Notice of Pre-AIA  or AIA  Status
The present application, filed on or after February 20, 2020, is being examined under the first inventor to file provisions of the AIA .
Detailed action
Claims 1-8 are pending and are being considered.
Claims 1 and 3-8 have been amended.

Response to claims Objection 
Applicants argument with respect to claim objection filled on 10/22/2021 have been fully considered and are persuasive. The objection on claims 1-8 have been withdrawn based on amendments as suggested by the examiner.
Response to 103
Applicants argument filled on 10/22/2021 have been fully considered and are partially persuasive.
 In response to applicants argument on page 7-8 of remarks that OKIAWA (i.e. primary reference) fails to teach the limitation “in response to a request for information required for authentication from a service providing system, which provides a service via the network, transmit the stored public key information to the service providing system without performing communication with the external authentication device”. Specifically the applicant argues that transmitting the stored public key to the service providing system is done by communicating with the external authentication system, however the claim recites without communicating with external authentication device. The examiner acknowledges applicants point of view but respectfully disagrees because the examiner relied upon TSURUOKA (i.e. secondary reference) to teach the above argued limitation. The examiner will response to the above argument in view of TSURUOKA (i.e. secondary reference). See TSURUOKA [page 4 last two and transmits the public key certificate 90 to the service request generating unit 24n to generate a service request for the service providing apparatus 6 via network 3 (i.e. equivalent to transmitting public key to the service providing system) without communicating terminal device. The service request is received by the service request receiving unit 63a of the service providing apparatus 6. The service providing apparatus 6 requested to perform service authenticates the user by the user authenticating.
Applicant’s argument on page 8 last para of remarks are moot in view of new grounds of rejection. The arguments do not apply to the current art being used. 
In response to applicant's argument on page 9 of remarks that prima facie case of obviousness has not been established by the examiner because all the claimed elements are/were not known by the prior art. The examiner respectfully disagrees because the test for obviousness is not whether the features of a secondary reference may be bodily incorporated into the structure of the primary reference; nor is it that the claimed invention must be expressly suggested in any one or all of the references.  Rather, the test is what the combined teachings of the references would have suggested to those of ordinary skill in the art.  See In re Keller, 642 F.2d 413, 208 USPQ 871 (CCPA 1981). See the detail rejection below.
 In response to applicant’s argument on page 9-10 of remarks that there is no teaching, suggestion, or motivation to combine the references, the examiner recognizes that obviousness may be established by combining or modifying the teachings of the prior art to produce the claimed invention where there is some teaching, suggestion, or motivation to do so found either in the references themselves or in the knowledge generally available to one of ordinary skill in the art.  See In re Fine, 837 F.2d 1071, 5 USPQ2d 1596 (Fed. Cir. 1988), In re Jones, 958 F.2d 347, 21 USPQ2d 1941 (Fed. Cir. 1992), and KSR International Co. v. Teleflex, Inc., 550 U.S. 398, 82 USPQ2d 1385 (2007).  In this case, OIKAWA 

In response to applicant's argument on page 10 last para of remarks that the examiner's conclusion of obviousness is based upon improper hindsight reasoning, it must be recognized that any judgment on obviousness is in a sense necessarily a reconstruction based upon hindsight reasoning.  But so long as it takes into account only knowledge which was within the level of ordinary skill at the time the claimed invention was made, and does not include knowledge gleaned only from the applicant's disclosure, such a reconstruction is proper.  See In re McLaughlin, 443 F.2d 1392, 170 USPQ 209 (CCPA 1971). In this case the applicant argues that the claim is dissect into discrete elements without considering the relationship of these elements as a whole. The examiner acknowledges applicants point of view but respectfully disagrees because each and every element of the claimed invention is taught by OIKAWA (i.e. primary reference), TSURUOKA (i.e. secondary reference) is only used to teach transmitting public key without communicating the external authentication device. Both the references and instant application is directed towards a same problem of preventing sensitive information from unauthorized access. Therefore the claimed invention is analyzed as whole when applying the references.

Rest of applicant’s argument with respect to amended limitation are moot in view of new grounds of rejection. The argument do not apply to the current art being used. 

Claim objections
Claims 1, 7 and 8 objected to because of the following informalities:  
Claim 1, 7 and 8 recites “receive from external authentication device, identification information….” and “store the received identification information…..” The examiner suggest to clarify the purpose and role of ‘identification information’ for performing authentication with service apparatus for using the service. Appropriate correction is required.
                                               Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1-8 are rejected under 35 U.S.C. 103 as being unpatentable over OIKAWA et al (hereinafter OIKAWA) (JP 2011-71721) (English translation used for examination) in view of TSURUOKA et al (hereinafter TSURUOKA) (JP 2007-60322) (English translation used for examination) and further in view of WEI et al (hereinafter WEI) (US 20210203491).

