DETAILED ACTION
This Non Final Office Action is in response to Application filed on 07/24/2020.
Claims 20-26 filed on 07/24/2020 are being considered on the merits.

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Drawings
The drawings filed on 07/24/2020 are accepted.

Information Disclosure Statement
The information disclosure statements (IDS) submitted on 07/24/2020 and 08/06/2021 have been considered. The submission is in compliance with the provisions of 37 CFR 1.97.  Accordingly an initialed and dated copy of Applicant's IDS form 1449 filed 07/24/2020 and 08/06/2021 are attached to the instant Office action.

Applicant’s Provisional Election
During a telephone conversation with Kevin McGrath (Reg. No. 67,667) on 02/04/2022 a provisional election was made without traverse to prosecute the invention of Group II, claims 20-26. Affirmation of this election must be made by applicant in 
Applicant is reminded that upon the cancellation of claims to a non-elected invention, the inventorship must be amended in compliance with 37 CFR 1.48(b) if one or more of the currently named inventors is no longer an inventor of at least one claim remaining in the application. Any amendment of inventorship must be accompanied by a request under 37 CFR 1.48(b) and by the fee required under 37 CFR 1.17(i).

Specification
Applicant is reminded of the proper language and format for an abstract of the disclosure.
The abstract should be in narrative form and generally limited to a single paragraph on a separate sheet preferably within the range of 50 to 150 words in length. The abstract should describe the disclosure sufficiently to assist readers in deciding whether there is a need for consulting the full patent text for details.

The language should be clear and concise and should not repeat information given in the title. It should avoid using phrases which can be implied, such as, "The disclosure concerns," "The disclosure defined by this invention," "The disclosure describes," etc. In addition, the form and legal phraseology often used in patent claims, such as "means" and "said," should be avoided.

The abstract of the disclosure is objected to because it contains more than 150 words.
Appropriate correction is required.



Claim Objections
Claim 25 is objected to because of the following informalities:  
Claim 25 recites “obtaining, based on the IoT device…”, emphasis in italic. There is lack of antecedent basis for the IoT device. For examination purpose, “the IoT device” is examined as “an IoT device”
Appropriate correction is required.

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459 (1966), that are applied for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.

4. Considering objective evidence present in the application indicating obviousness or nonobviousness.

Claim 20 is rejected under 35 U.S.C. 103 as being unpatentable over Riley (US 20190123910 A1), hereinafter Riley, in view of Jung et. al. (US 20150180840 A1), hereinafter Jung and further in view of Srivastava et. al. (US 20160306966 A1), hereinafter Srivastava.

