DETAILED ACTION
This office action is in response to applicant’s RCE submission filed on 10/21/2021, which has an effective filing date of 05/03/2016. Claims 1, 7, and 13-14 have been amended.  Claims 1-18 are pending and are directed towards apparatus, system, method, and computer product for Authenticating a Data Stream.  Examiner acknowledges applicant’s amendment to claims 13 and 14, and therefore withdraws the previous office action’s 112(f) interpretation to claims 13 and 14.  This is Non-Final action.
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Response to Arguments
1.	Applicant’s arguments filed 10/21/2021 have been fully considered.
A) Applicant’s arguments, with respect to the newly amended limitation of claim 1, that De Lutiis does not teach “wherein the first piece of validation is one of a random number, a nonce, and/or a continuously incremented or decremented number” (page 15 of the present response) have been fully considered but they are moot in view of the new grounds of 35 U.S.C. 103 rejections. 

Regarding B) De Lutiis teaches storing the respective first piece of validation information in a respective second data element of the data stream (para 38, line 11-18 and para 39, line 1-8; sender 2 generates the data stream communication by including bytes [a1, a2, …, am] and transmits data stream containing the bytes unaltered to the receiver 3 for used in authentication).  In addition, De Lutiis teaches transmitting the respective second data element to the at least one receiver after transmitting the respective first data element to the at least one receiver (Fig. 5 and para 39, line 1-8 and para 47, line 1-9; transmits data stream containing the bytes unaltered to the receiver 3 for used in authentication after sending the first control message generated from a hash function H).  Specifically, the control message is used to authenticate errors in the transmitted data stream using the selected pattern of bytes and block lengths.  Furthermore, Fig. 5 shows 
Claim Rejections - 35 USC § 103
2.	In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459 (1966), that are applied for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.
3.	Claims 1-3, 5-7, 9, and 11-18 are rejected under 35 U.S.C. 103 as being unpatentable over De Lutiis et al. (US Pub. 2009/0210707), hereinafter De Lutiis, filed on May 15, 2006 in view of Huang (US Pub. 2016/0006734) filed on Jun. 25, 2015.
	Regarding claim 1, De Lutiis teaches a method for producing a data stream whose sender is authenticable (para 25, line 1-3; authenticating data transmitted by a sender 2 to a receiver 3), comprising:
computing at least one first piece of authentication information, wherein the at least one first piece of authentication information is generated from a respective first piece of validation information by means of a cryptographic one 
De Lutiis does not teach wherein the first piece of validation is one of a random number, nonce, and/or a continuously incremented or decremented number;
Huang teaches wherein the first piece of validation is one of a random number, nonce, and/or a continuously incremented or decremented number (para 28, line 1-8; validation information can be randomly generated number for use in hash function);
 It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified De Lutiis to incorporate the teachings of Huang to provide validation information can be randomly generated number for use in hash function.  Doing so would allow for identity authentication of a source user, as recognized by Huang.
De Lutiis teaches storing the at least one first piece of authentication information in a respective first data element of the data stream; transmitting the respective first data element to at least one receiver (para 40, line 1-8; sender 
storing the respective first piece of validation information in a respective second data element of the data stream (para 38, line 11-18 and para 39, line 1-8; sender 2 generates the data stream communication by including bytes [a1, a2, …, am] and transmits data stream containing the bytes unaltered to the receiver 3 for used in authentication); and 
transmitting the respective second data element to the at least one receiver after transmitting the respective first data element to the at least one receiver (Fig. 5 and para 39, line 1-8 and para 47, line 1-9; transmits data stream containing the bytes unaltered to the receiver 3 for used in authentication after sending the first control message generated from a hash function H to authenticate errors in the transmitted data stream using the selected pattern of bytes and block lengths).
Regarding claim 2, De Lutiis and Huang teach method of claim 1.
