosure statement (IDS) submitted on 11/13/2019 and 9/24/2021 are in compliance with the provisions of 37 CFR 1.97.  Accordingly, the information disclosure statements are being considered by the examiner.
Applicant is respectfully reminded of the duty to disclose 37 C.F.R. 1.56 all pertinent information and material pertaining to the patentability of applicant’s claimed invention, by continuing to submitting in a timely manner PTO-1449, Information Disclosure Statement (IDS) with the filing of applicant’s application or thereafter.

Claim Rejections - 35 U.S.C. 112
The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.
The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.
Claims 1, 9-10, 12, 14-15, 17, 21-22,  and 25-28 rejected  under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor, or for pre-AIA  the applicant regards as the invention.
For claim 1, the claim limitation reading “received computed parameters and the random number ri1” lacks proper antecedent basis.  The underlined term has not been previously positively recited.  The term “a first random number ri1” has been recited previously, however it is not clear if the underlined term is referring to the previously recited “first random number” or if it is referring to another term.  Appropriate correction is required.

For claim 9, the claim limitation reading “first set of components comprising the first random number ri1” lacks proper antecedent basis.  The underlined term has not been positively recited.  The term “a random number ri1” has indeed been previously recited, however, it is not clear if the underlined term refers to this previously recited term or not.  Appropriate correction is required.

Also for claim 9, the claim limitation reading “a second set of components comprising the first random number rj1” lacks proper antecedent basis.  A previously recited term such as “a random number rj1” has been presented yet the underlined term has not been previously positively recited and therefore it is not clear as to what term this underlined term is referring to.  Appropriate correction is required.

Again in claim 9 and also in claims 14, and 27-28, the claim limitation reading “the identity of the second device idj is included” is unclear as to what the inventor regards as the invention.  The term “an identity” has been positively recited previously, however this term is associated with an identity of the first device.  Therefore is not clear if the identity of the second device is the same as the identity of the first device or if the inventor is referring to an identity mechanism to identify both the first device and second device.  Appropriate correction is required.
	For examination purposes, the Examiner will interpret this limitation as “an identity of the second device idj is included”.   

For claim 10, the claim limitation reading “generated based on the first random number ri1” lacks proper antecedent basis.  The underlined term has not been previously recited in the claim language.  The one term positively recited states “a random number ri1”, however, it is unclear what the underlined term in question is referring to.  Appropriate correction is required.

Also for claim 10, and also claim 15, the claim limitation reading “an arbitrary value of the first device Ri” lacks proper antecedent basis.  The underlined term has not been positively recited previously. Examiner notes that term “first device” has been recited, however, the underlined term adds a variable attached to the term “the first device Ri” so as to question whether the underlined term is referring to the previously recited term “a first device”.  Therefore, it is unclear to reconcile if these two are one and the same.  Appropriate correction is required.

Again, for claim 10, the clam limitation reading “the parameters for the first device” lacks proper antecedent basis.  The previously recited terms include "first set of parameters", "second set of parameters" and "parameters associated with a master public key".  Therefore, it is unclear as to what parameter(s) the underlined term is referring to.  Appropriate correction is required.

For claim 12, and also claim 17, the claim limitation reading “arbitrary value of the second device Rj” lacks proper antecedent basis.  The underlined term has not been previously recited.  Examiner notes that term “second device” has been recited, however, the underlined term adds a variable attached to the term “second device Rj” so as to question whether the underlined term is referring to the previously recited term “a second device”.  Therefore, it is unclear to reconcile if these two are one and the same.  Appropriate correction is required.  

For claim 14, the claim limitation reading “comprising the first random number ri1” lacks proper antecedent basis.  The underlined limitation has not been positively recited previously, therefore is unclear as to what this is referring to.  A previously recited element stating “a random number ri1” has been claimed, however it is not clear whether both terms are one and the same.  Appropriate correction is required.

For claims 21-22 and 25-26, the claim limitation reading “arbitrary value of the device Ri” lacks proper antecedent basis.  The underlined term has not been previously recited.  Examiner notes that term “device” has been previously recited, however, the underlined term adds a variable attached to the term “device Rj” so as to question whether the underlined term is referring to the previously recited term “a device”.  Therefore, it is unclear to reconcile if these two are one and the same.  Appropriate correction is required.

For claim 27, the claim limitation reading “generate the common session key SK  by using a self-certified identity based signature scheme, wherein the common key SK is for encoding” lacks proper antecedent basis.  The underlined terms, each has not been previously recited.  Appropriate correction is required.
	For examination purposes, the Examiner will interpret the limitation as follows: “generate a common session key SK  by using a self-certified identity based signature scheme, wherein the common session key SK is for encoding”.

