DETAILED ACTION

Notice of Pre-AIA  or AIA  Status
1. 	The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Response to Arguments
2. 	Applicant's arguments filed 10/26/2021 have been fully considered but they are not persuasive. 
A – Applicant argues: On page 15 of remarks the applicant respectfully submits that the Examiner has failed to establish prima facie obviousness of claim 19 because none of the cited art, either alone or in combination discloses, or even fairly suggests: (1) a slave station having a plurality of terminal devices connected thereto via a network and sharing keys with them; in combination with (2) a receiving unit for receiving a key request including communication device identification information identifying a communication device of the slave station, multiple pieces of terminal device identification information respectively identifying the plurality of terminal devices communicating with the communication device.

A – The Examiner respectfully disagrees: Miura teaches “a slave station having a plurality of terminal devices connected thereto via a network and sharing keys with them; in combination with a receiving unit for receiving a key request including communication device identification information identifying a communication device of the slave station”. (Miura, [0017], The wireless slave station 3 corresponds to a terminal device that accesses a server on the wireless LAN system via an access point (wireless master station 2). [0045], the communication method according to the present embodiment, before starting the secret communication, the authentication data is generated at each station using the information. [0004], the confidentiality of communication, each radio station independently generates a private key based on the delay profile of the radio wave propagation characteristics, and uses the shared secret key.). Mitsubishi-104 teaches “multiple pieces of terminal device identification information respectively identifying the plurality of terminal devices communicating with the communication device.” (Mitsubishi-104, [0019], The device authentication key providing unit 230 receives the ID data 391 of the manufacturing device 110 from the communication terminal 400 and transmits the device authentication key 293 generated by the device authentication key reproducing unit 240 to the communication terminal 400.). 
B - Applicant argues: On page 18 remarks the Applicant respectfully submits that the Examiners reliance on Kanemura is not explained…, in Claim 26 as recited, (1) an information request is sent to a first terminal device; then (2) an information response to the information request is received from an N-th terminal device – and (3) then from this information response a common key request unit in the communication device generates and transmits a key request to a key management apparatus. 
B – The Examiner respectfully disagrees: Kanemura teaches: “an information request is sent to a first terminal device” (Kanemura, [0775], The confirmation information individualizing unit 2140, upon receiving the first and second authenticity confirmation information from the authenticity confirmation information obtaining unit 2126, obtains the terminal ID 2200), Kanemura teaches: “then (2) an information response to the information request is received from an N-th terminal device” (Kanemura, [0010], a computer program, and an integrated circuit that can show having an authentic computer program, can request verification of the authenticity of itself, and can perform the verification in response to the request. [1153], a process concerning the selling of contents, and confirming the right information and outputting an encrypted content and a decryption key in response to a content playback request from a terminal device.) Kanemura teaches: “then from this information response a common key request unit in the communication device generates and transmits a key request to a key management apparatus.” (Kanemura, [0323], the terminal ID is identification information unique to each terminal, and the terminal common key is a key common to a plurality of terminals).

Applicant is reminded that claims must be given their broadest reasonable interpretation.
 

Claim Rejections - 35 USC § 103
3. 	The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.


4. 	Claims 19-26, 31-32 and 36-37 are rejected under 35 U.S.C. 103 as being unpatentable over Mitsubishi-104 (JP 5992104B2) and Kanemura (US 20090204806 A1) in view of Miura (JP 2008217497A).