Regarding claim 20. (New) Riley teaches An Internet of Things (IoT) device for implementing trust IoT services [based on a block chain] (Riley discloses computing devices performing authentication/trust, [0027] “ An anonymous user 130 may download the image/video and forward it via the Internet or other shared file service 135 to the image/video submittal server 140 with a request for authentication”, where computing devices include IoT as disclosed in [0063], where devices communicating over the internet are construed as IoT), 
determining whether the user public key (Pu) exists in a list of access permitted user devices of the IoT device; and in response to determining that the user public key (Pu) exists in the list of access permitted user devices of the IoT device, determining that authentication of the user device succeeds (Riley [0027] “The secure authentication server 150 may perform calculations to verify the recovered digital signature matches the calculated digital signature and that the public key used in the digital signature is on the list of known good public keys. The result of these calculations (or some indication thereof) may be sent in a secure fashion 155 back to the image/video submittal server 140. The image/video submittal server 140 may generate an appropriate message, and may forward, at 165, that message (or an indication thereof) to the anonymous user who originally requested authentication.”, where authentication is determined if a public key is in a good list as illustrated in Figure 9 (910, 920)).  
Riley discloses a request for authentication for IoT devices, where based on the authentication request, the user device obtains the user public key, and performing authentication based on a list of authorized/good public keys as illustrated in Figure 9, however, Riley does not disclose the below limitations.
Jung the IoT device being configured with a pair of IoT device public key (PIoT) and IoT device private key (KIoT) (Jung discloses in [0070, 0072] the ECU device public key and private key, Jung discloses devices such as smart-phones as disclosed in [0135] construed as IoT), the IoT device comprising: 
a memory and a processor, the memory being stored with machine executable instructions that, when executed by the processor (Jung illustrates in e.g. Figure 3 the communication for firmware encryption/decryption and re-programming between server terminals and ECU terminals for vehicles, where the terminals apply to computer devices as disclosed in e.g. [0135], which include memory and processor to perform the method), cause the IoT device to perform operations including: 
receiving an authentication [request] information from a user device (Jung [0024] “firmware data transmitted by a server includes receiving the firmware data including encrypted firmware, an encrypted secret key, and an encrypted hash value”, server 310 illustrated in Figure 3 corresponds to user device, where the authentication information received results into the receiver determine authentication as disclosed in [0090-0093]), 
the user device being configured with a pair of user public key (Pu) and user private key (Ku) (Jung illustrates in Figure 4 server configured with public key 403 and private key 401), and 
the authentication request including a 
hash value of user data of the user device (Jung [0024] “firmware data transmitted by a server includes receiving the firmware data including encrypted firmware, an encrypted secret key, and an encrypted hash value”, server 310 illustrated in Figure 3 corresponds to user device), 
first encrypted information obtained based on the IoT device public key (PIoT) and a user [random] number (Ru) (Jung [0024] “firmware data transmitted by a server includes receiving the firmware data including encrypted firmware, an encrypted secret key, and an encrypted hash value”, [0078] “The server 310 encrypts the server/ECU secret key 405 using the ECU public key 402. Hereinafter, the server/ECU secret key 405 encrypted using the ECU public key 402 will be referred to as "second data", for convenience of description.”, server 310 illustrated in Figure 3 corresponds to user device, where encrypted secret key by the ECU public key received by the ECU device, corresponds to first data, which is based on a secret key, i.e. Ru, and ECU public key, i.e. i.e. device public key) and 
[random] number (Ru) and the hash value (Jung [0024] “firmware data transmitted by a server includes receiving the firmware data including encrypted firmware, an encrypted secret key, and an encrypted hash value”, [0077] “When firmware which is a target for encryption is identified, the server 310 encrypts the identified original firmware using the server/ECU secret key 405. Hereinafter, original data encrypted by the server/ECU secret key 405 will be referred to as "first data", for convenience of description.”, [0080] “the server 310 generates a hash value by using the original firmware as an input value of a designated hash function which is known in advance and encrypts the generated hash value using the server private key 401.”, where the encrypted original firmware using the server/ECU secret key 405, i.e. RU, and the encrypted hash value using the server/user private key, correspond to the second encrypted information,
server 310 illustrated in Figure 3 corresponds to user device); 
authenticating, based on the IoT device private key (KIoT) and the authentication request, the user device (Jung discloses in [0092-0093] confirmation that the authentication is successful based on the calculated hash values, which are based on the prior calculation using the ECU private key to decrypt the secret key as disclosed in [0089]);
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Riley to incorporate the teaching of Jung to utilize the above invention, with the motivation of ensuring safe upgrade of firmware, as recognized by (Jung Abstract).
random number (Ru) key, i.e. the secret key used by Jung is random.
Srivastava discloses sending authentication requests (Srivastava discloses sending requests, which are received and analyzed and accordingly determining allowing communication in e.g. [0075, 0079]),
random number (Ru) (Srivastava discloses in [0155] generating random encryption key),
Srivastava further discloses authentication based on blockchain (Srivastava discloses in [00200] using a block chain or authenticated ledger)
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Riley in view of Jung to incorporate the teaching of Srivastava to utilize the above feature, with the motivation of utilizing a distributed network environment with distributed database, as recognized by (Srivastava [0200]), and further utilize randomness in generating keys to improve security.

Claims 21 is rejected under 35 U.S.C. 103 as being unpatentable over Riley (US 20190123910 A1), hereinafter Riley, in view of Jung et. al. (US 20150180840 A1), hereinafter Jung, Srivastava et. al. (US 20160306966 A1), hereinafter Srivastava and further in view of Lambert (US 20190089532 A1), hereinafter Lambert.

