DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  

Terminal Disclaimer
The terminal disclaimer filed on 12/07/2021 disclaiming the terminal portion of any patent granted on this application which would extend beyond the expiration date of US 10,454,682 has been reviewed and is accepted.  The terminal disclaimer has been recorded. Accordingly the double patenting rejection has been withdrawn.

Response to Amendment
This office action is in response to the amendment filed on 12/06/2021.
Claims 21-29 are pending for examination. Applicant amends claims 21 and 23-25. The amendments have been fully considered and entered.
Amendments to the Specification have been accepted and the objections to the Specification have been withdrawn.
Amendments to claims 21 and 23 regarding the claim objections have been accepted and the claim objections have been withdrawn.


Response to Arguments
For convenience, the newly introduced limitations, as made by amendments, are marked as underlined.
Applicant’s arguments with regard to the 35 U.S.C. § 112(b) indefinite rejection in view of 35 U.S.C. § 112(f) means-plus-function interpretation has been fully considered and are persuasive. Therefore, the means-plus-function limitations will be understood as a computer programmed to carry out the specific functions associated with the respective apparatus, system, or unit claims as pointed out by applicant on pg. 12 of the Remarks, filed 12/06/2021. Accordingly, the 35 U.S.C. § 112(b) rejections have been withdrawn. 
Amendments to claim 25 regarding the 35 U.S.C. § 112(d) rejection have been accepted. Furthermore, applicant’s arguments on pg. 13 of the Remarks, filed 12/06/2021, with respect to the 35 U.S.C. § 112(d) rejection of claims 26-27 have been considered and are persuasive. Therefore, the 35 U.S.C. § 112(d) rejections have been withdrawn.
Applicant’s arguments, see Remarks, filed 12/06/2021, with respect to the rejection of claims 21 and 23-24 under 35 U.S.C. § 103 have been fully considered but are not persuasive. The following are applicant arguments recited in the Remarks followed by Examiner's response:

Examiner respectfully disagrees and submits that Perez reasonably teaches these features in a mutual authentication method as pointed out in the art rejection beginning on pg. 21 of the non-final rejection. In the rejection, Perez’s second entity or device B was mapped to the applicant’s service apparatus and Perez’s first entity or device A was mapped to the applicant’s authentication apparatus. As seen in paragraphs [0007] and [0028]-[0032] of Perez, the second entity generates a first random number, encrypts the first random number using the public key of the first entity, and sends the encrypted first random number to the first entity. The first entity then decrypts the received encrypted random number, performs a hash on the decrypted first random number concatenated with a second random number generating a first hash, and sends the second random number along with the first hash to the second entity. The second entity then computes a second hash using the first random number and the received second random number and determines whether the first and second hashes 
b.	Applicant argues that “[c]ombining Oberheide with Perez does not bridge the gaps in Oberheide's teachings. In Perez, Device A sends encrypted data to Device B, and Device B decrypts and verifies the data. That is, Device B does not decrypt the data, perform computation on the data, and return the computed data to Device A for verification.” (Remarks, pg. 16)
Examiner respectfully disagrees. As discussed above, Perez’s Device B was mapped to the applicant’s service apparatus and Perez’s Device A was mapped to the applicant’s authentication apparatus. With this in mind and as explained above, Device A decrypts the random number, performs a hash computation on the random number concatenated with another random number generating a first hash, and returns the first hash to Device B for verification (Perez, [0007] and [0028]-[0032]).
c.	Applicant argues, regarding claim 23, that claim 23 recites a sequence that mirrors the sequence in claim 21 and for the same reasons as noted in the discussion for claim 21, the present claim 23 is patentable over the cited references. (Remarks, pg. 17)
Examiner respectfully disagrees and submits that because Perez teaches mutual authentication, the same method of authenticating the second entity or Device B (i.e., mirrored sequence) is seen in paragraphs [0007] and [0031]-[0033]. Therefore, for the similar reasons as disclosed above in point a. and b. above, Perez reasonably teaches “the authentication apparatus sending encrypted authentication side original data to the service apparatus, the service apparatus decrypting the encrypted authentication side 
d.	Regarding claim 24, applicant argues the same arguments seen in points a. through c. above. Therefore, examiner’s response are the same as seen above.