Regarding claim 1 OIKAWA teaches a service usage apparatus comprising (OIKAWA on [Page 6 para 4-5] teaches a key management server apparatus); 
(OIKAWA on [page 6 para 4-5] teaches the key management server apparatus having a memory for storing instruction and processor for executing instructions);
transmit, to an external authentication device, a request of a key information to be used for authentication, when the external authentication device is connected to the service usage apparatus (OIKAWA on [page 16 para 2-3] teaches the key management service providing unit 512 of the key management server apparatus 500 (i.e. service usage apparatus) transmits a key generation request for generating a pair of the user's private key and public key to the private key management apparatus 600 (i.e. external authentication device), the key management unit 612 of the secret key management apparatus 600 receives the key generation request transmitted in step S6130 via the communication unit 650 (i.e. indication that external authentication device is connected with service usage apparatus)); 
receive, from the external authentication device, identification information corresponding to a key pair and public key information included in the key pair when authentication processing performed by the external authentication device based on the request is successful (OIKAWA on [page 16 para 3-4] teaches when the access right authentication is successful the key generation unit 6122 (i.e. of the external authentication) determine encryption key. The key ID generation unit generates a unique key ID. See on [page 16 3rd last para] teaches the key management service providing unit 512 of the key management server apparatus 500 receives the key ID (i.e. identification information) and the public key. Further teaches the key management unit 612 of the secret key management apparatus 600 sends the key ID associated with the secret key generated in step S6150 and the public key corresponding to the secret key to the key management server apparatus 500 and the Key ID is associated with user ID. See also on [page 5 5th last para] teaches the secret key management device outputs the key ID and the public key to the key management server device. See on [page 6 para 3-5] teaches key management device 600 receives the management authentication information and determine if the authentication is successful and if authentication is successful storing the key ID (i.e. identification information) and generated key (i.e. public-private key pair));
wherein the key pair is managed by the external authentication device in association with authentication information used for the authentication processing (OIKAWA on [page 16 para 3-4] teaches key pair is generated at private key management 600 (i.e. managed by external authentication device) in association with management authentication received for authentication process. Further teaches management unit 612 of key management apparatus 600 for managing key pair);
store the received identification information and the received public key information (OIKAWA on [page 6 para 3-5] teaches key management device 600 receives the management authentication information and determine if the authentication is successful and if authentication is successful storing the key ID (i.e. identification information) and generated key (i.e. public-private key pair)).

Although OIKAWA teaches transmitting the public key to terminal device after the public key is received from external device, but fails to explicitly teach and in response to a request for information required for authentication from a service providing system, which provides a service via the network, transmit the stored public key information to the service providing system without performing communication with the external authentication device wherein a transmission of the request of the key information is performed before the request for the information required for the authentication from the service providing system. However, TSURUOKA from analogous art teaches in response to a request for information required for authentication from a service providing system, which provides a service via the network, transmit the stored public key information to the service providing system without performing communication with the external authentication device (TSURUOKA [page 4 last two para] teaches second public key certificate receiving unit 24m stores the public key certificate 90 in the hard disk 27 and transmits the public key certificate 90 to the service request generating unit 24n to generate a service request for the service providing apparatus 6 via network 3. The service request is received by the service request receiving unit 63a of the service providing apparatus 6. The service providing apparatus 6 requested to perform service authenticates the user by the user authenticating).

Thus, it would have been obvious to one ordinary skill in the art before the effective filing date to implement the teaching of TSURUOKA into the teaching of OIKAWA by transmitting public key to a different device upon a request. One would be motivated to do so in order to securely exchange information between different devices for performing authentication (TSURUOKA on [page 2 para 3]).

Although the combination of OIKAWA and TSURUOKA teaches generating public key generation request and generating an authentication request for performing authentication based on the public key, the combination fails to explicitly teach wherein a transmission of the request of the key information is performed before the request for the information required for the authentication from the service providing system. However,  Wei from analogous art teaches wherein a transmission of the request of the key information is performed before the request for the information required for the authentication from the service providing system (WEI on [0177, 0184 and 0200] teaches  transmitting, by the group manager server, a request for a group public key (i.e. request of key information before authentication request) to an authority center server. receiving, by the group manager server, an authentication request from an IoT device of a plurality of IoT devices; authenticating, by the group manager server, the IoT device as a function of the authentication request (i.e. request for performing authentication after the request for a public key)).
 into the combined teaching of OIKAWA and TSURUOKA by receiving authentication request for performing authentication before after public key distribution request. One would be motivated to do so in order to enhance security of device against security attacks (OH on [0001-0002]).