For claim 28, the claim limitation reading “communicating with the second device to generate” lacks proper antecedent basis.  The underlined term has not been positively recited previously, therefore, it is unclear as to what this is referring to.  Appropriate correction is required.
	For examination purposes, the Examiner will interpret the limitation as follows: “communicating with a second device to generate”.
The claim(s) are narrative in form and replete with indefinite language. The structure which goes to make up the device/system/method must be clearly and positively specified. The structure must be organized and correlated in such a manner as to present a complete operative device. 
Examiner has stated various examples of indefinite language throughout the claims, however, Examiner suggests Applicant reviews the claims drafted to correct indefinite language.

Claim Rejections - Examiner's Note
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  

Claim Rejections - 35 USC § 102
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –

(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale or otherwise available to the public before the effective filing date of the claimed invention.

(a)(2) the claimed invention was described in a patent issued under section 151, or in an application for patent published or deemed published under section 122(b), in which the patent or application, as the case may be, names another inventor and was effectively filed before the effective filing date of the claimed invention.

Claims 1, 20, 24  rejected under 35 U.S.C. 102(a)(1) as being anticipated over Petersen et al. (NPL: Self-Certified Keys- Concepts and Applications, hereinafter “Petersen”).


Regarding claim 1, Petersen teaches:
A system comprising: 
a secure server (Petersen: page 104, Section 3.1: “Basic key issuing protocol”; i.e. “certificate authority Z”); and 
a device; 
wherein the secure server is configured to: 
compute parameters (Petersen: page 105, Section 3.2 “Secure key issuing protocol”; i.e. “authority who computes the signature parameters”) for the device based on a second random number ri2 (Petersen: page 105, Section 3.2: “Secure key issuing protocol”; i.e. random number k€RZq) generated by the secure server (Petersen: page 105, Section 3.2 “Secure key issuing protocol”; i.e. signature parameter sA generated by authority and sent to Alice (i.e. the device) is based on identification IDA and random number rA.  Furthermore, Authority chooses a random number k€RZq to compute řA, which is sent to Alice to compute a random number rA), a first set of components received from the device (Petersen: page 105, Section 3.2 “Secure key issuing protocol”; i.e. “Alice sends IDA and rA to the authority”), a master secret key x (Petersen: page 104, Section 3.1 “Basic key issuing protocol”; i.e. signature parameters sA are based on authority secret key xZ) and parameters (Petersen: page 104, Section 2: “The Schnorr Signature Scheme”; i.e. large prime numbers p and q, see also page 106, Section 4 “Hierarchical Self-Certified Keys”, i.e. authority chooses prime numbers p and q) associated with a master public key mpk (Petersen: page 106, Section 4: “Hierarchical Self-Certified Keys”; public key is associated with prime number, p), wherein the first set of components comprises a first random number ri1 generated by the device (Petersen: page 105, Section 3.2: “Secure key issuing protocol”; i.e. Alice to compute rA); and 
transmit the computed parameters to the device (Petersen: page 105, Section 3.2: “Secure key issuing protocol”; i.e. signature parameter sA generated by authority and sent to Alice); and 
wherein the device is configured to compute a private key sk (Petersen: pages 104-105, Section 3.1: “Basic key issuing protocol”, Section 3.2 “Secure key issuing protocol”; i.e. generation of xA) based on the received computed parameters and the random number ri1 (Petersen: page 105, Section 3.2: “Secure key issuing protocol”; i.e. Alice obtains her secret key xA), wherein the private key sk is for the device to participate in a self-certified identity based signature system (Petersen: page 104, Section 3: “Self Certified Keys”, i.e. “self certified keypairs…computed as a function of the user’s identity…related to identity based public keys”).  

Regarding claim 20, all claim limitations are set forth and rejected as it has been discussed in claim 1.

Regarding claim 24, all claim limitations are set forth and rejected as it has been discussed in claim 1.

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent may not be obtained though the invention is not identically disclosed or described as set forth in section 102 of this title, if the differences between the subject matter sought to be patented and the prior art are such that the subject matter as a whole would have been obvious at the time the invention was made to a person having ordinary skill in the art to which said subject matter pertains.  Patentability shall not be negatived by the manner in which the invention was made.
Claims 9, 14, 27-28 rejected under 35 U.S.C. 103 as being unpatentable over Petersen et al. (NPL: Self-Certified Keys- Concepts and Applications, hereinafter “Petersen”) in view of Elwell et al. (US 2011/0289319 A1, hereinafter “Elwell”).