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 24-25 are rejected under 35 U.S.C. 103 as being unpatentable over Oberheide et al. (US 20150304110 A1; hereinafter “Oberheide”) which was included in the IDS filed on 09/11/2019 in view of Perez et al. (US 20150074403 A1; hereinafter “Perez”) which was included in the IDS filed on 04/28/2020.
As per claim 24, Oberheide discloses: a service apparatus that is pairable with an authentication apparatus in an information communication system, the service apparatus comprising: 
wherein the service side controller comprises a processing hardware unit (Oberheide, Fig. 13, service provider includes processors) configured to authenticate a user ID identifying the authentication apparatus by: 
upon receiving an authentication side public key from the authentication apparatus, storing the authentication side public key associating the authentication side public key with an internal user ID, which is an identification marker for the authentication apparatus 6Application No. 16/567,248Attorney Docket No. P170127US01corresponding to a specific service, and transmitting the internal user ID to the authentication apparatus (Oberheide, [0028], wherein the service provider receives the public key from the authentication device, [0067], and the received public key is stored and associated with a user identifier at the service provider, [0079], wherein the service provider provides the user identifier to the authentication device), and
upon receiving an authentication request with the internal user ID specified from the authentication apparatus, transmitting service side encrypted data to the authentication apparatus (Oberheide, Fig. 2 and [0025], after login request is received from a user, the service provider encrypts sensitive data and sends the encrypted sensitive data to the authentication device via an authentication service). 
Oberheide does not disclose, however, Perez teaches or suggests: the service side encrypted data being obtained by encrypting service side original data using the stored authentication side public key that corresponds to the internal user ID, the service side original data being any data prepared in the service apparatus (Perez, [0007], second entity (i.e., service apparatus) generates a first random number (i.e., any , 
receiving service side computed data from the authentication apparatus, the service side computed data having been obtained by decrypting the service side encrypted data to obtain service side decrypted data and performing predetermined computation on the service side decrypted data (Perez, [0007], first entity decrypts the encrypted first random number using the first entity private key, generating a 1st hash of the first random number and transmitting an encrypted 1st hash of the first random number), and 
determining that the internal user ID is genuine when the service side computed data received from the authentication apparatus matches data obtained by performing the predetermined computation on the service side original data (Perez, [0007] and [0032], encrypted 1st hash is received and decrypted and the received 1st hash is checked with a generated hash to see if it matches to authenticate the first entity).
It would have been obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention to modify/combine the teachings of the modified Oberheide to include a mutual authentication system including generating random number challenges and utilizing asymmetric key encryption and hashing techniques to verify the random challenge as taught by Perez for the benefit of efficient mutual authentication with a device having limited processing power (Perez, [0006]).

As per claim 25, claim 24 is incorporated and the modified Oberheide discloses: wherein the service apparatus is pairiable with the authentication apparatus (Oberheide, 
The modified Oberheide does not disclose, however, Perez teaches or suggests: the authentication apparatus comprising an authentication side controller (Perez, [0042], processor), and 
wherein the authentication side controller comprises a processing hardware unit configured to authenticate a service ID identifying the service apparatus, by comparing a set of data that has been subject to at least one round of encryption and decryption using a pair of public and private keys associated with the service ID with the same set of data before the at least one round of encryption and decryption (Perez, [0042], processor, [0007], and [0029]-[0032], mutual authentication method including comparing data that has been subject to at least one round of encryption and decryption using a public-private key pair).
It would have been obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention to modify/combine the teachings of modified Oberheide to include an authentication side controller configured to authenticate a service ID identifying the service apparatus as taught by Perez for the benefit of efficient mutual authentication with a device having limited processing power (Perez, [0006]).