De Lutiis teaches a respective further first piece of authentication information is computed, the respective further first piece of authentication information is generated from a respective further first piece of validation information by means of the cryptographic one way function (para 40, line 1-8 
the respective further first piece of authentication information is stored in a respective further first data element and is transmitted to the at least one receiver (para 40, line 1-8; sender control module 10 sends the calculated authentication value in packet-like transmissions to the receiver), and 
the respective further first piece of validation information is stored in the second data element (para 38, line 11-18 and para 39, line 1-8; sender 2 generates the data stream, including bytes [a1, a2, …, am], and transmits the bytes unaltered to the receiver 3).
Regarding claim 3, De Lutiis and Huang teach method of claim 1.
De Lutiis teaches at least one second piece of authentication information is computed, the at least one second piece of authentication information is generated from a respective second piece of validation information by means of the cryptographic one way function (para 40, line 1-8 and para 41, line 1-7; sender control module 10 calculates an authentication value for each block, e.g. four 
the at least one second piece of authentication information is stored in the respective second data element of the data stream (para 40, line 1-8; sender control module 10 sends the calculated authentication value in packet-like transmissions to the receiver); 
the respective second piece of validation information is stored in a respective third data element of the data stream; and the respective third data element is transmitted to the at least one receiver (para 38, line 11-18 and para 39, line 1-8; sender 2 generates the data stream, including bytes [a1, a2, …, am], and transmits the bytes unaltered to the receiver 3).
Regarding claim 5, De Lutiis and Huang teach method of claim 3.
De Lutiis teaches further pieces of authentication information are computed in accordance with the at least one first piece of authentication information (para 40, line 1-8 and para 41, line 1-7; sender control module 10 calculates an authentication value for each block, e.g. four blocks, of the stream in the form of bytes or packets sent by the sender 2, where the authentication value is calculated using a hash function); 

the storing and transmitting of the further pieces of authentication information and of the respective further pieces of validation information is effected in accordance with the storing and transmitting of the first data element and the second data element and/or the storing and transmitting of the second data element and the third data element (para 40, line 1-8, sender control module 10 sends the calculated authentication value in packet-like transmissions to the receiver; para 38, line 11-18 and para 39, line 1-8, para 38, line 11-18 and para 39, line 1-8; sender 2 generates the data stream, including bytes [a1, a2, …, am], and transmits the bytes unaltered to the receiver 3).
Regarding claim 6, De Lutiis and Huang teach method of claim 1.
De Lutiis teaches the first data element comprises a first checksum for at least one portion of the first data element (para 40, line 1-8 and para 41, line 1-7; 
the second data element comprises a first secret for a check on the first checksum (para 39, line 1-8 and para 42, line 1-6; the data stream generated by the sender 2 is transmitted unaltered to the receiver 3 and are used by receiver to calculate an own authentication value for comparison).
Regarding claim 7, De Lutiis teaches a method for authenticating a sender of a data stream by means of a receiver (para 25, line 1-3; authenticating data transmitted by a sender 2 to a receiver 3), comprising:
receiving at least one first data element of the data stream, wherein the at least one first data element comprises a respective first piece of authentication information (para 42, line 1-6; receiver control module 11 receives the authentication value);
receiving at least one second data element of the data stream after receiving the at least one first data stream element of the data stream (Fig. 5 and para 39, line 1-8 and para 47, line 1-9; transmits data stream containing the bytes unaltered to the receiver 3 for used in authentication after sending the first control message generated from a hash function H), 

De Lutiis does not teach wherein the first piece of validation is one of a random number, nonce, and/or a continuously incremented or decremented number;
Huang teaches wherein the first piece of validation is one of a random number, nonce, and/or a continuously incremented or decremented number (para 28, line 1-8; validation information can be randomly generated number for use in hash function);
 It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified De Lutiis to incorporate the teachings of Huang to provide validation information can be randomly generated number for use in hash function.  Doing so would allow for identity authentication of a source user, as recognized by Huang.

comparing the respective first piece of local authentication information with the respective first piece of authentication information, wherein the sender is authenticated if the respective first piece of local authentication information and the respective first piece of authentication information have concordance (para 42, line 1-6 and para 61, line 1-6; compares the own authentication value with the authentication value received and the result of the comparison is positive if the own authentication value is the same as the authentication value received).