Regarding claim 21 (New), Riley in view of Jung and Srivastava teaches the IoT device according to claim 20, 
u) based on the user signature and the hash value [using an elliptic curve cryptography] (Riley discloses based on the signature determine the use public key and whether it is on a good list, [0027] “The secure authentication server 150 may perform calculations to verify the recovered digital signature matches the calculated digital signature and that the public key used in the digital signature is on the list of known good public keys.”, where the signature is based on a hash function which produces hash values).  
Riley does not disclose the below limitations.
Jung discloses wherein authenticating, based on the IoT device private key (KIoT) and the authentication request, the user device to obtain the user public key (Pu) further comprises: calculating, based on the IoT device private key (KIoT) and the first encrypted information, the user [random] number (Ru) (Jung “[0089] Hereinafter, the ECU 340 may acquire the server/ECU secret key 405 (Ru) by decrypting the second data using the ECU private key 404 (i.e. KIoT) and acquire the original firmware by decrypting the first data using the acquired server/ECU secret key 405.”, where the second data of Jung corresponds to the first encrypted information of the instant application); 
calculating, based on the user [random] number (Ru) and the second encrypted information, a user signature of the user device (Jung discloses using the secret key, i.e. Ru, to decrypt the original firmware, which is applied as an input to a hash function to calculate a user/server signature, which is construed as unencrypted user signature, [0089] “Hereinafter, the ECU 340 may acquire the server/ECU secret key 405 (i.e. Ru) by decrypting the second data (i.e. first encrypted information) using the ECU private key 404 and acquire the original firmware by decrypting the first data (i.e. part of second encrypted information) using the acquired server/ECU secret key 405.”, [0090] Then, the ECU 340 may acquire a hash value by inputting the acquired original firmware to a designated hash function. Hereinafter, the acquired hash value will be referred to as "a first hash value", for convenience of description.”), 
wherein the user signature is obtained by encrypting the hash value using the user private key (Ku) (Jung [0080] “Thereafter, the server 310 generates a hash value by using the original firmware as an input value of a designated hash function which is known in advance and encrypts the generated hash value using the server private key 401. Hereinafter, the hash value encrypted using the server private key 401 (i.e. Ku) will be referred to as "third data", for convenience of description.”); and 
Riley in view of Jung do not disclose the key random value.
Srivastava discloses random number (Ru) (Srivastava discloses in [0155] generating random encryption key). Rationale and motivation for Srivastava applied in claim 20 applies.
Riley in view of Jung and Srivastava disclose the above limitations and further discloses by Jung and Srivastava asymmetric cryptography, which is utilized by elliptic curve cryptography, however, Riley in view of Jung and Srivastava do not explicitly disclose using an elliptic curve cryptography.
(Lambert [0041] “Each of the initiator 202 and responder 204 are capable of cryptographic operations and may support any suitable type of cryptosystem, such as elliptic-curve cryptography (ECC), elliptic-curve Diffie-Hellman (ECDH) cryptography, and variations thereof. As such, the initiator 202 or the responder 204 may include or generate various keys, hashes, numbers-used-once (nonces), or encrypted data to provide a secure authentication protocol.”).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Riley in view of Jung and Srivastava to incorporate the teaching of Lambert to utilize the above feature, where one reasonably skilled in the art may choose any of the finite cryptography types available, as recognized by (Lambert [0041]).

Claims 22 and 24 are rejected under 35 U.S.C. 103 as being unpatentable over Riley (US 20190123910 A1), hereinafter Riley, in view of Jung et. al. (US 20150180840 A1), hereinafter Jung, Srivastava et. al. (US 20160306966 A1), hereinafter Srivastava and further in view of Lambert (US 20190089532 A1), hereinafter Lambert and Bettger (US 20190052466 A1), hereinafter Bettger. (Note: Citation from us-provisional-application US 62544573).

