Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

DETAILED ACTION
The IDS of 10/19/2020 was received and considered.
Claims 29-48 are pending.

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 29-35, 37, 42-45 and 47-48 are rejected under 35 U.S.C. 103 as being unpatentable over “Blue Ridge Session Authentication” (Applicant’s IDS dated 10/19/2020) by Blue Ridge Networks (BR) in view of US 2013/0173913 A1 to Kocsis et al. (Kocsis).
Regarding claim 29, BR discloses sending to a compute device (Responder) and via a private channel, a public key of an asymmetric key pair for asymmetric encryption (Responder already knows 1
Regarding claim 42, the claim is similar in scope to claim 29 and is therefore rejected using a similar rationale.
Regarding claim 48, the claim is similar in scope to claim 29 and is therefore rejected using a similar rationale.
Regarding claims 30 and 43, BR discloses wherein: the Diffie-Hellman key exchange includes a first set of Diffie-Hellman key parameters sent to the compute device (Originator sends Diffie-Hellman 
Regarding claim 31, BR discloses wherein: the authenticating and the generating concurrently include: sending to the compute device a request including a first set of Diffie-Hellman key parameters and a nonce (Originator sends Diffie-Hellman parameters and Originator nonce value to Responder, p. 2, bullet 1); and receiving from the compute device a reply including a second set of Diffie-Hellman key parameters and the nonce (Responder replies with D-H parameters and Originator nonce, p. 4, Figure, and Originator verifies the return of its nonce, p. 5, ¶1), the authenticating the compute device is also based on the nonce (Originator verifies the return of its nonce, p. 5, ¶1), and the generating the traffic key is also based on the second set of Diffie-Hellman key parameters (key is generated using key material negotiated in D-H exchange, p. 5, ¶2).
Regarding claim 32, BR discloses wherein: the authenticating and the generating concurrently include: sending to the compute device a request including a first set of Diffie-Hellman key parameters and a nonce (Originator sends Diffie-Hellman parameters and Originator nonce value to Responder, p. 2, bullet 1), the request being encrypted at least by a private key of the asymmetric key pair (establish request encrypted with Originator’s private key, p. 3, ¶2); and receiving from the compute device a reply including a second set of Diffie-Hellman key parameters and the nonce, (Responder replies with D-H parameters and Originator nonce, p. 4, Figure, and Originator verifies the return of its nonce, p. 5, ¶1) the reply being encrypted at least by the public key (reply is encrypted with Originator’s public key, p. 4, Figure), the authenticating the compute device is also based on the nonce (Originator verifies the return 
Regarding claim 33, BR discloses wherein: sending the public key includes sending the public key to the compute device via a management compute device (as modified above by Kocsis), and authenticating the compute device and concurrently generating the traffic key includes communicating with the compute device without using the management compute device (BR differentiates between the management systems, p. 1 and the communication parties, pp. 2-5).
Regarding claims 34 and 44-45, BR discloses wherein sending the public key includes: sending the public key to the compute device via a local cable between the management compute device and the compute device (as modified above by Kocsis, ¶20), but is silent regarding sending the public key to a management compute device.  However, a skilled artisan would understand that performing a physical transfer, such as via the disclosed memory device, would initially require sending the public key to the memory device.  Therefore, it would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to modify BR to further include sending the public key to a management compute device.  One of ordinary skill in the art would have been motivated to perform such a modification to physically transfer the public key, as taught by Kocsis.  
Regarding claims 35 and 47, BR discloses wherein the asymmetric encryption includes an asymmetric RSA encryption (p. 2, Figure).
Regarding claim 37, BR discloses wherein concurrently authenticating the compute device and generating the traffic key includes: sending a request to the compute device, the request being encrypted at least by a private key of the asymmetric key pair that includes the public key (establish request encrypted with Originator’s private key, p. 3, ¶2), the request including a first set of Diffie-Hellman key exchange parameters and a nonce (Originator sends Diffie-Hellman parameters and Originator nonce value to Responder, p. 2, bullet 1); and receiving a reply from the compute device, the .  