Regarding claim 9, De Lutiis and Huang teach method of claim 7.
De Lutiis teaches the at least one second data element comprises a respective second piece of authentication information (para 40, line 1-8 and para 41, line 1-7; sender control module 10 calculates an authentication value for each 
at least one third data element is received, the at least one third data element comprises a respective second piece of validation information (para 39, line 1-8 and para 42, line 1-6; receiver control module 11 receives data stream of blocks, which are used to calculate the own authentication value),
a respective second piece of local authentication information is computed (para 39, line 1-8 and para 42, line 1-6; receiver control module 11 calculates the own authentication value from the received blocks of the data stream), 
the respective second piece of local authentication information is generated from the respective second piece of validation information by means of the cryptographic one way function (para 41, line 1-7 and para 42, line 1-6; receiver control module 11 calculates the own authentication value, where the authentication value is calculated using a hash function); 
the respective second piece of local authentication information is compared with the respective second piece of authentication information, wherein the sender is authenticated if the respective second piece of local authentication information and the respective second piece of authentication information have concordance (para 42, line 1-6 and para 61, line 1-6; compares 
Regarding claim 11, De Lutiis and Huang teach method of claim 7.
De Lutiis teaches the at least one third data element and/or further data elements comprises a respective further piece of authentication information (para 40, line 1-8 and para 41, line 1-7; sender control module 10 calculates an authentication value for each block, e.g. four blocks, of the stream in the form of bytes or packets sent by the sender 2, where the authentication value is calculated using a hash function); 
a respective second piece of local authentication information is computed for the respective further piece of authentication information in accordance with the computing of the respective first piece of local authentication information (para 39, line 1-8 and para 41, line 1-7 and para 42, line 1-6; receiver control module 11 receives blocks of the data stream, which was sent unaltered, and calculates an own authentication value using a hash function for each received blocks); and 
the respective further piece of authentication information is compared with the respective second piece of local authentication information thereof in 
Regarding claim 12, De Lutiis and Huang teach method of claim 7.
De Lutiis teaches the first data element comprises a first checksum for at least one portion of the first data element (para 40, line 1-8 and para 41, line 1-7; sender control module 10 sends the calculated authentication value in packet-like transmissions to the receiver, where the authentication value is calculated using a hash function);
the second data element comprises a first secret; an integrity of the at least one portion of the first data element is checked on the basis of the first checksum and the first secret (para 39, line 1-8 and para 42, line 1-6; the data stream generated by the sender 2 is transmitted unaltered to the receiver 3 and are used by receiver to calculate an own authentication value for comparison to check the integrity of the received blocks).
Regarding claim 13, De Lutiis teaches a generation apparatus for producing a data stream whose sender is authenticable (para 25, line 1-3; authenticating data transmitted by a sender 2 to a receiver 3), comprising:
a processor configured to compute at least one first piece of authentication information, wherein the at least one first piece of authentication information is generated from a respective first piece of validation information by means of a cryptographic one way function (para 40, line 1-8 and para 41, line 1-7; sender control module 10 calculates an authentication value for each block of the stream in the form of bytes or packets sent by the sender 2, where the authentication value is calculated using a hash function),
De Lutiis does not teach wherein the first piece of validation is one of a random number, nonce, and/or a continuously incremented or decremented number;
Huang teaches wherein the first piece of validation is one of a random number, nonce, and/or a continuously incremented or decremented number (para 28, line 1-8; validation information can be randomly generated number for use in hash function);
 It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified De Lutiis 
De Lutiis teaches a first memory module for storing the at least one first piece of authentication information in a respective first data element of the data stream; a first transmission module for transmitting the respective first data element to at least one receiver (Fig. 1 and para 40, line 1-8; sender control module 10, comprising a processor 13 and buffer 12, sends the calculated authentication value in packet-like transmissions to the receiver); 
a second memory module for storing the respective first piece of validation information in a respective second data element of the data stream (para 38, line 11-18 and para 39, line 1-8; sender 2 generates the data stream communication by including bytes [a1, a2, …, am] and transmits data stream containing the bytes unaltered to the receiver 3 for used in authentication); and 
