DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . 
This is a Non-Final Office Action in response to the communication filed on March 26, 2019.
Claims 1-11 have been examined.


Drawings
The drawings filed on March 26, 2019 are acceptable for examination proceedings.

Specification
The disclosure is objected to because it contains an embedded hyperlink and/or other form of browser-executable code on Page 11: Paragraph 55. Applicant is required to delete the embedded hyperlink and/or other form of browser-executable code; references to websites should be limited to the top-level domain name without any prefix such as http:// or other browser-executable code. See MPEP § 608.01.
Note: Examiner failed to locate the document using the URL, perhaps submitting the document on an IDS would be more appropriate.

Claim Interpretation- 35 USC § 112, Sixth Paragraph
The following is a quotation of 35 U.S.C. 112(f):
(f) Element in Claim for a Combination. – An element in a claim for a combination may be expressed as a means or step for performing a specified function without the recital of structure, material, or acts 

The following is a quotation of pre-AIA  35 U.S.C. 112, sixth paragraph:
An element in a claim for a combination may be expressed as a means or step for performing a specified function without the recital of structure, material, or acts in support thereof, and such claim shall be construed to cover the corresponding structure, material, or acts described in the specification and equivalents thereof.

The claim in this application are given their broadest reasonable interpretation using the plain meaning of the claim language in light of the specification as it would be understood by one of ordinary skill in the art.  The broadest reasonable interpretation of a claim element (also commonly referred to as a claim limitation) is limited by the description in the specification when 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, is invoked. 
As explained in MPEP § 2181, subsection I, claim limitations that meet the following three-prong test will be interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph:
(A)	the claim limitation uses the term “means” or “step” or a term used as a substitute for “means” that is a generic placeholder (also called a nonce term or a non-structural term having no specific structural meaning) for performing the claimed function; 
(B)	the term “means” or “step” or the generic placeholder is modified by functional language, typically, but not always linked by the transition word “for” (e.g., “means for”) or another linking word or phrase, such as “configured to” or “so that”; and 
(C)	the term “means” or “step” or the generic placeholder is not modified by sufficient structure, material, or acts for performing the claimed function. 
Use of the word “means” (or “step”) in a claim with functional language creates a rebuttable presumption that the claim limitation is to be treated in accordance with 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph. The presumption that the claim limitation is 
Absence of the word “means” (or “step”) in a claim creates a rebuttable presumption that the claim limitation is not to be treated in accordance with 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph. The presumption that the claim limitation is not interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, is rebutted when the claim limitation recites function without reciting sufficient structure, material or acts to entirely perform the recited function. 
Claim limitations in this application that use the word “means” (or “step”) are being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, except as otherwise indicated in an Office action. Conversely, claim limitations in this application that do not use the word “means” (or “step”) are not being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, except as otherwise indicated in an Office action.
This application includes one or more claim limitations that do not use the word “means,” but are nonetheless being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, because the claim limitation uses a generic placeholder that is coupled with functional language without reciting sufficient structure to perform the recited function and the generic placeholder is not preceded by a structural modifier.  Such claim limitation is: “secure random number ID generator” in claims 1, and 5.
Because this claim limitation is being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, it is being interpreted to cover the corresponding structure described 
If applicant does not intend to have this limitation interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, applicant may:  (1) amend the claim limitation to avoid it being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph (e.g., by reciting sufficient structure to perform the claimed function); or (2) present a sufficient showing that the claim limitation recites sufficient structure to perform the claimed function so as to avoid it being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph.