Claims 40-41 are rejected under 35 U.S.C. 103 as being unpatentable over BR and Kocsis, as applied to claim 29 above, in further view of “SIGMA: the `SIGn-and-MAc' Approach to Authenticated Diffie-Hellman and its Use in the IKE Protocols” by Krawczyk.
Regarding claim 40, BR discloses wherein the asymmetric key pair is a first asymmetric key pair, the public key is a first public key (Originator’s public key) of the first asymmetric key pair that includes a first private key (Originator’s private key, p. 3, ¶2), and authenticating the compute device and concurrently generating the traffic key includes: sending a request to the compute device, the request being encrypted at least by the first private key (Establish Request is double encrypted, first with Originator’s private key, then with the Responder’s public key, p. 3, ¶2) and by a second public key of a second asymmetric key pair associated with the compute device (Establish Request is double encrypted, first with Originator’s private key, then with the Responder’s public key, p. 3, ¶2), the request including a first set of Diffie-Hellman key exchange parameters and a nonce (Originator sends Diffie-Hellman parameters and Originator nonce value to Responder, p. 2, bullet 1); and receiving a reply from the compute device (Establish Reply), the reply being encrypted at least by the first public key (encrypted using Originator’s public key, p. 4, Figure), the reply including a second set of Diffie-Hellman key parameters (p. 4, Figure); the authenticating the compute device is also based on the nonce (Originator verifies the return of its nonce, p. 5, ¶1), and the generating the traffic key is also based on the second set of Diffie-Hellman key parameters (key is generated using key material negotiated in D-H exchange, p. 
Regarding claim 41, BR discloses wherein the asymmetric key pair is a first asymmetric key pair, the public key is a first public key (Originator’s public key) of the first asymmetric key pair that includes a first private key (Originator’s private key, p. 3, ¶2), and authenticating the compute device and concurrently generating the traffic key includes: sending a request to the compute device, the request being encrypted at least by the first private key (Establish Request is double encrypted, first with Originator’s private key, then with the Responder’s public key, p. 3, ¶2) and by a second public key of a second asymmetric key pair associated with the compute device (Establish Request is double encrypted, first with Originator’s private key, then with the Responder’s public key, p. 3, ¶2), the request including a first set of Diffie-Hellman key parameters (Originator sends Diffie-Hellman parameters and Originator nonce value to Responder, p. 2, bullet 1) and a first nonce (Originator’s nonce, p. 2, Figure); receiving a reply from the compute device (Establish reply), the reply being encrypted at least by the first public key (encrypted using Originator’s public key, p. 4, Figure), the reply including a second set of Diffie-Hellman key parameters (p. 4, Figure), the reply further including the first nonce and a second nonce (Originator’s nonce and Responder’s nonce, p. 4, Figure); the authenticating the compute device is also based on the first nonce (Originator verifies the return of its nonce, p. 5, ¶1), the generating the traffic .

Claims 36 and 46 are rejected under 35 U.S.C. 103 as being unpatentable over BR and Kocsis, as applied to claims 29 and 42 above, in further view of US 2017/0323116 A1 to Mumford et al. (Mumford).
Regarding claims 36 and 46, BR, as modified above, is silent regarding the authenticating the compute device and concurrently generating the traffic key includes communicating with the compute device via a public channel.  However, Mumford teaches that Diffie-Hellman key exchange is designed for securely exchanging keys over a public channel (¶61).  Therefore, it would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to modify BR, as .

Claims 29, 32, 42-43 and 48 are rejected under 35 U.S.C. 103 as being unpatentable over US 2016/0057118 A1 to Lee et al. (Lee) in view of Kocsis.
Regarding claim 29, Lee discloses sending, to a compute device (second mobile device, ¶77) and via a private channel, a public key of an asymmetric key pair for asymmetric encryption (                        
                            
                                
                                    P
                                    U
                                    K
                                
                                
                                    A
                                
                            
                        
                    , ¶77); authenticating the compute device based at least in part on the public key and in accordance with a Diffie-Hellman key exchange (second mobile device is authenticated by decrypting                         
                            
                                
                                    E
                                
                                
                                    A
                                    B
                                
                            
                        
                     using                         
                            
                                
                                    P
                                    U
                                    K
                                
                                
                                    A
                                
                            
                        
                    , ¶78, and checking                         
                            
                                
                                    C
                                    T
                                
                                
                                    B
                                
                            
                        
                    , ¶79; note also the embodiment where the first mobile device verifies                         
                            
                                
                                    S
                                
                                
                                    B
                                
                            
                        
                    , a signature on                         
                            
                                
                                    Y
                                
                                
                                    B
                                
                            
                        
                     by the second mobile device, ¶¶92-93); generating, concurrently with the authenticating, a traffic key (generate                         
                            
                                
                                    K
                                
                                
                                    S
                                    E
                                    S
                                
                            
                        
                    , ¶80) based at least in part on the public key (                        
                            
                                
                                    P
                                    U
                                    K
                                
                                
                                    A
                                
                            
                        
                     used to exchange parameter                         
                            
                                
                                    Y
                                
                                
                                    B
                                
                            
                        
                    , ¶78) and in accordance with the Diffie-Hellman key exchange (generate                         
                            
                                
                                    K
                                
                                
                                    S
                                    E
                                    S
                                
                            
                        
                     using D-H parameters, ¶80); and sending a message to the compute device, the message being encrypted using the traffic key via symmetric encryption (secure communications using                         
                            