Regarding claim 9, Petersen teaches:
A system comprising: 
a secure server  (Petersen: page 104, Section 3.1: “Basic key issuing protocol”; i.e. “certificate authority Z”), 
a first device (i.e. Alice, pages 104-105, see also Table 1 in Section 7.6: “Authentic Key Exchange”); and 
a second device (i.e. Bob, Table 1 in Section 7.6: “Authentic Key Exchange”)); 
wherein the secure server is configured to: 
instruct the first device to compute a private key ski (Petersen: pages 104-105, Section 3.1: “Basic key issuing protocol”, Section 3.2 “Secure key issuing protocol”; i.e. generation of xA by authority) based on a first set of parameters received from the secure server (Petersen: page 105, Section 3.2: “Secure key issuing protocol”; i.e. signature parameter sA generated by authority and sent to Alice), and a random number ri1 generated by the first device (Petersen: page 105, Section 3.2: “Secure key issuing protocol”; i.e. Alice to compute rA), wherein the first set of parameters is generated by the secure server (Petersen: page 105, Section 3.2 “Secure key issuing protocol”; i.e. “authority who computes the signature parameters”) based on a second random number ri2 generated by the secure server (Petersen: page 105, Section 3.2: “Secure key issuing protocol”; i.e. random number k€RZq is choosen by Authority), a first set of components comprising the first random number ri1 (Petersen: page 105, Section 3.2: “Secure key issuing protocol”; i.e. Alice to compute rA), a master secret key x (Petersen: page 104, Section 3.1 “Basic key issuing protocol”; i.e. signature parameters sA are based on authority secret key xZ) and parameters (Petersen: page 104, Section 2: “The Schnorr Signature Scheme”; i.e. large prime numbers p and q, see also page 106, Section 4 “Hierarchical Self-Certified Keys”, i.e. authority chooses prime numbers p and q) associated with a master public key mpk (Petersen: page 106, Section 4: “Hierarchical Self-Certified Keys”; public key of Authority ZO is yO, which is associated with prime number, p), wherein the first set of components is generated by the first device (Petersen: page 105, Section 3.2: “Secure key issuing protocol”; i.e. Alice to compute rA) and transmitted to the secure server (Petersen: page 105, Section 3.2 “Secure key issuing protocol”; i.e. “Alice sends IDA and rA to the authority”); and 
wherein the first and second devices are configured to use a self-certified identity based signature scheme to generate a common session key SK (Petersen: page 113-114, Section 706: “Authentic key exchange”; i.e. Bob and Alice use the session key) for encoding digital communications between the first and second devices with respect to an extended Transport Laver Security (TLS) protocol or an extended Datagram Transport Laver Security protocol (DTLS) (Petersen: page 113-114, Section 706: “Authentic key exchange”; i.e. Bob and Alice use the session key for communication), wherein the self-certified identity based signature scheme is dictated by the private keys ski and skj (Petersen: page 104, Section 3: “Self Certified Keys”, i.e. “self certified keypairs…computed as a function of the user’s identity…related to identity based public keys”).
For the following limitations, Examiner interprets the following:
“instruct the second device to compute a private key skj based on a second set of parameters received from the secure server, and a random number rj1 generated by the second device, wherein the second set of parameters is generated by the secure server based on a second random number rj2 generated by the secure server, a second set of components comprising the first random number rj1, the master secret key x and the parameters associated with a master public key mpk, wherein the second set of components is generated by the second device and transmitted to the secure server;”
Petersen teaches that devices like Alice, i.e. first device, compute the private key, as it has been shown above.  Petersen however, does not disclose specifically a second device computing a second private key skj.  Yet, it would have been obvious to one having ordinary skill in the art before the effectively filling date of the invention to have disclosed a second device computing a second private key, since it has been held that mere duplication of the essential working parts of a device involves only routine skill in the art.
Petersen does not explicitly teach yet Elwell suggests:
wherein an identity of the first device idi is included in a certificate message of the first device (Elwell: par 25: identity information is copied in the session internet protocol (SIP) message, in the certificate field, by terminal A) and the identity of the second device idj is included in a certificate message of the second device (Elwell: par 25-26: identity information is copied in the session internet protocol (SIP) message, in the certificate field, by terminal B).
Accordingly, it would have been obvious to one having ordinary skill in the art before the effective filing date of the invention to have implemented a mechanism to include the identity of the devices in a certificate message, as taught by Elwell, to Petersen’s invention as Bob and Alice are communicating in a given session using the self-certified session keys Bob and Alice generated.  The motivation to do so would have been in order to avoid attacks on the security of the authentication in the networks between the different network users or operators (Elwell: Abstract).