a second transmission module for transmitting the respective second data element to the at least one receiver after the first transmission module has transmitted the respective first data element to the at least one receiver (Fig. 5 and para 39, line 1-8 and para 47, line 1-9; transmits data stream containing the 
Regarding claim 14, De Lutiis teaches an authentication apparatus for authenticating a sender of a data stream by means of a receiver (para 25, line 1-3; authenticating data transmitted by a sender 2 to a receiver 3), comprising: 
a first reception module for receiving at least one first data element of the data stream, wherein the at least one first data element comprises a respective first piece of authentication information (para 42, line 1-6; receiver control module 11 receives the authentication value from the blocks of data stream);
a second reception module for receiving at least one second data element of the data stream after the first reception module has received the at least one first data element of the data stream (Fig. 5 and para 39, line 1-8 and para 47, line 1-9; transmits data stream containing the bytes unaltered to the receiver 3 for used in authentication after sending the first control message generated from a hash function H), 
wherein the at least one second data element comprises a respective first piece of validation information for the respective first piece of authentication information (para 38, line 11-18 and para 39, line 1-8; sender 2 generates the data stream communication by including bytes [a1, a2, …, am] and transmits data 
De Lutiis does not teach wherein the first piece of validation is one of a random number, nonce, and/or a continuously incremented or decremented number;
Huang teaches wherein the first piece of validation is one of a random number, nonce, and/or a continuously incremented or decremented number (para 28, line 1-8; validation information can be randomly generated number for use in hash function);
 It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified De Lutiis to incorporate the teachings of Huang to provide validation information can be randomly generated number for use in hash function.  Doing so would allow for identity authentication of a source user, as recognized by Huang.
De Lutiis teaches a second processor configured to compute a respective first piece of local authentication information, wherein the respective first piece of local authentication information is generated from the respective first piece of validation information by means of a cryptographic one way function (para 39, line 1-8 and para 41, line 1-7 and para 42, line 1-6; receiver control module 11 
wherein at least one of the second processor or a further processor of the authentication apparatus is configured to compare the respective first piece of local authentication information with the respective first piece of authentication information wherein the sender is authenticated if the respective first piece of local authentication information and the respective first piece of authentication information have concordance (para 42, line 1-6 and para 61, line 1-6; receiver control module 11 compares the own authentication value with the authentication value received and the result of the comparison is positive if the own authentication value is the same as the authentication value received).
Regarding claim 15, De Lutiis teaches a system comprising: 
a first communication partner, having a generation apparatus as claimed in claim 13 (see teachings in claim 13); 
at least one second communication partner, having an authentication apparatus, wherein the first communication partner and the second communication partner are communicatively connected to one another via a communication network (para 35, line 1-6 and para 42, line 1-6; sender 2 and receiver 3 are two communication nodes on public network 4, where receiver 
Regarding claim 16, De Lutiis teaches a computer program product, comprising a computer readable hardware storage device having computer readable program code stored therein, said program code executable by a processor of a computer system (para 30, line 1-7; sender processor 13 is connected to and acquires data from the sender buffer 12 and sends data to a secure channel) to implement a method having program commands for performing the method as claimed in claim 1 (see teachings of claim 1).
Regarding claim 17, De Lutiis teaches a computer program product comprising a computer readable hardware storage device having computer readable program code stored therein, said program code executable by a processor of a computer system to implement a method having program commands for a production device that is configured by means of the program commands to produce the generation apparatus (para 30, line 1-7; sender processor 13 is connected to and acquires data from the sender buffer 12 and sends data to a secure channel) as claimed in claim 13 (see teachings of claim 13).
Regarding claim 18, De Lutiis teaches a provision apparatus for the computer program product comprising a computer readable hardware storage 
wherein the provision apparatus stores and/or provides the computer program product (para 30, line 1-7; sender control module includes sender processor 13 and sender data buffer 12 for sending data through secure channel).