Allowable Subject Matter
Dependent Claims 5-10 objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims.
The following is an examiner’s statement of reasons for allowance: 
Regarding dependent claims 5, and 7-8:
The closest prior art Brudnicki discloses:
“… provisioning a portable communication device toward ensuring secure operation of a software application on that portable communication device, and more particularly to a system and method for initially establishing and periodically confirming trust in the software application (Para 0002).
The second closest prior art Mardikar discloses:
“A client application on the App SE of a client device, with help of the Crypto SE, may generate a symmetric key and a MAC key. The application may 
The third closest prior art Kishi et al. (U.S. 2014/0362235 A1) discloses: 
“…the method of generating an application ID, the same method as that described above may be used where a random number and time information are combined. In this case, the time at which the application ID generation server 13 receives an application ID generation request from the terminal device 20 may be used for the time information. Alternatively, the application ID generation server 13 may generate an application ID from only a random number or time information or may generate a numerical sequence as an application ID. Alternatively, the application ID generation server 13 may manage the generated application ID in association with the address information of the terminal device 20” (Para 0146).
However the prior arts alone or in combination fails to teach or suggest the claimed limitation of:
Dependent claims 5 “...secure random number ID generator is further configured to generate a first random number key, RNK, by a RNKC (RN Key Card) tag pair, and wherein the RNK available to the user in one or more of: a local authorized kiosk; a cellphone service provider store; a common retail outlets or store; or vending machines where a RNKC will be presented or sold to the user”. 
Dependent claims 7 “...use that first key (RNK) to decrypt the message data; encrypt a first return message with the first key; and transmit the first return message and a postamble second key from the SDB; and the SUIT app is further configured to: decrypt the return message from the SDB with the first key; retrieve the second key; replace the first key with the second key; and encrypt the next secure message with the second key to the SDB”.
Dependent claims 8 “...transmit a request to a second SUIT app to transmit a secure message; receive an affirmative signal and a second ARNID from the second SUIT app, the second ARNID associated with the second SUIT; transmit a request for a transaction block for communication from the secure database (SDB), the request using the secure communication protocol which includes the ARNID and the second ARNID; and the SDB is configured to: retrieve the RNK associated with the ARNID and the RNK associated with the second ARNID; generate a random number communication key (RNCK); encode the RNKs to create two RNe's; transmit the two RNes to the SUIT to be used to decode and retrieve the RNCK; and the second SUIT is configured to use the RNEs to decode and retrieve the RNCK, wherein the first person can then encode his message with the RNCK to send to the second person, who decodes it with the RNCK”.
The dependent claim 6 which is dependent on the above dependent 5 is also allowed.
The dependent claims 9, and 10 which is dependent on the above dependent 8 are also allowed.
	 Any comments considered necessary by applicant must be submitted no later than the payment of the issue fee and, to avoid processing delays, should preferably accompany the issue fee.  Such submissions should be clearly labeled “Comments on Statement of Reasons for Allowance”.
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains.  Patentability shall not be negated by the manner in which the invention was made.

The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459 (1966), that are applied for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.

Claims 1- 4, and 11 are rejected under 35 U.S.C. 103 as being unpatentable over Brudnicki et al. (WO Patent Application Publication No.: WO 2014/201149 A1 / or “Brudnicki” hereinafter) in view of Upendra Mardikar (U.S. Patent Application Publication No.: US 9,852,418 B2 / or “Mardikar” hereinafter).
	
Regarding claim 1, Brudnicki “A secure communication system that comprises” (Abstract, Systems and methods of trust provision is disclosed): 
“a secure random number ID generator as part of a Secure Database (SDB) configured to” (Fig. 1b: System Management Back End 300”, Device 50 i.e., a “Smartphone”; and Fig. 6: Application Registry of System Management Back End 300 i.e., a “Secure Database”):
 “generate a [one-time pad random number] secure key (RN) ” (Para 0039, a Local authorization database provides with application an Issuer ID; and Para 0048, application may be authenticated by the Local authorization database); 
“and wirelessly distribute the RN to a user of a smartphone, wherein a secure user interface transaction (SUIT) app has been downloaded to the smartphone and the SUIT app has a unique application random number ID (ARNID)” (Para 0050, a compile token i.e., an “ARNID” associated with application is generated by the Device 50; where the compile token is generated by a pseudo-random number generator; Para 0037, where the communication takes place over-the-air); 
“and a personal assistant database configured to store the ARNID” (Fig. 6: Application Registry stores the compile token i.e., the “ARIND”).
Furthermore, Brudnicki discloses the Issuer ID to be unique (Para 0048).
But, Brudnicki fails to disclose the Issuer ID is a “one-time pad random number”.
However, generating a random number key would have been obvious (see Mardikar, Col 13:60-61, generated a random key of length greater than 256 bits).  
It would have been obvious to an ordinary person skilled in the art before the effective filing date of the claimed invention to employ the teachings of generating a random number key of Mardikar and using it to produce a compile token in the system of Brudnicki to create a system where the random number key can be used to generate symmetric key (Mardikar, Col 14:10-15) and the ordinary person skilled in the art would have been motivated to combine in order for an application to encrypt payload using the symmetric key (Mardikar, Col 14:10-15).