Regarding claim 14,  all claim limitations are set forth and rejected as it has been discussed in claim 9.  Furthermore, the combination of Petersen and Elwell teach the additional limitation:
A system comprising: ….
wherein the first secure server is located in a different domain from the second secure server (Elwell: par 20; i.e. servers are in different domains); 

Regarding claim 27, all claim limitations are set forth and rejected as it has been discussed in claim 9.
Regarding claim 28, all claim limitations are set forth and rejected as it has been discussed in claim 9.

Claims 19 and 23 rejected under 35 U.S.C. 103 as being unpatentable over Petersen et al. (NPL: Self-Certified Keys- Concepts and Applications, hereinafter “Petersen”) in view of Elwell et al. (US 2011/0289319 A1, hereinafter “Elwell”) in further view of Stern (EP 0661846 B1).

Regarding claim 19, Petersen and Elwell do not teach yet Masasuki, in the same field of endeavor, suggests:
The system according to claim 14, wherein the secure server is configured to: 
receive a zero-knowledge proof result from a respective device (Stern: page 2, sixth paragraph; i.e. verification device carries out authentication by protocol with zero input of knowledge), wherein the zero-knowledge proof result is generated by the respective device using the first random number ri1 and a system parameter ƛ (Stern: page 3, last four paragraphs; i.e. calculation of elements received by the verification device); 
determine from the zero-knowledge proof result if the first random number ri1 is equal or less than the system parameter ƛ (Stern: page 3, last four paragraphs; i.e. determine if the two elements are equal “checks the two equalities”); and 
compute parameters (i.e. new vectors) for the respective device based on the second random number ri2 generated by the secure server when the first random number ri1 is equal or less than the system parameter ƛ (Stern: page 3, last four paragraphs; i.e. calculates the new vectors if the two elements are equal).  
	Accordingly, it would have been obvious to one having ordinary skill in the art before the effectively filling date of the invention to have implemented a zero-knowledge proof result to compute parameters, as taught by Stern, to Petersen and Elwell’s invention.  The motivation to do so would be in order to authenticate devices to provide secure communications where two devices exchange data through a suspect security channel (Stern: page 2, first three paragraphs).
Regarding claim 23, all claim limitations are set forth and rejected as it has been discussed in claim 19.

Allowable Subject Matter
Claims 2-8, 10-13, 15-18, 21-22, and 25-26 would be allowable if rewritten to overcome the rejection(s) under 35 U.S.C. 112, 2nd paragraph, set forth in this Office action and if rewritten in independent form to include all of the limitations of the base claim and any intervening claims.
None of the prior art of record teach by themselves or in any combination nor would have anticipated nor render obvious by combination the claimed invention of the present invention at or before the time it was filed.  The prior art of record is silent on:
“wherein generating the first set of parameters for the first device comprises: 
retrieving an arbitrary first value Ri1 and the identity of the first device id1 from the first set of components, wherein the arbitrary first value Ri1 is generated based on the first random number ri1;  
computing an arbitrary value of the first device Ri and a first integer si1; and 
setting the computed arbitrary value of the first device Ri and the first integer si1 as the parameters for the first device, wherein the arbitrary value of the first device Ri is computed based on the arbitrary first value Ri1 and the second random number ri2, and wherein the first integer si1 is computed based on the second random number ri2, the master secret key x, the arbitrary value of the first device Ri, the identity of the first device idi and a prime number q obtained from the parameters associated with the master public key mpk.” (dependent claims 10, 12, 15, 17, 21) and “retrieving an arbitrary first value Ri1, an identity of the device idi and a homomorphic encryption value c from the first set of components, wherein the arbitrary first value Ri1 is generated based on the first random number ri1, and wherein the homomorphic encryption value c is generated by providing the first random number ri1 and a prime number q obtained from the parameters associated with the master public key mpk to an additive homomorphic encryption function HEnc(); and 
setting an arbitrary value of the device Ri; and a first integer si1 as the parameters for the device, wherein the arbitrary value of the device Ri; is computed based on the arbitrary first value Ri1 and the second random number ri2, and wherein the first integer si1 is computed by providing the second random number ri2, the homomorphic encryption value c, the master secret key x, the arbitrary value of the device Ri, the identity of the device idi and the prime number q to the additive homomorphic encryption function HEnc().” (dependent claims 2, 22, 26). 

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. See PTO-892 Notice of References Cited.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to LIZBETH TORRES-DIAZ whose telephone number is (571)272-178772-1787.  The examiner can normally be reached on 9:00a-4:30p.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Farid Homayounmehr, can be reached on (571)272-3739.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.


/LIZBETH TORRES-DIAZ/Examiner, Art Unit 2495                                                                                                                                                                                                        
/21 October 2021/
/ltd/