Claims 21-23 and 26-29 is rejected under 35 U.S.C. 103 as being unpatentable over Oberheide in view of Perez and further in view of Spencer et al. (US 9980140 B1; hereinafter “Spencer”).
As per claims 21 and 26, Oberheide discloses: an information communication system and an information communication method, the system comprising: 
a service apparatus configured to provide a specific service (Oberheide, Fig. 3, service provider 120), and 
an authentication apparatus configured to perform an authentication at a time of using the specific service and to communicate with the service apparatus via an information communication means (Oberheide, Fig. 3, authentication device 140), wherein: 
the authentication apparatus comprises an authentication side controller comprising an authentication side registering unit configured to generate an authentication side private key to be used by the authentication apparatus, and an authentication side public key corresponding to the authentication side private key, to store the authentication side private key, and to transmit the authentication side public key to the service apparatus (Oberheide, Fig. 12, authentication device includes processors (i.e., authentication side controller and units), [0028], wherein the authentication device generates a public key and private key, stores the private key and passes the public key to the service provider), 
the service apparatus comprises a service side controller comprising a service side registering unit that, upon receiving the authentication side public key from the authentication apparatus, is configured to store the authentication side public key associating the authentication side public key with an internal user ID, which is an identification marker for the authentication apparatus corresponding to the specific service, and to transmit the internal user ID to the authentication apparatus (Oberheide, 
the service side controller further comprises a service side encrypting unit that, upon receiving from the authentication apparatus an authentication request with the internal user ID specified, is configured to transmit service side encrypted data to the authentication side controller (Oberheide, Fig. 2 and [0025], after login request is received from a user, the service provider encrypts sensitive data and sends the encrypted sensitive data to the authentication device via an authentication service).
Oberheide does not disclose, however, Perez teaches or suggests: the service side encrypted data being obtained by encrypting service side original data using the authentication side public key that corresponds to the internal user ID and is stored in the service side registering unit, the service side original data being any data prepared in the service apparatus (Perez, [0007], second entity (i.e., service apparatus) generates a first random number (i.e., any data prepared in the service apparatus) and encrypts the first random number with the first entity public key (i.e., authentication side public key)), 
the authentication side controller further comprises an authentication side decrypting unit configured to transmit to the service apparatus service side computed data obtained by performing predetermined computation on service side decrypted data, the service side decrypted data being obtained by decrypting the service side st hash of the first random number and transmitting an encrypted 1st hash of the first random number), and 
the service side controller further comprises an internal user ID genuineness determining unit configured to determine that the internal user ID is genuine when the service side computed data received from the authentication apparatus matches data obtained by performing the predetermined computation on the service side original data (Perez, [0007] and [0032], encrypted 1st hash is received and decrypted and the received 1st hash is checked with a generated hash to see if it matches to authenticate the first entity).
It would have been obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention to modify/combine the teachings of the modified Oberheide to include a mutual authentication system including generating random number challenges and utilizing asymmetric key encryption and hashing techniques to verify the random challenge as taught by Perez for the benefit of efficient mutual authentication with a device having limited processing power (Perez, [0006]).
The modified Oberheide does not teach, however, Spencer teaches or suggests: the information communication system is configured to perform the authentication for making the specific service available on a precondition that pairing is established between the service apparatus and the authentication apparatus (Spencer, col. 22 lines 
It would have been obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention to modify/combine the teachings of the modified Oberheide to include pairing before performing an authentication as taught by Spencer for the benefit of enhancing security by validating each party to each other after establishing secure communications/pairing (Spencer, col. 22 lines 30-35).

As per claim 22, claim 21 is incorporated and the modified Oberheide discloses: wherein: the service side registering unit is further configured to generate a service side private key being a private key to be used by the service apparatus and a service side public key corresponding to the service side private key, to store the service side private key, and to transmit the service side public key to the authentication apparatus (Oberheide, Fig. 13, service provider includes processors (i.e., service side controller and units), [0028], wherein the service provider generates a public key and private key, stores the private key and passes the public key to the authentication device).
The modified Oberheide does not disclose, however, Perez teaches or suggests: transmitting the service side public key together with a service ID that is an identification marker for the service apparatus in the specific service to the authentication apparatus (Perez, [0009] and [0029], the second entity (i.e., service apparatus) sends a certificate chain to the first entity (i.e., authentication apparatus) where a certificate chain includes an identifier of the second entity (i.e., service ID) and the public key of the second entity),

the authentication side controller further comprises an authentication side encrypting unit that, upon receiving information to request authentication with the service ID specified from the service apparatus, is configured to transmit authentication side encrypted data to the service apparatus, the authentication side encrypted data being obtained by encrypting authentication side original data prepared in the authentication apparatus, using the service side public key that corresponds to the service ID and is stored in the authentication side registering unit (Perez, [0007] and [0029]-[0032], upon entity A (i.e., authentication apparatus) receiving the HelloB message which includes the certificate chain of entity B (i.e., service apparatus), entity A generates a KeyConfirmA message which includes a random number (i.e., authentication side original data) encrypted using the public key of entity B and sends keyConfirmA to entity B),
the service side controller further comprises a service side decrypting unit that is configured to transmit authentication side computed data, obtained by performing predetermined computation on authentication side decrypted data, to the authentication apparatus, the authentication side decrypted data being obtained by decrypting the authentication side encrypted data received from the authentication apparatus, using 
the authentication side controller further comprises a service ID genuineness determining unit configured to determine that the service ID is genuine when the authentication side computed data received from the service apparatus matches data obtained by performing the predetermined computation on the authentication side original data (Perez, [0033], entity A (i.e., authentication apparatus) receives KeyConfirmB and verifies the received hash matches a computed hash).
It would have been obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention to modify/combine the teachings of the modified Oberheide to include a mutual authentication system including generating random number challenges and utilizing asymmetric key encryption and hashing techniques to verify the random challenge as taught by Perez for the benefit of efficient mutual authentication with a device having limited processing power (Perez, [0006]).