Regarding claim 2 the combination of OIKAWA, TSURUOKA and WEI teaches all the limitations of claim 1 above, TSURUOKA further teaches wherein the stored public key information is managed with use of an expiration date (TSURUOKA on [page 3 2nd last para] teaches validity period of public key certificate).
Regarding claim 3 the combination of OIKAWA, TSURUOKA and WEI teaches all the limitations of claim 1 above, TSURUOKA further teaches wherein, when service information corresponding to the service has been received from the service providing system, the service information is stored in association with the identification information and the public key information (TSURUOKA on [page 3 last two para ] teaches the correspondence between the user identification information stored in the hard disk 44 of the authentication device 4 and the first public key, and the attribute information of the user permitted to be disclosed in correspondence with the service providing device are determined by the user of the terminal device 2. See also on [page 4] storing public key and service information along with identification information).
Thus, it would have been obvious to one ordinary skill in the art before the effective filing date to implement the teaching of TSURUOKA into the teaching of OIKAWA by transmitting public key to a different device upon a request. One would be motivated to do so in order to securely exchange information between different devices for performing authentication (TSURUOKA on [page 2 para 3]).

4 the combination of OIKAWA, TSURUOKA and WEI teaches all the limitations of claim 3 above, OIKAWA further teaches transmit, to the external authentication device, the identification information and the service information stored in association with the identification information when the external authentication device has been connected to the service usage apparatus (OIKAWA on [page 4 3rd last para] teaches the terminal device transmits a service providing request to the service providing device. In step S102, the service providing apparatus returns electronic data used for user authentication to the terminal apparatus that has transmitted the service providing request. In step S103, the terminal device transmits site identification information indicating the location of the service providing device on the network and the electronic data to the key management server device).
Regarding claim 5 the combination of OIKAWA, TSURUOKA and WEI teaches all the limitations of claim 4 above, OIKAWA further teaches wherein the instructions further cause the service usage apparatus to delete the public key information stored in the service usage apparatus after the transmitted service information has been associated with the identification information by the external authentication device (OIKAWA on [page 18] teaches process of deleting of keys).
Regarding claim 6 the combination of OIKAWA, TSURUOKA and WEI teaches all the limitations of claim 1 above, OIKAWA further teaches wherein the instructions further cause the service usage apparatus to: when the service usage apparatus has accessed the service providing system to use the service and a request for authentication has been received from the service providing system, perform an authentication request to the external authentication device (OIKAWA on [page 4 para 4-6 and page 10] teaches when a user accesses a service providing apparatus in order to enjoy the service, it is a process of authenticating whether or not the user or a terminal device used by the user is valid. As shown in FIG. 1, the authentication process is executed between the key management device, the terminal device, and the service providing device. Further teaches the terminal device transmits a service providing request to the service providing device. In step S102, the service providing apparatus returns electronic data used for user authentication to the terminal apparatus that has transmitted the service providing request);
transmit, to the service providing system, signature information included in a response received from the external authentication device in response to the authentication request, wherein the signature information is generated by using secret key information included in the key pair, (OIKAWA on [page 10] teaches the service use unit 712 of the terminal device 700 inputs a URL (Uniform Resource Locator) for use of the service= provided by the service providing device 320, which is input by the user via the input unit 730. And an access request (service provision request) is transmitted to the service providing apparatus. The service providing apparatus 320 returns an authentication (signature) request necessary for user authentication to the terminal apparatus 700. The authentication (signature) request includes signature target data (electronic data) such as a random number newly generated for each authentication. The signature target data is, for example, a handshake message transmitted from the server when SSL or TLS client authentication is performed. In step S 1040, the service using unit 712 of the terminal device 700 receives authentication (signature) request data from the service providing device 320 via the communication unit 750);
wherein, when verification using the signature information and the transmitted public key information is successful, the service usage apparatus is able to use the service(OIKAWA on [page 10] teaches the service providing apparatus 320 performs verification using the received authentication (signature) response. Specifically, the service providing apparatus 320 verifies the electronic signature included in the authentication (signature) response using the user certificate, and obtains the user certificate in accordance with the general PKI (Public Key Infrastructure) specifications. Verifying and authorizing the user).