5. 	Regarding Claim 19, Mitsubishi-104 discloses, a key management system for communicating a master station having a key management apparatus and a slave station having a plurality of terminal devices via a network and sharing keys with them, wherein the key management apparatus comprises: 
Mitsubishi-104 and Kanemura does not explicitly disclose the following limitations that Miura teaches:
a receiving unit for receiving a key request including communication device identification information identifying a communication device of the slave station (Miura, ¶[0017], The wireless communication system 1 is composed of, for example, one wireless master station 2 and a plurality of wireless slave stations 3 (radio slave stations 3A, 3B, ..., 3N are described in FIG. 1). ¶[0018], each wireless slave station 3 needs to perform an authentication process with the wireless master station 2 in order to communicate in the wireless communication system 1),
It would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to include a slave station and a master station to communicate between the sharing keys and terminal devices to enhance security.
Mitsubishi-104,  ¶[0019], The key management server 200 includes a device authentication key providing unit 230 (an example of an identifier data receiving unit and a device reproduction key transmitting unit. The device authentication key providing unit 230 receives the ID data 391 of the manufacturing device 110 from the communication terminal 400 and transmits the device authentication key 293 generated by the device authentication key reproducing unit 240 to the communication terminal 400.The device authentication key reproduction unit 240 generates a device format key 294 using the manufacturer key 292 and the ID data 391, and generates a device authentication key 293 using the device format key 294 and the ID data 391. The device authentication key playback unit 240 includes a device format key playback unit 241 that generates a device format key 294.). ¶[0028], The authentication data generation unit 111 receives the challenge data 421 from the communication terminal 400, generates the authentication data 112 using the challenge data 421, the ID data 391, and the device authentication key 392, and transmits the authentication data 112 to the communication terminal 400); a device key generation unit for generating a communication device unique key of the communication device using the communication device identification information included in the key request (Mitsubishi-104, ¶[0013],The device authentication system 100 includes a key management server 200 (an example of a maker key generation device and a device reproduction key generation device) of a business operator 120, a device management device 300 (an example of a device key generation device) of an equipment manufacturer 130, and an installation home. 140 communication terminals 400 (an example of a cooperative authentication apparatus).), 
Mitsubshi-104 does not explicitly disclose the following lilmitations that Kanemura teaches:
and generating the terminal device unique key for the plurality of terminal devices using the multiple pieces of terminal device identification information included in the key request; (Kanemura, ¶[1381], The terminal device 3416 is loaded with a carrier-provided TPM 3417, and stores an encrypted program 3418 and a carrier public key 3419. ¶[1389], the terminal device has been generated by encrypting a program using the terminal unique key. ¶[0323], The terminal ID is identification information unique to each terminal, and the terminal common key is a key common to a plurality of terminals.); 
Mitsubshi-104 does not explicitly disclose the following lilmitations that Kanemura teaches:
an authentication information verification unit for verifying the challenge and the response using the generated terminal device unique keys(Kanemura, ¶[0848-0849], Alternatively, the card may obtain a key unique to the program (a key unique to firmware) to confirm the authenticity of the terminal. Still alternatively, the card may perform a challenge-response authentication to confirm the authenticity of the terminal.);85/97 
Mitsubshi-104 does not explicitly disclose the following lilmitations that Kanemura teaches:
a common key generation unit for generating a common key shared by the communication device and the plurality of terminal devices when verification is successful by the authentication information verification unit (Kanemura, ¶[0323],  The terminal ID is identification information unique to each terminal, and the terminal common key is a key common to a plurality of terminals. Here, the encryption-purpose converted value is obtained, for example, by concatenating the terminal ID with the terminal common key, and applying a one-way function to a value obtained by the concatenation. Another calculation method is to encrypt the terminal ID by the secret key encryption method, using the terminal common key as the encryption key. [1476], When all the verifications are successful, the terminal device 3600 can operate normally); 
Mitsubshi-104 does not explicitly disclose the following lilmitations that Kanemura teaches:
an encrypted common key generation unit for generating an encrypted common key obtained by encrypting the common key with the communication device unique key and encrypting the common key with the terminal device unique keys for the plurality of terminal devices (Kanemura, ¶[0323], The terminal ID is identification information unique to each terminal, and the terminal common key is a key common to a plurality of terminals. Here, the encryption-purpose converted value is obtained, for example, by concatenating the terminal ID with the terminal common key, and applying a one-way function to a value obtained by the concatenation. An other calculation method is to encrypt the terminal ID by the secret key encryption method, using the terminal common key as the encryption key.); 
Mitsubshi-104 does not explicitly disclose the following lilmitations that Kanemura teaches:
a key response generation unit for generating a key response including the encrypted common key(Kanemura, ¶[0323],The terminal ID is identification information unique to each terminal, and the terminal common key is a key common to a plurality of terminals. using the terminal common key as the encryption key.); 
It would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to include a terminal device wherein the ID information generates unique keys and common keys to transmit the response to the communication device to enhance security.
and a transmitting unit for transmitting the key response to the communication device (Mitsubishi-104, ¶[0019], The key management server 200 includes a device authentication key providing unit 230 (an example of an identifier data receiving unit and a device reproduction key transmitting unit) and a device authentication key reproducing unit 240 (an example of a device reproduction key generating unit).The device authentication key providing unit 230 receives the ID data 391 of the manufacturing device 110 from the communication terminal 400 and transmits the device authentication key 293 generated by the device ).  