                                
                                    K
                                
                                
                                    S
                                    E
                                    S
                                
                            
                        
                    , ¶81). While the specification is not clear as to the metes and bounds of the claimed “private channel”, one example given is a cable.  Lee lacks a private channel of this type.  However, Kocsis teaches that it was known to physically transfer a certificate to a user device to avoid interception (¶20).  Therefore, it would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to modify Lee to send the public key via a private channel.  One of ordinary skill in the art would have been motivated to perform such a modification to avoid interception and thus increase the security of the system, as taught by Kocsis.  

Regarding claim 48, the claim is similar in scope to claim 29 and is therefore rejected using a similar rationale.
Regarding claims 30 and 43, Lee discloses wherein: the Diffie-Hellman key exchange includes a first set of Diffie-Hellman key parameters sent to the compute device (                        
                            
                                
                                    E
                                
                                
                                    B
                                    A
                                
                            
                        
                    , ¶80), a second set of Diffie-Hellman key parameters received from the compute device (                        
                            
                                
                                    E
                                
                                
                                    A
                                    B
                                
                            
                        
                    , ¶78), and a nonce sent to the compute device (                        
                            
                                
                                    C
                                    T
                                
                                
                                    A
                                
                            
                        
                    , ¶77), the authenticating the compute device is also based on the nonce (computing device verifies                         
                            
                                
                                    C
                                    T
                                
                                
                                    A
                                
                            
                        
                     prior to continuing, ¶77), and the generating the traffic key is also based on the second set of Diffie-Hellman key parameters (                        
                            
                                
                                    K
                                
                                
                                    S
                                    E
                                    S
                                
                            
                        
                     is generated using                         
                            
                                
                                    Y
                                
                                
                                    A
                                
                            
                        
                     and                         
                            
                                
                                    Y
                                
                                
                                    B
                                
                            
                        
                    , ¶80).

Double Patenting
The nonstatutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper timewise extension of the “right to exclude” granted by a patent and to prevent possible harassment by multiple assignees. A nonstatutory double patenting rejection is appropriate where the conflicting claims are not identical, but at least one examined application claim is not patentably distinct from the reference claim(s) because the examined application claim is either anticipated by, or would have been obvious over, the reference claim(s). See, e.g., In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969).
A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) or 1.321(d) may be used to overcome an actual or provisional rejection based on nonstatutory double patenting provided the et seq. for applications not subject to examination under the first inventor to file provisions of the AIA . A terminal disclaimer must be signed in compliance with 37 CFR 1.321(b). 
The USPTO Internet website contains terminal disclaimer forms which may be used. Please visit www.uspto.gov/patent/patents-forms. The filing date of the application in which the form is filed determines what form (e.g., PTO/SB/25, PTO/SB/26, PTO/AIA /25, or PTO/AIA /26) should be used. A web-based eTerminal Disclaimer may be filled out completely online using web-screens. An eTerminal Disclaimer that meets all requirements is auto-processed and approved immediately upon submission. For more information about eTerminal Disclaimers, refer to www.uspto.gov/patents/process/file/efs/guidance/eTD-info-I.jsp.
Claims 29-48 are rejected on the ground of nonstatutory double patenting as being unpatentable over claims of U.S. Patent No. 10,630,467, per the table below. Although the claims at issue are not identical, they are not patentably distinct from each other because the patent claims anticipate the instant claims.
16/852,935
US 10,620,467 B1
29
1
30
1
31
1
32
1
33
2
34
3
35
4
36
5
37
1
38
6
39
6
40
1

9
42
10
43
10
44
11
45
12
46
14
47
13
48
1,26



Allowable Subject Matter
Claims 38 and 39 are objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims.
The following is a statement of reasons for the indication of allowable subject matter:
The prior art, alone or in a reasonable combination, fails to teach the request encrypted by a private key of the key pair, the first set of Diffie-Hellman key parameters encrypted by a temporary key, the reply encrypting by the public key and the second set of Diffie-Hellman key parameters encrypted by the temporary key, in combination with the remaining limitations as a whole.

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to MICHAEL J SIMITOSKI whose telephone number is (571)272-3841. The examiner can normally be reached Monday - Friday, 7:00-3:00.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.

Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/Michael Simitoski/               Primary Examiner, Art Unit 2493                                                                                                                                                                                         
January 13, 2022


    
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
    

    
        1 A similar concept is taught in U.S. 2004/0090943 (da Costa et al.), ¶175 and U.S. 2004/0167465 (Mihai et al.),
        ¶548.