DETAILED ACTION
	This Office Action is in response to the Amendment filed on 12/15/2021.

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Response to Arguments
Applicant’s arguments with respect to claims 1, 5 and 9 have been considered but are moot in view of the new ground(s) of rejection addressed below.

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1, 3-5 and 7-9 are rejected under 35 U.S.C. 103 as being unpatentable over Koike et al. (US 2016/0226843 A1-hereinafter Koike) and in view of Amarasinghe et al. (US 2006/0277539-A1-hereinafter Ama.)
Regarding claim 1, Koike discloses a secret key updating system comprising: 
([0023]-[0024][0034], a component of the system that collects information regarding i.e.: version, attack and vulnerability of software); 
an updating determination unit acquiring information about an application from a device in which the application is installed (i.e.: [0029], collectively at least updating unit,  reregister unit, and private key generating unit correspond to the recited ‘updating determination unit’  that acquires software information such as current version or latest version specified), acquiring the information about the vulnerability of the application from the vulnerability information collection unit, and determining whether or not the device is a key updating target device, a secret key of which needs to be updated, based on the information acquired from the device and the information acquired from the vulnerability information collection unit (at least [0023]-[0024][0034], i.e.: based on acquired information such as private key is leaked, lost and software is attacked and vulnerability is found, it is determined that the private key needs to be updated); and 
a vulnerability countermeasure completion determination unit determining whether or not a countermeasure for the vulnerability of the application installed in the device is completed (at least figure 4, steps s18-s22, [0041]-[0043], component of the system that determines whether latest version of software is installed and new private key is generated and registered), 
wherein the updating determination unit updates the secret key of the device in a case in which it is determined that the device is the key updating target device, and in which it is determined by the vulnerability countermeasure completion determination  when the file of the application is replaced with the patch file (at least figure 4, steps s18-s22, [0042][-[0043], private key is updated.) 
Koike does not explicitly disclose in a case in which the application is an application that does not need to be restarted after a file of the application is replaced with a patch file, determines that the countermeasure for the vulnerability of the application is completed when the file of the application is replaced with the patch file, and 4Docket No. J-20-0197 wherein, in a case in which the application is an application that needs to be restarted after a file of the application is replaced with a patch file, determines that the countermeasure for the vulnerability of the application is completed when the file of the application is replaced with the patch file, when process start time of the application is after creation date and time of each of a plurality of files constituting the application and when the application has been restarted.
However, Ama discloses in a case in which an application is an application that does not need to be restarted after a file of the application is replaced with a patch file, determines that countermeasure for vulnerability of the application is completed when the file of the application is replaced with the patch file (at least [0006]-[0010], patch/constraint is applied to running application without requiring restart or reboot), and 4Docket No. J-20-0197 wherein, in a case in which the application is an application that needs to be restarted after a file of the application is replaced with a patch file, determines that the countermeasure for the vulnerability of the application is completed when the file of the application is replaced with the patch file, when process start time of the application is after creation date and time of each of a plurality of files constituting the application (at least tables 2-3, [0120][0240], it is obvious that patching/counter measure for vulnerability is completed when timestamp of portable executable is after timestamp of constraint file created to ensure the latest version of constraint file is used to patch vulnerability.)
and when the application has been restarted (at least [0003], patch is created and replaces an executable file, restart the application or a reboot to activate the patch).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the invention to incorporate the feature discloses by Ama into the system of Koike to provide a technique for protecting software while also allow visibility of the effectiveness of a patch to customers (at least [0003]).


Regarding claim 3, Koike and Ama disclose the secret key updating system according to claim 1.  Koike also discloses a secret key information storage unit, in a case in which the countermeasure for the vulnerability of the application is completed, storing information about the secret key before completion of the countermeasure (at least figure 2; [0022], private key is stored), wherein, in a case in which it is determined that the device is the key updating target device, in which it is determined by the vulnerability countermeasure completion determination means unit that the countermeasure for the vulnerability of the application is completed, the updating determination means unit updates the secret key of the device with use of the newly generated secret key (at least figure 4, [0024][0043], when private key is determined to be leaked, the private key is replaced with the newly generated private key).
Koike and Ama do not explicitly disclose information about a newly generated secret key does not match the information stored in the secret key information storage unit.
However, it is obvious that the newly generated private key would not match the information (private key) stored in the secret key information storage unit, because in the case where private the key is leaked ([0024]), it would defeat the purpose of generating a new private key if the new private key matches the information (private key) stored.  As such, the newly generated private key does not match the information (private key) stored to protect the system. 


Regarding claim 4, Koike and Ama disclose the secret key updating system according to claim 1. Koike also discloses the updating determination means unit acquires from the device as the information about the application a version of the application ([0029][0034] [0042], software version is obtained) and a hash value of one of the plurality of files used while the application is activated ([0029][0073], hash of a component of application/software), 
acquires from the vulnerability information collection means unit as the information about the vulnerability of the application the version of the application (at least [0024], i.e.: current version of software is hacked or vulnerability is found), the hash value of the one of the plurality of files used while the application is activated ([0029][0073], hash of a component of application/software), and vulnerability presence/absence information indicating presence/absence of a risk of leakage of the secret key due to the application (at least [0024], i.e.: private key is leaked due to software is hacked or vulnerability is found), and determines whether or not the device is the key updating target device, the secret key of which needs to be updated, based on the information acquired from the device and the information acquired from the vulnerability information collection unit (at least figure 4, [0024][0042]-[0043], private key needs to be updated based on information received).

Claim 5 is rejected for the same rationale as claim 1 above.
Claim 7 is rejected for the same rationale as claim 3 above.
Claim 8 is rejected for the same rationale as claim 4 above.
Claim 9 is rejected for the same rationale as claim 1 above.

Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to PHY ANH TRAN VU whose telephone number is (571)270-7317. The examiner can normally be reached Monday-Friday 7 am-1 pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.

Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/PHY ANH T VU/Primary Examiner, Art Unit 2438