6. 	Regarding Claim 20, Mitsubishi-104, Kanemura and Miura disclose, the key management system according to claim 19, wherein the key management apparatus and the plurality of terminal devices are manufactured by a plurality of manufacturers and the key management system is configured by combining the devices (Mitsubishi-104 ¶[0087], The key management server 200 includes a list reference unit 250 that refers to the valid list 295. The valid list 295 and the invalid list 296 indicate a combination of a manufacturer ID or at least one of a generation number, a device type ID, a lot number, and a device ID, and the manufacturer ID), and the common key generation unit generates a first manufacturer reproduction key using first manufacturer identification information identifying a manufacturer of the terminal device included in the key request (Mitsubishi-104, Claim 17, A manufacturer key generation unit generates a manufacturer key as a common key for the device manufacturer using a master key for generating a common key and a manufacturer identifier for identifying a device manufacturer that manufactures the manufacturing device.  ¶[0008], A device reproduction key generation unit that generates a device reproduction key as a common key for the manufacturing device using the manufacturer identifier), generates the communication device unique key using the first manufacturer reproduction key and the communication device identification 86/97 information included in the key request (Mitsubishi-104, ¶[0019], The device authentication key providing unit 230 receives the ID data 391 of the manufacturing device 110 from the communication terminal 400 and transmits the device authentication key 293 generated by the device authentication key reproducing unit 240 to the communication terminal 400. The device authentication key reproduction unit 240 generates a device format key 294 using the manufacturer key 292 and the ID data 391, and generates a device authentication key 293 using the device format key 294 ), generates a plurality of manufacturer reproduction keys using multiple pieces of manufacturer identification information for respectively identifying the manufacturers of the plurality of terminal devices included in the key request, and generates the terminal device unique keys for the plurality of terminal devices using the plurality of manufacturer reproduction keys and the multiple pieces of terminal device identification information included in the key request (Mitsubishi-104 Claim 1, An identifier data receiving unit that receives the manufacturer identifier and the device identifier from the cooperative authentication device; A device reproduction key generation unit that generates a device reproduction key as a common key for the manufacturing device using the manufacturer identifier received by the identifier data reception unit and the device identifier received by the identifier data reception unit And a device authentication system.).  

7. 	Regarding Claim 21, Mitsubishi-104, Kanemura and Miura disclose, 
Mitsubshi-104 does not explicitly disclose the following limitations that Kanemura teaches:
the key management system according to claim 19, wherein in the response, the first terminal device generates a first response by encrypting the challenge with a first terminal device unique key, the second terminal device generates a second response by encrypting the first response with a second terminal device unique key, further, the same process is sequentially performed by the plurality of terminal devices until an N-th terminal device generates an N-th response by encryption with an N-th terminal device unique key, and the N-th response is transmitted to the master station (Kanemura-104, ¶[0439], Upon receiving the second terminal ID from the card 2002 via the network connected terminal 2003, the server 2004 obtains a first terminal ID which is associated with the received second terminal ID, from the management table T2000. The server 2004 generates individually encrypted secret information using the obtained first terminal ID.).  
It would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to include a challenge that decrypts the response using a sequence of terminal device and verifies the challenge to enhance security. 

8. 	Regarding Claim 22, Mitsubishi-104, Kanemura and Miura disclose, the key management system according to claim 20, 
Mitsubshi-104 does not explicitly disclose the following limitations that Kanemura teaches:
wherein in the response, the first terminal device generates a first response by encrypting the challenge with the first terminal device unique key, the second terminal device generates a second response by encrypting the first response with the second terminal device unique key, further, the same process is sequentially performed by the plurality of terminal devices until an N-th terminal device generates an N-th response by encryption with an N-th terminal device unique key, and the N-th response is transmitted to the master station (Kanemura, ¶[0011], an authentication system composed of a requesting device and a verifying device, the requesting device requesting verification from the verifying device, the requesting device including: a storage unit storing a plurality of computer programs that are to run on the requesting device, the computer programs being hierarchically related to each other; a measuring unit operable to, each time one of the plurality of computer programs is loaded. [0082], FIG. 43 shows the operation and data flow in the mutual authentication between the terminal device. ¶[1475],  the verification of authenticity of the application layer are performed in sequence. ¶[0896], the BIOS 3109 is a program that is executed first, the RTM code (the CRTM 3163 shown in FIG. 29) included in the BIOS 3109 is different from RTM codes included in other programs).  
It would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to include an authentication code that performs a terminal device to generate the code and uses the same sequence as the terminal device to include in the response to enhance security.



9. 	Regarding Claim 23, Mitsubishi-104, Kanemura and Miura disclose, the key management system according to claim 21, 
Mitsubshi-104 does not explicitly disclose the following lilmitations that Kanemura teaches:
wherein87/97 the authentication information verification unit generates a challenge by decrypting the response included in the key request by sequentially using the N-th terminal device unique key to the first terminal device unique key which are generated by the common key generation unit (Kanemura, ¶[0849], the card may perform a challenge-response authentication to confirm the authenticity of the terminal. when the authentication of a terminal by the card (step S1003 shown in FIG. 10) results in OK, the card outputs a key used for decrypting the content.) ,
It would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to decrypt the challenge response within the authentication information by using the terminal device to enhance security.
and verifies whether the generated challenge matches the challenge included in the key request (Mitsubishi-104, ¶[0059], The authentication data generation unit 111 compares the comparison data with the authentication data 112 (data received from the manufacturing apparatus 110 in S424). When the comparison data and the authentication data 112 match, the authentication data 112 is correct data, and the manufacturing device 110).  