wherein the RN is greater or equal to 256 bits” (Mardikar, Col 13:60-61, generated a random key of length greater than 256 bits).

Regarding claim 3, in view of claim 1, Brudnicki in view of Mardikar disclose “wherein the RN is distributed through an interface of the SUIT app” (Mardikar, Col 13:60-61, generated a random key of length greater than 256 bits).

Regarding claim 4, in view of claim 3, Brudnicki discloses “wherein prior to the SUIT app being downloaded, the SUIT app is configured to request user authentication and verification user biometric data” (Brudnicki, Para 0066).

Regarding claim 11, Brudnicki “A method in a server, comprising” (Abstract, Systems and methods of trust provision is disclosed): 
“downloading a secure user interface transaction (SUIT) app to a smartphone)” (Para 0050, a compile token i.e., an “ARNID” associated with application is generated by the Device 50; where the compile token is generated by a pseudo-random number generator);
“assigning a unique application random number ID (ARNID) to the smartphone” (Para 0050, a compile token i.e., an “ARNID” associated with application is generated by the Device 50; where the compile token is generated by a pseudo-random number generator); 
“transmitting the ARNID to the smartphone for storage thereby” (Fig. 6: Application Registry stores the compile token i.e., the “ARIND” or the Device 50);
“generating a [one-time pad random number] secure key (RN) ” (Para 0039, a Local authorization database provides with application an Issuer ID; and Para 0048, application may be authenticated by the Local authorization database);
“and wirelessly distributing the RN to the smartphone” (Para 0037, where the communication takes place over-the-air).
Furthermore, Brudnicki discloses the Issuer ID to be unique (Para 0048).
But, Brudnicki fails to disclose the Issuer ID is a “one-time pad random number”.
However, generating a random number key would have been obvious (see Mardikar, Col 13:60-61, generated a random key of length greater than 256 bits).  
It would have been obvious to an ordinary person skilled in the art before the effective filing date of the claimed invention to employ the teachings of generating a random number key of Mardikar and using it to produce a compile token in the system of Brudnicki to create a system where the random number key can be used to generate symmetric key (Mardikar, Col 14:10-15) and the ordinary person skilled in the art would have been motivated to combine in order for an application to encrypt payload using the symmetric key (Mardikar, Col 14:10-15).

Relevant Prior Arts
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.
Kishi et al. (U.S. Patent No.: US 11,163,899 B2) discloses “…particular server generates the unique application ID. The application ID may be generated using random numbers, or may be generated using managed information such as serial numbers. The particular server transmits the generated application ID to the search terminal 30a that has transmitted the notification that the installation is completed. The search terminal 30a receives the application ID transmitted from the particular server, and the ID information storage unit 3104 stores the received application ID invisibly, for example, in the storage 3005” (Para 0379).
 Kishi et al. (U.S. 2014/0362235 A1) discloses “the method of generating an application ID, the same method as that described above may be used where a random number and time information are combined. In this case, the time at which the application ID generation server 13 receives an application ID generation request from the terminal device 20 may be used for the time information. Alternatively, the application ID generation server 13 may generate an application ID from only a random number or time information or may generate a numerical sequence as an application ID. Alternatively, the application ID generation server 13 may manage the generated 
Contact Information
Any inquiry concerning this communication or earlier communications from the examiner should be directed to ABDULLAH ALMAMUN whose telephone number is         (571) 270-3392.  The examiner can normally be reached on 8 AM - 5 PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Lynn Feild can be reached on (571) 272-2092.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/ABDULLAH ALMAMUN/Examiner, Art Unit 2431