Regarding claim 7 OIKAWA teaches a method for a service usage apparatus, the method comprising (OIKAWA on [page 2 para 1-2] teaches key managing method);
transmit, to an external authentication device, a request of a key information to be used for authentication, when the external authentication device is connected to the service usage apparatus (OIKAWA on [page 16 para 2-3] teaches the key management service providing unit 512 of the key management server apparatus 500 (i.e. service usage apparatus) transmits a key generation request for generating a pair of the user's private key and public key to the private key management apparatus 600 (i.e. external authentication device), the key management unit 612 of the secret key management apparatus 600 receives the key generation request transmitted in step S6130 via the communication unit 650 (i.e. indication that external authentication device is connected with service usage apparatus)); 
receive, from the external authentication device, identification information corresponding to a key pair and public key information included in the key pair when authentication processing performed by the external authentication device based on the request is successful (OIKAWA on [page 16 para 3-4] teaches when the access right authentication is successful the key generation unit 6122 (i.e. of the external authentication) determine encryption key. The key ID generation unit generates a unique key ID. See on [page 16 3rd last para] teaches the key management service providing unit 512 of the key management server apparatus 500 receives the key ID (i.e. identification information) and the public key. Further teaches the key management unit 612 of the secret key management apparatus 600 sends the key ID associated with the secret key generated in step S6150 and the public key corresponding to the secret key to the key management server apparatus 500 and the Key ID is associated with user ID. See also on [page 5 5th last para] teaches the secret key management device outputs the key ID and the public key to the key management server device. See on [page 6 para 3-5] teaches key management device 600 receives the management authentication information and determine if the authentication is successful and if authentication is successful storing the key ID (i.e. identification information) and generated key (i.e. public-private key pair));
wherein the key pair is managed by the external authentication device in association with authentication information used for the authentication processing (OIKAWA on [page 16 para 3-4] teaches key pair is generated at private key management 600 (i.e. managed by external authentication device) in association with management authentication received for authentication process. Further teaches management unit 612 of key management apparatus 600 for managing key pair);
store the received identification information and the received public key information (OIKAWA on [page 6 para 3-5] teaches key management device 600 receives the management authentication information and determine if the authentication is successful and if authentication is successful storing the key ID (i.e. identification information) and generated key (i.e. public-private key pair)).
Although OIKAWA teaches transmitting the public key to terminal device after the public key is received from external device, but fails to explicitly teach and in response to a request for information required for authentication from a service providing system, which provides a service via the network, transmit the stored public key information to the service providing system without performing communication with the external authentication device wherein a transmission of the request of the key information is performed before the request for the information required for the authentication from the service providing system, however TSURUOKA from analogous art teaches in response to a request for information required for authentication from a service providing system, which provides a service via the network, transmit the stored public key information to the service providing system without performing communication with the external authentication device (TSURUOKA [page 4 last two para] teaches second public key certificate receiving unit 24m stores the public key certificate 90 in the hard disk 27 and transmits the public key certificate 90 to the service request generating unit 24n to generate a service request for the service providing apparatus 6 via network 3. The service request is received by the service request receiving unit 63a of the service providing apparatus 6. The service providing apparatus 6 requested to perform service authenticates the user by the user authenticating).

Thus, it would have been obvious to one ordinary skill in the art before the effective filing date to implement the teaching of TSURUOKA into the teaching of OIKAWA by transmitting public key to a different device upon a request. One would be motivated to do so in order to securely exchange information between different devices for performing authentication (TSURUOKA on [page 2 para 3]).

Although the combination of OIKAWA and TSURUOKA teaches generating public key generation request and generating an authentication request for performing authentication based on the public key, however the combination fails to explicitly teach wherein a transmission of the request of the key information is performed before the request for the information required for the authentication from the service providing system, however Wei from analogous art teaches wherein a transmission of the request of the key information is performed before the request for the information required for the authentication from the service providing system (WEI on [0177, 0184 and 0200] teaches  transmitting, by the group manager server, a request for a group public key (i.e. request of key information before authentication request) to an authority center server. receiving, by the group manager server, an authentication request from an IoT device of a plurality of IoT devices; authenticating, by the group manager server, the IoT device as a function of the authentication request (i.e. request for performing authentication after the request for a public key)).
 into the combined teaching of OIKAWA and TSURUOKA by receiving authentication request for performing authentication before after public key distribution request. One would be motivated to do so in order to enhance security of device against security attacks (OH on [0001-0002]).