10. 	Regarding Claim 24, Mitsubishi-104, Kanemura and Miura disclose, the key management system according to claim 19, 
Mitsubshi-104 does not explicitly disclose the following limitations that Kanemura teaches:
wherein in the response, the first terminal device generates a first authentication code for the challenge with the first terminal device unique key, the second terminal device generates a second authentication code for the first authentication code with the second terminal device unique key, further, the same process is sequentially performed by the plurality of terminal devices until an N-th terminal device generates an N-th authentication code with an N-th terminal device unique key, and the N-th authentication code is included in the response (Kanemura, ¶[0011], an authentication system composed of a requesting device and a verifying device, the requesting device requesting verification from the verifying device, the requesting device including: a storage unit storing a plurality of computer programs that are to run on the requesting device, the computer programs being hierarchically related to each other; a measuring unit operable to, each time one of the plurality of computer programs is loaded. [0082], FIG. 43 shows the operation and data flow in the mutual authentication between the terminal device. ¶[1475],  the verification of authenticity of the application layer are performed in sequence. ¶[0896], the BIOS 3109 is a program that is executed first, the RTM code (the CRTM 3163 shown in FIG. 29) included in the BIOS 3109 is different from RTM codes included in other programs).  
It would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to include an authentication code that performs a terminal device to generate the code and uses the same sequence as the terminal device to include in the response to enhance security.

11. 	Regarding Claim 25, Mitsubishi-104, Kanemura and Miura disclose, the key management system according to claim 24, 
Mitsubshi-104 does not explicitly disclose the following lilmitations that Kanemura teaches:
wherein the authentication information verification unit generates an authentication code by sequentially using the88/97 first terminal device unique key to the N-th terminal device unique key which are generated by the common key generation unit, and verifies whether the generated authentication code matches the Kanemura, ¶[0882], An authentication system 3000 in Embodiment 1 is composed of, as shown in FIG. 28, a terminal device (requesting device) 3001, a CA server device (verifying device) 3002, and a TPM server device 3003. ¶[0605], The device key individualizing unit 2041 b generates the individually encrypted device key by encrypting a device key by the secret encryption method, using, as the secret key, the value generated by the conversion method shown in FIG. 17 in the above-described embodiment, and also using the terminal common key ).  


12. 	Regarding Claim 26, Mitsubishi-104, Kanemura and Miura disclose, 
Mitsubshi-104 does not explicitly disclose the following lilmitations that Kanemura teaches:
a communication device sharing a key between first to N-th terminal devices provided in a product, wherein the communication device has configuration information storing network information of each of the first to N-th terminal devices, and comprises: an information request unit for generating an information request and transmitting the information request to the first terminal device with reference Kanemura, ¶[0015], the obtain unit may obtain certification information that was generated in accordance with an amount of characteristics stored in a platform configuration register specified by the verifying device, and the judging unit makes the judgment on authenticity of the requesting device, using the obtained certification information and an amount of characteristics to be stored in the platform configuration register.); 
Mitsubshi-104 does not explicitly disclose the following lilmitations that Kanemura teaches:
a receiving unit for receiving an information response to the information request from the N-th terminal device (Kanemura, ¶[0293], a receiving unit operable to receive an information access request from an information processing device. ¶[0019], information for requesting verification of authenticity of the requesting device, based on at least the second amount of characteristics); 
Mitsubshi-104 does not explicitly disclose the following lilmitations that Kanemura teaches:
a common key request unit for generating a key request from the information response and transmitting the key request to a key management apparatus (Kanemura, ¶[0429], In the above-described Modification 1, a converted value (an encryption-purpose converted value or a decryption-purpose converted value) generated from the terminal ID and terminal common key is used when the secret information is encrypted or decrypted); 
Mitsubshi-104 does not explicitly disclose the following lilmitations that Kanemura teaches:
a receiving unit for receiving an encrypted common key to the key request from the key management apparatus (Kanemura, ¶[0034], The above-stated secret information may be an encrypted device key that was generated by encrypting a device key, the requesting device further comprises an encrypting unit, the receiving unit receives the encrypted device key ); 
Mitsubshi-104 does not explicitly disclose the following lilmitations that Kanemura teaches:
a common key decryption unit for decrypting a first encrypted common key included in the encrypted common key using a communication device unique key of the communication device 89/97 and obtaining the common key (Kanemura, ¶[0318], The terminal 2001 has a device key and a program (herein after referred to as a content key decryption program) that is used to decrypt an encrypted content key. [0345], a decryption-purpose converted value using the obtained terminal ID and terminal common key, in the same manner as the server 2004 calculates the encryption-purpose ); 
Mitsubshi-104 does not explicitly disclose the following lilmitations that Kanemura teaches:
and a common key distribution unit for transmitting other encrypted common keys included in the encrypted common key to the first to N-th terminal devices with reference to the configuration information (Kanemura, ¶[0826],  the device key distribution system 2100 updates the individually encrypted program and the content key decryption program for the terminal 2101 with a service person in steps S2540 through S2545 and steps S2585 through S2590 shown in FIG. 26. However, the present invention is not limited to this structure. ¶[0858], In each Modifications 2, 3 and 4 described above, each device key distribution system may use the second terminal ID, as is the case with (6-1) or (6-2) in “(A-1-6) Other Modifications” described above. ).  
It would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to include a receiving unit that revieces the information from the response and executes the terminal device by using a common key to decrypt and first encrypted common key to enhance security.