4.	Claims 4, 8, and 10 are rejected under 35 U.S.C. 103 as being unpatentable over De Lutiis in view of Huang and Falk (US Pub. 2013/0132730) filed on Jul. 22, 2011.
Regarding claim 4, De Lutiis and Huang teach method of claim 3.
De Lutiis and Huang do not teach one of the data elements comprises at least two pieces of authentication information; and
Falk teaches one of the data elements comprises at least two pieces of authentication information (para 43, line 1-16; integrity check information data IPID can have a hash value of the packet administration data of control data and a hash value of the useful data of the control data); and

De Lutiis teaches respective different data elements comprise an associated piece of validation information for the at least two pieces of authentication information (para 40, line 1-8 and para 41, line 1-7; calculates an authentication value for each block, e.g. four blocks, of the stream in the form of bytes or packets sent by the sender 2, where the authentication value is calculated using a hash function).
Regarding claim 8, De Lutiis and Huang teach method of claim 7.
De Lutiis and Huang do not teach the second data element comprises a multiplicity of first pieces of validation information,
Falk teaches the second data element comprises a multiplicity of first pieces of validation information (para 43, line 1-16; integrity check information data IPID can have a hash value of the packet administration data of control data and a hash value of the useful data of the control data), 

De Lutiis teaches a respective further first data element comprises a respective further first piece of authentication information (para 40, line 1-8 and para 41, line 1-7; an authentication value for each block, e.g. four blocks, of the stream in the form of bytes or packets sent by the sender 2, where the authentication value is calculated using a hash function), 
a respective further first piece of local authentication information is computed for the respective further first piece of authentication information in accordance with the computing of the respective first piece of local authentication information (para 39, line 1-8 and para 42, line 1-6; receiver control module 11 receives the data stream, which was sent unaltered, and calculates an own authentication value for each of the received blocks); and 
the respective further first piece of authentication information is compared with the respective further local first piece of authentication information thereof 
Regarding claim 10, De Lutiis and Huang teach method of claim 9.
De Lutiis and Huang do not teach the data elements comprise at least two pieces of authentication information; and
Falk teaches the data elements comprise at least two pieces of authentication information (para 43, line 1-16; integrity check information data IPID can have a hash value of the packet administration data of control data and a hash value of the useful data of the control data); and
It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified De Lutiis and Huang to incorporate the teachings of Falk to provide integrity check information data with two hash values associated with control data.  Doing so would transmitting data in a manner that is secured against manipulation, as recognized by Falk.

a respective further piece of local authentication information is computed for the respective associated piece of validation information in accordance with the computing of the respective first piece of local authentication information (para 39, line 1-8 and para 41, line 1-7 and para 42, line 1-6; receiver control module 11 receives blocks of the data stream, which was sent unaltered, and calculates an own authentication value using a hash function for each received blocks); and 
the at least two pieces of authentication information are compared with the respective further pieces of local authentication information in accordance with the comparing of the respective first piece of local authentication information with the respective first piece of authentication information (para 42, line 1-6 and para 61, line 1-6; compares the own authentication value with the authentication value received and the result of the comparison is positive if the own authentication value is the same as the authentication value received).
Conclusion
5.	The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. 
	The following are the related patents and applications: Fries et al. (US Pub. 2012/0260088) discloses integrity protection and confidentiality protection of data that are sufficiently secured at the transport level; Juels (US Pub. 2007/0279227) discloses the authentication information comprises a sequence of values corresponding to images of a hash chain and a given one of the values of the sequence is utilized by a second processing device to generate a modified value suitable for providing joint authentication of the first and second processing devices; Singhal (US Pub. 2014/0245385) discloses validation function checks the presence of a source validation code in the header of a packet and routs only those packets that have the source validation code.
6.	Any inquiry concerning this communication or earlier communications from the examiner should be directed to NHAN H NGUYEN whose telephone number is (571)272-6443.  The examiner can normally be reached on Monday-Friday 8:30am - 4:00pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule 
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Saleh Najjar can be reached on 571-272-4006.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.









/SALEH NAJJAR/Supervisory Patent Examiner, Art Unit 2492