Regarding claim 8 OIKAWA teaches A non-transitory computer-readable storage medium having computer- executable instructions stored thereon, wherein the instructions cause a computer as a service usage apparatus to (OIKAWA on [page 6 para 4-5] teaches the key management server apparatus having a memory for storing instruction and processor for executing instructions);
transmit, to an external authentication device, a request of a key information to be used for authentication, when the external authentication device is connected to the service usage apparatus (OIKAWA on [page 16 para 2-3] teaches the key management service providing unit 512 of the key management server apparatus 500 (i.e. service usage apparatus) transmits a key generation request for generating a pair of the user's private key and public key to the private key management apparatus 600 (i.e. external authentication device), the key management unit 612 of the secret key management apparatus 600 receives the key generation request transmitted in step S6130 via the communication unit 650 (i.e. indication that external authentication device is connected with service usage apparatus)); 
receive, from the external authentication device, identification information corresponding to a key pair and public key information included in the key pair when authentication processing performed by the external authentication device based on the request is successful (OIKAWA on [page 16 para 3-4] teaches when the access right authentication is successful the key generation unit 6122 (i.e. of the external authentication) determine encryption key. The key ID generation unit generates a unique key ID. See on [page 16 3rd last para] teaches the key management service providing unit 512 of the key management server apparatus 500 receives the key ID (i.e. identification information) and the public key. Further teaches the key management unit 612 of the secret key management apparatus 600 sends the key ID associated with the secret key generated in step S6150 and the public key corresponding to the secret key to the key management server apparatus 500 and the Key ID is associated with user ID. See also on [page 5 5th last para] teaches the secret key management device outputs the key ID and the public key to the key management server device. See on [page 6 para 3-5] teaches key management device 600 receives the management authentication information and determine if the authentication is successful and if authentication is successful storing the key ID (i.e. identification information) and generated key (i.e. public-private key pair));
wherein the key pair is managed by the external authentication device in association with authentication information used for the authentication processing (OIKAWA on [page 16 para 3-4] teaches key pair is generated at private key management 600 (i.e. managed by external authentication device) in association with management authentication received for authentication process. Further teaches management unit 612 of key management apparatus 600 for managing key pair);
store the received identification information and the received public key information (OIKAWA on [page 6 para 3-5] teaches key management device 600 receives the management authentication information and determine if the authentication is successful and if authentication is successful storing the key ID (i.e. identification information) and generated key (i.e. public-private key pair)).
Although OIKAWA teaches transmitting the public key to terminal device after the public key is received from external device, but fails to explicitly teach and in response to a request for information required for authentication from a service providing system, which provides a service via the network, transmit the stored public key information to the service providing system without performing (TSURUOKA [page 4 last two para] teaches second public key certificate receiving unit 24m stores the public key certificate 90 in the hard disk 27 and transmits the public key certificate 90 to the service request generating unit 24n to generate a service request for the service providing apparatus 6 via network 3. The service request is received by the service request receiving unit 63a of the service providing apparatus 6. The service providing apparatus 6 requested to perform service authenticates the user by the user authenticating).

Thus, it would have been obvious to one ordinary skill in the art before the effective filing date to implement the teaching of TSURUOKA into the teaching of OIKAWA by transmitting public key to a different device upon a request. One would be motivated to do so in order to securely exchange information between different devices for performing authentication (TSURUOKA on [page 2 para 3]).

Although the combination of OIKAWA and TSURUOKA teaches generating public key generation request and generating an authentication request for performing authentication based on the public key, however the combination fails to explicitly teach wherein a transmission of the request of the key information is performed before the request for the information required for the authentication from the service providing system, however Wei from analogous art teaches wherein a transmission of the request of the key information is performed before the request for the information required for the  (WEI on [0177, 0184 and 0200] teaches  transmitting, by the group manager server, a request for a group public key (i.e. request of key information before authentication request) to an authority center server. receiving, by the group manager server, an authentication request from an IoT device of a plurality of IoT devices; authenticating, by the group manager server, the IoT device as a function of the authentication request (i.e. request for performing authentication after the request for a public key)).
Thus, it would have been obvious to one ordinary skill in the art before the effective filing date to implement the teaching of WEI into the combined teaching of OIKAWA and TSURUOKA by receiving authentication request for performing authentication before after public key distribution request. One would be motivated to do so in order to enhance security of device against security attacks (OH on [0001-0002]).

Conclusion

Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 

Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Shewaye Gelagay can be reached on (571)272-4219.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.


/MOEEN KHAN/               Examiner, Art Unit 2436                                                                                                                                                                                         
/SHEWAYE GELAGAY/Supervisory Patent Examiner, Art Unit 2436