15. 	Regarding Claim 31, Mitsubishi-104, Kanemura and Miura disclose,  
Mitsubishi-104 and Kanemura does not explicitly disclose the following limitation’s that Miura teaches: 
a key sharing method for sharing keys between a slave station having a communication device and first to N-th terminal devices and a master station communicating with the slave station via a network (Miura, ¶[0017], The wireless communication system 1 is composed of, for example, one wireless master station 2 and a plurality of wireless slave stations 3 (radio slave stations 3A, 3B, ..., 3N are described in FIG. 1). ¶[0018], each wireless slave station 3 needs to perform an authentication process with the wireless master station 2 in order to communicate in the wireless communication system 1), 
It would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to include a slave station and a master station to communicate between the sharing keys and terminal devices to enhance security.

Mitsubishi-104 does not explicitly disclose the following limitation’s that Kanemura teaches: 
Kanemura, ¶[0160], The card interface 0204 is an interface which connects the card 0107 with the terminal A 0102. A program that runs in the processor 0201 can perform communication with the card 0107 by performing communication with the card interface 0204. A program that runs in the terminal A 0102 always uses the card interface 0204 to perform communication with the card 0107. In the following description, description of the card interface), and the N-th terminal device generates an N-th information response and transmits it to the92/97 communication device, the communication device generates a key request from the N-th information response and transmits it to a key management apparatus (Mitsubishi-104, ¶[0019], The key management server 200 includes a device authentication key providing unit 230 (an example of an identifier data receiving unit and a device reproduction key transmitting unit) and a device authentication key reproducing unit 240 (an example of a device reproduction key generating unit). The device authentication key providing unit 230 receives the ID data 391 of the manufacturing device 110 from the communication terminal 400 and transmits the device authentication key 293 generated by the device authentication key reproducing unit 240 to the communication terminal 400 ), the key request includes communication device identification information for identifying the communication device, first to N-th pieces of terminal device identification information for respectively identifying the first to N-th terminal devices communicating with the communication device (Mitsubishi-104, ¶[0072], The communication terminal 400 includes a verification request unit 431 (an example of an identifier data transmission unit and an authentication data transmission unit) instead of the device authentication key acquisition unit 430 described in the first embodiment (see FIG. 5).), a challenge generated by the communication device, and a response respectively generated by the first to N-th terminal devices using the respective terminal device unique keys with respect to the challenge, the key management apparatus generates a communication device unique key of the communication device using the communication device identification information included in the key request, generates the terminal device unique keys of the first to N-th terminal devices using the first to N-th pieces of terminal device identification information included in the key request, verifies the challenge and the response using the generated terminal device unique keys (Mitsubishi-104, ¶[0028], The manufacturing device 110 includes an authentication data generation unit 111 and a device storage unit 119. The authentication data generation unit 111 receives the challenge data 421 from the communication terminal 400, generates the authentication data 112 using the challenge data 421, the ID data 391, and the device authentication key 392, and transmits the authentication data 112 to the communication terminal 400. To do. The challenge data 421 is data for generating the authentication data 112. The authentication data 112 is data used for authentication processing for the manufacturing equipment 110.), 
Mitsubishi-104 does not explicitly disclose the following limitation’s that Kanemura teaches: 
and if the verification is successful, generates a common key shared by the communication device and the first to N-th terminal devices and encrypts the generated common key with the communication device unique key (Kanemura, ¶[0021], The above-stated verifying device may be a card storing second certification information for certifying authenticity of the verifying device itself, and the generation unit, when the verifying device has confirmed authenticity of the requesting device successfully, obtains the second certification information from the verifying device, and judges, using the obtained second certification information, whether or not the verifying device is authentic.), 
Mitsubishi-104 does not explicitly disclose the following limitation’s that Kanemura teaches: 
and encrypts the common key with the terminal93/97 device unique key of the first to N-th terminal devices to generate an encrypted common key, generates a key response including the encrypted common key, and transmits it to the communication device, the communication device decrypts the encrypted common key for the communication device with the communication device unique key and obtains the common key, transmits the encrypted common key to the first to N-th terminal devices (Kanemura, ¶[0323], As shown in FIG. 17, the server 2004 calculates a value (herein after referred to as encryption-purpose converted value) converted from a terminal ID and a terminal common key (step S2000). The terminal ID is identification information unique to each terminal, and the terminal common key is a key common to a plurality of terminals. Here, the encryption-purpose converted value is obtained, for example, by concatenating the terminal ID with the terminal common key), 

Mitsubishi-104 does not explicitly disclose the following limitation’s that Kanemura teaches: 
Kanemura, ¶[0631], the individually encrypted device key associated with the terminal. The secret information decrypting unit 2014 b also obtains the terminal ID from the ID storage unit 2010 b. The secret information decrypting unit 2014 b generates a device key by decrypting the individually encrypted device key using the obtained terminal ID and the terminal common key. ).  
	It would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to include a common key generation that would share communication between device and authenticate the verification unit also to encrypt the common key to enhance security.