As per claims 23 and 27, Oberheide discloses: an information communication system and method, the information communication system comprising: 
a service apparatus configured to provide a specific service (Oberheide, Fig. 3, service provider 120), and 

the service apparatus comprises a service side controller comprising a service side registering unit configured to generate a service side private key to be used by the service apparatus and a service side public key corresponding to the service side private key, to store the service side private key, and to transmit to the authentication apparatus the service side public key (Oberheide, Fig. 13, service provider includes processors (i.e., service side controller and units), [0028], wherein the service provider generates a public key and private key, stores the private key and passes the public key to the authentication device).
Oberheide does not disclose, however, Perez teaches or suggests: transmitting the service side public key together with a service ID that is an identification marker for the service apparatus in the specific service to the authentication apparatus (Perez, [0009] and [0029], the second entity (i.e., service apparatus) sends a certificate chain to the first entity (i.e., authentication apparatus) where a certificate chain includes an identifier of the second entity (i.e., service ID) and the public key of the second entity),
the authentication apparatus comprises an authentication side controller comprising an authentication side registering unit that, upon receiving the service side public key from the service apparatus, is configured to store the service side public key associating the service side public key with the service ID (Perez, [0039], processor 216 (i.e., authentication side controller and units), [0029]-[0030] and [0009], entity A (i.e., 
the authentication side controller further comprises an authentication side encrypting unit that, upon receiving from the service apparatus an authentication request with the service ID specified, is configured to transmit authentication side encrypted data to the service apparatus, the authentication side encrypted data being obtained by encrypting authentication side original data using the service side public key that corresponds to the service ID and that is stored in the authentication side registering unit, the authentication side original data being any data prepared in the authentication apparatus (Perez, [0007] and [0029]-[0032], upon entity A receiving the HelloB message which includes the certificate chain entity B, entity A generates a KeyConfirmA message which includes a random number (i.e., authentication side original data) encrypted using the public key of entity B and sends keyConfirmA to entity B (i.e., service apparatus)),
the service side controller further comprises a service side decrypting unit configured to transmit to the authentication apparatus authentication side computed data obtained by performing predetermined computation on authentication side decrypted data, the authentication side decrypted data being obtained by decrypting the authentication side encrypted data received from the authentication apparatus, using the service side private key that is stored in the service side registering unit (Perez, [0032]-[0033], entity B sends KeyConfirmB (i.e., authentication side computed data) to 
the authentication side controller further comprises a service ID genuineness determining unit configured to determine that the service ID is genuine when the authentication side computed data received from the service apparatus matches data obtained by performing the predetermined computation on the authentication side original data (Perez, [0033], entity A receives KeyConfirmB and verifies the received hash matches a computed hash).
It would have been obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention to modify/combine the teachings of the modified Oberheide to include a mutual authentication system including generating random number challenges and utilizing asymmetric key encryption and hashing techniques to verify the random challenge as taught by Perez for the benefit of efficient mutual authentication with a device having limited processing power (Perez, [0006]).
The modified Oberheide does not teach, however, Spencer teaches or suggests: the information communication system is configured to perform the authentication for making the specific service available on a precondition that pairing is established between the service apparatus and the authentication apparatus (Spencer, col. 22 lines 30-35, after pairing is complete, the controller seeks to validate the device by executing a challenge/authentication process).
It would have been obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention to modify/combine the teachings of the modified Oberheide to include pairing before performing an authentication as taught by 

As per claim 28, claim 26 is incorporated and the modified Oberheide discloses: a non-transitory computer-readable medium storing a program that, when executed by a computer, performs the information communication method according to claim 26 (Oberheide, [0129] and [0139], machine-readable storage medium).

As per claim 29, claim 27 is incorporated and the modified Oberheide discloses: a non-transitory computer-readable medium storing a program that, when executed by a computer, performs the information communication method according to claim 27 (Oberheide, [0129] and [0139], machine-readable storage medium).

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. Refer to PTO-892, Notice of References Cited for a listing of analogous art.
Ding et al. (US 20160344712 A1) teaches a pairing process between to devices where a public is acquired to establish a shared key and pairing is implemented by verifying the shared key at both ends ([0157]).

Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP 
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to ALEXANDER R LAPIAN whose telephone number is (571)272-7552.  The examiner can normally be reached on M-F 9:30-6:00 PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Kristine Kincaid can be reached on 571-272-4063.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  


ALEXANDER R. LAPIAN
Examiner
Art Unit 2437



/ALEXANDER R LAPIAN/Examiner, Art Unit 2437  


/MATTHEW SMITHERS/Primary Examiner, Art Unit 2437