16. 	Regarding Claim 32, Mitsubishi-104, Kanemura and Miura disclose, the key sharing method according to claim 31, wherein the key management apparatus and the first to N-th terminal devices are manufactured by a plurality of manufacturers, and the key management apparatus generates a first manufacturer reproduction key using first manufacturer identification information identifying a manufacturer of the communication device included in the key request (Mitsubishi-104, ¶[0013-0014], The device authentication system 100 includes a key management server 200 (an example of a maker key generation device and a device reproduction key generation device) of a business operator 120. The business operator 120 is a business operator who uses the manufacturing equipment 110, and the power company is an example of the business operator 120. The business operator 120 includes a key management server 200.The device manufacturer 130 is a person who manufactures the manufacturing device 110. The device manufacturer 130 includes a device management apparatus 300.), generates the communication device unique key using the first manufacturer reproduction key and the communication device identification information included in the key request (Mitsubishi-104, ¶[0019], The device authentication key providing unit 230 receives the ID data 391 of the manufacturing device 110 from the communication terminal 400 and transmits the device authentication key 293 generated by the device authentication key reproducing unit 240 to the communication terminal 400.The device authentication key reproduction unit 240 generates a device format key 294 using the manufacturer key 292 and the ID data 391, and generates a device authentication key), 94/97 generates a plurality of manufacturer reproduction keys using multiple pieces of manufacturer identification information for respectively identifying the manufacturers of the first to N-th terminal Mitsubishi-104, Claim 5, The cooperative authentication device includes the manufacturer identifier transmitted by the identifier data transmission unit, the device identifier transmitted by the identifier data transmission unit, the device reproduction key received by the device reproduction key reception unit), and generates the terminal device unique keys of the first to N-th terminal devices using the plurality of manufacturer reproduction keys and the first to N-th pieces of terminal device identification information included in the key request (Mitsubishi-104, ¶[0108], In S432-1, the device authentication key reproduction unit 240 of the key management server 200 determines that the device format key 294 associated with the same ID data as the ID data 391 (excluding the device ID 135) is the key management. When the corresponding device format key 294 is stored in the key management storage unit 290 (YES), the device authentication key reproduction unit 240 acquires the corresponding device format key 294 from the key management storage unit 290, and the process proceeds to S434).  

17. 	Regarding Claim 36, Mitsubishi-104, Kanemura and Miura disclose, the key sharing method according to claim 31, wherein in the response, the first terminal device generates a first authentication code for the challenge with a first terminal Mitsubishi-104, ¶[0028], The authentication data generation unit 111 receives the challenge data 421 from the communication terminal 400, generates the authentication data 112 using the challenge data 421, the ID data 391, and the device authentication key 392, and transmits the authentication data 112 to the communication terminal 400. ¶[0051], In S423, the authentication data generation unit 111 of the manufacturing apparatus 110 receives the challenge data 421 from the communication terminal 400. The authentication data generation unit 111 uses the challenge data 421 and the ID data 391 (or a part of the ID data 391) to generate authentication data 112 (response) by the challenge / response authentication method.).  

18. 	Regarding Claim 37, Mitsubishi-104, Kanemura and Miura disclose, the key sharing method according to claim 36, wherein the key management apparatus generates an authentication code for the challenge included in the key request by sequentially Mitsubishi-104, ¶[0028], The authentication data generation unit 111 receives the challenge data 421 from the communication terminal 400, generates the authentication data 112 using the challenge data 421, the ID data 391, and the device authentication key 392, and transmits the authentication data 112 to the communication terminal 400. ¶[0115],  ID data, 392 device authentication key, 393 device format key, 400 communication terminal 410 ID data acquisition unit 420 Authentication data acquisition unit 421 Challenge data 430 Device authentication key acquisition unit 431 Verification request unit 440 Authentication data verification unit 480).  


19. 	Claims 30 and 38 are rejected under 35 U.S.C. 103 as being unpatentable over Mitsubishi-104 (JP 5992104B2), Kanemura (US 20090204806 A1) and Miura (JP 2008217497 A) in view of Nakahara (EP 1603044 B1).

20. 	Regarding Claim 30, Mitsubishi-104, Kanemura, Miura and Nakahara disclose, 
Mitsubishi-104, Kanemura and Miura does not explicitly disclose the following limitations that Nakahara teaches:
the communication device according to any one of claims 26, wherein91/97 the plurality of terminal devices are formed to be divided into a plurality of domains, the communication device includes, for each of the domains, configuration information storing network information of each of the plurality of terminal devices present in the domain, and is configured to perform, for each of the domains, transmission of the information request by the information request unit, transmission of the key request by the common key request unit, decryption of the common key by the common key decryption unit, and transmission of the encrypted common key by the common key distribution unit (Nakahara, ¶[0041], a domain information storage unit 111 for storing domain information; a domain key storage unit 112 for storing a domain key; a communication unit 101 for communicating with the terminal device 300; a domain information enrollment unit 102 for enrolling the domain information in the domain information storage unit 111; a domain judgment unit 103 for judging the domain to which the terminal device 300 belongs. ¶[0107], When the terminal device 300 receives the domain key transmission message via the communication unit 301 (step S1933), the domain identifier and domain key included in the domain key transmission message are extracted, and stored into the domain key. [0013], Also, the terminal device further belongs to a second domain which differs from the first domain. The first domain key in the case where the duplicate data is associated with the first domain, or (ii) the second domain key in the case where the duplicate data is associated with the second domain, and when said decryption unit decrypts the encrypted duplicate data stored into the storage medium, said decryption unit uses the first domain key ).  

21. 	Regarding Claim 38, Mitsubishi-104, Kanemura, Miura and Nakahara disclose, 
Mitsubishi-104, Kanemura and Miura does not explicitly disclose the following limitations that Nakahara teaches:
the key sharing method according to any one of claims 31, wherein the plurality of terminal devices are formed to be divided into a plurality of domains, and the communication device is configured to perform, for each of the domains, transmission of the information request, transmission of the key request, decryption of the common key, and transmission of the encrypted common key (Nakahara, ¶[0041], a domain information storage unit 111 for storing domain information; a domain key storage unit 112 for storing a domain key; a communication unit 101 for communicating with the terminal device 300; a domain information enrollment unit 102 for enrolling the domain information in the domain information storage unit 111; a domain judgment unit 103 for judging the domain to which the terminal device 300 belongs. ¶[0107], When the terminal device 300 receives the domain key transmission message via the communication unit 301 (step S1933), the domain identifier and domain key included in the domain key transmission message are extracted, and stored into the domain key. [0013], Also, the terminal device further belongs to a second domain which differs from the first domain. The first domain key in the case where the duplicate data is associated with the first domain, or (ii) the second domain key in the case where the duplicate data is associated with the second domain, and when said decryption unit decrypts the encrypted duplicate data stored into the storage medium, said decryption unit uses the first domain key).
It would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to divide a group of domains from the terminal and have the communication device perform the requested information to enhance security.

22. 	Claims 27-29 and 33-35 are rejected under 35 U.S.C. 103 as being unpatentable over Mitsubishi-104 (JP 5992104B2),Kanemura (US 20090204806 A1) and Miura (JP 2008217497A)in view of Ikeya, (US 2020/0067717).

23. 	Regarding Claim 27, Mitsubishi-104, Kanemura, Miura and Ikeya disclose, the communication device according to claim 26, 
Mitsubishi-104, Kanemura and Miura does not explicitly disclose the following limitations that Ikeya teaches:
wherein the information request includes a challenge generated by the communication device and the configuration information, the information response includes first to N-th pieces of terminal device identification information for respectively identifying the first to N-th terminal devices, and a response respectively generated by the first to N-th terminal devices using the respective terminal device unique keys with respect to the challenge, and the key request includes the challenge, the response, communication device identification information for identifying the communication device, and the first to N-th pieces of terminal device identification information (Ikeya, ¶[0045-0046],  authentication device 2 generates a challenge when receiving an authentication request from terminal device 1, and transmits a response including the generated challenge and the encryption key generation rule to terminal device. a response included in the response authentication request according to key information, and performs authentication of terminal device 1 by a terminal identifier associated with the key information stored in authentication device 2. FIG. 2 is a schematic block diagram illustrating one example of a hardware configuration of terminal device 1 according to the first example embodiment.).  

13. 	Regarding Claim 28, Mitsubishi-104, Kanemura, Miura and Ikeya disclose, 
Mitsubishi-104 does not explicitly disclose the following limitations that Kanemura teaches:
the communication device according to claim 27, wherein in the response, the first terminal device generates a first response by encrypting the challenge with a first terminal device unique key,90/97 the second terminal device generates a second response by encrypting the first response with a second terminal device unique key, further, the same process is sequentially performed in each of the terminal devices until an N-th terminal device generates an N-th response by encryption with an N-th terminal device unique key, and the N-th response is included in the response (Kanemura, ¶[0011], an authentication system composed of a requesting device and a verifying device, the requesting device requesting verification from the verifying device, the requesting device including: a storage unit storing a plurality of computer programs that are to run on the requesting device, the computer programs being hierarchically related to each other; a measuring unit operable to, each time one of the plurality of computer programs is loaded. [0082], FIG. 43 shows the operation and data flow in the mutual authentication between the terminal device. ¶[1475],  the verification of authenticity of the application layer are performed in sequence. ¶[0896], the BIOS 3109 is a program that is executed first, the RTM code (the CRTM 3163 shown in FIG. 29) included in the BIOS 3109 is different from RTM codes included in other programs).  

It would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to include a challenge that is encrypted to generate the response using the first terminal and unique key to enhance security.
  
14.	Regarding Claim 29, Mitsubishi-104, Kanemura, Miura and Ikeya disclose, 
Mitsubishi-104 does not explicitly disclose the following limitations that Kanemura teaches:
the communication device according to claim 27, wherein in the response, the first terminal device generates a first authentication code for the challenge with a first terminal device unique key, the second terminal device generates a second authentication code for the first authentication code with a second terminal device unique key, further, the same process is sequentially performed in each of the terminal devices until the Kanemura, ¶[0011], an authentication system composed of a requesting device and a verifying device, the requesting device requesting verification from the verifying device, the requesting device including: a storage unit storing a plurality of computer programs that are to run on the requesting device, the computer programs being hierarchically related to each other; a measuring unit operable to, each time one of the plurality of computer programs is loaded. [0082], FIG. 43 shows the operation and data flow in the mutual authentication between the terminal device. ¶[1475],  the verification of authenticity of the application layer are performed in sequence. ¶[0896], the BIOS 3109 is a program that is executed first, the RTM code (the CRTM 3163 shown in FIG. 29) included in the BIOS 3109 is different from RTM codes included in other programs).  
It would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to include an authentication code generating the challenge with the terminal device unique key included in the response. 


24. 	Regarding Claim 33, Mitsubishi-104, Kanemura, Miura and Ikeya disclose, 
Mitsubishi-104 Kanemura and Miura does not esxplicitly disclose the following limitations that Ikeya:
the key sharing method according to claim 31, wherein in the response included in the key request, the first terminal device generates a first response by encrypting the challenge with a first terminal device unique key, the second terminal device generates a second response by encrypting the first response with a second terminal device unique key, further, the same process is sequentially performed in each of the terminal devices until the N-th terminal device generates an N-th response by encryption with an N-th terminal device unique key, and the N-th response is included in the response (Ikeya, ¶[0094-0095], Challenge generation unit 205 transmits, to terminal device 1, a response including the generated challenge and encryption key generation rule.  Key information decryption unit 206 acquires, when receiving a response authentication request, the terminal identifier of terminal device 1 included in a response, by referring to the key information stored in key information storage unit 201 and decrypting the response according to the key information.).  


25. 	Regarding Claim 34, Mitsubishi-104, Kanemura, Miura and Ikeya disclose, 
Mitsubishi-104 Kanemura and Miura does not esxplicitly disclose the following limitations that Ikeya:
the key sharing method according to claim 32, wherein in the response included in the key request, the first terminal device generates a first response by encrypting the challenge with a first terminal device unique key, the second terminal device generates a second response by encrypting the first response with a second terminal device unique key, further, the same process is sequentially performed in each of the terminal devices until the N-th terminal device generates an N-th response by encryption with an N-th terminal device unique key, and the N-th response is included in the response (Ikeya, ¶[0094-0095], Challenge generation unit 205 transmits, to terminal device 1, a response including the generated challenge and encryption key generation rule.  Key information decryption unit 206 acquires, when receiving a response authentication request, the terminal identifier of terminal device 1 included in a response, by referring to the key information stored in key information storage unit 201 and decrypting the response according to the key information.).  
	It would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to encrypt the challenge with the first terminal and use the second terminal for processing and to encrypt the terminal device and unique key to enhance security.

26. 	Regarding Claim 35, Mitsubishi-104, Kanemura, Miura and Ikeya disclose, 
Mitsubishi-104, Kanemura and Miura does not esxplicitly disclose the following limitations that Ikeya:
the key sharing method according to claim 33, wherein the key management apparatus generates a challenge by95/97 respectively decrypting the response included in the key request by sequentially using the generated N-th terminal device unique key to the generated first terminal device unique key, and verifies whether the generated challenge matches the challenge included Ikeya, ¶[0067], Response generation unit 108 decrypts, by the decryption key generated by decryption key generation unit 107, the encrypted key information stored in key information storage unit 101. Response generation unit 108 encrypts, by using the decrypted key information, a challenge included in the response received from authentication device 2, and generates a response. Here, the response includes a terminal identifier. Response generation unit 108 transmits the generated response to authentication device 2 as a response authentication request.).  
	
Conclusion
27. THIS ACTION IS MADE FINAL.  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to MAYASA SHAAWAT whose telephone number is (571)272-3939.  The examiner can normally be reached on M-F, 8 AM TO 5 PM. 
If attempts to reach the examiner by telephone are unsuccessful, the examiner's supervisor, JEFFREY PWU can be reached on (571)272-6789. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the 





/MAYASA SHAAWAT/
Examiner, Art Unit 2433

/William J. Goodchild/Primary Examiner, Art Unit 2433