Regarding claim 22 (New), Riley in view of Jung, Srivastava and Lambert teaches the IoT device of claim 21, 
Riley does not disclose the below limitation.
IOT) and the first encrypted information, the user random number (Ru) comprises: calculating the user random number (Ru) according to the following equation:                         
                            
                                
                                    R
                                
                                
                                    u
                                
                            
                            =
                            
                                
                                    K
                                
                                
                                    I
                                    o
                                    T
                                
                                
                                    -
                                    1
                                
                            
                            
                                
                                    
                                        
                                            P
                                        
                                        
                                            I
                                            o
                                            T
                                        
                                    
                                    
                                        
                                            
                                                
                                                    R
                                                
                                                
                                                    u
                                                
                                            
                                        
                                    
                                
                            
                        
                     where PIoT(Ru) represents the first encrypted information, and                         
                            
                                
                                    K
                                
                                
                                    I
                                    o
                                    T
                                
                                
                                    -
                                    1
                                
                            
                        
                     represents a decryption operation using the IoT device private key (KIoT) (Jung discloses calculating the secret key, i.e. Ru, by decrypting the (encrypted secret key, encrypted using the public key of the ECU device, i.e. PIoT(Ru), ) using the private key of the ECU device, i.e. KIoT, [0089] “Hereinafter, the ECU 340 may acquire the server/ECU secret key 405 (i.e. Ru) by decrypting the second data (i.e. first encrypted information) using the ECU private key 404”, were the secret key, i.e. Ru, was initially encrypted by ECU public key as disclosed in [0078] “The server 310 encrypts the server/ECU secret key 405 using the ECU public key 402”, described in an equation, Jung discloses                         
                            
                                
                                    s
                                    e
                                    c
                                    r
                                    e
                                    t
                                     
                                    k
                                    e
                                    y
                                     
                                    R
                                
                                
                                    u
                                
                            
                            =
                            
                                
                                    K
                                
                                
                                    E
                                    C
                                    U
                                
                                
                                    -
                                    1
                                
                            
                            
                                
                                    
                                        
                                            P
                                        
                                        
                                            E
                                            C
                                            U
                                        
                                    
                                    
                                        
                                            
                                                
                                                    R
                                                
                                                
                                                    u
                                                
                                            
                                        
                                    
                                
                            
                        
                    ); and 
wherein calculating, based on the user random number (Ru) and the second encrypted information, a user signature of the user device (Jung discloses calculating, based on the secret key, i.e. Ru, which is used to decrypt the encrypted firmware, i.e. part of the second encrypted information, an unencrypted user/server signature as disclosed in [0089-0090]) 
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Riley to incorporate the teaching of Jung to utilize the above invention, with the motivation of ensuring safe upgrade of firmware, as recognized by (Jung Abstract).

While Riley in view of Jung, Srivastava and Lambert disclose the above limitations, where Jung discloses in [0089-093] the firmware as part of a signature and hash value, examiner denotes the firmware as below as x, where describing the process of Jung in equation format for comparison is as follows:                         
                            
                                
                                    P
                                
                                
                                    u
                                
                            
                            
                                
                                    
                                        
                                            K
                                        
                                        
                                            u
                                        
                                    
                                    
                                        
                                            H
                                        
                                    
                                
                            
                            =
                            H
                            
                                
                                    
                                        
                                            R
                                        
                                        
                                            u
                                        
                                        
                                            -
                                            1
                                        
                                    
                                    
                                        
                                            
                                                
                                                    R
                                                
                                                
                                                    u
                                                
                                            
                                            
                                                
                                                    x
                                                
                                            
                                        
                                    
                                
                            
                        
                    . Examiner submits, as shown in the above equation, that Jung discloses a step farther than what is claimed, for example, Jung discloses in the left hand side that the encrypted signature                         
                            
                                
                                    K
                                
                                
                                    u
                                
                            
                            
                                
                                    H
                                
                            
                        
                     is decrypted by the user/server public key to produce unencrypted signature, the contrast between the claimed equation and the equation described by Jung is that Jung uses the secret key,                         
                            
                                
                                    R
                                
                                
                                    u
                                
                            
                        
                    , to decrypt an encrypted value x, i.e. encrypted firmware, which is part of the hash value, in order to be able to use the decrypted firmware to generate unencrypted signature                         
                            
                                
                                    P
                                
                                
                                    u
                                
                            
                            
                                
                                    
                                        
                                            K
                                        
                                        
                                            u
                                        
                                    
                                    
                                        
                                            H
                                        
                                    
                                
                            
                        
                     similar to the left hand side. I.e. Jung utilizes the unencrypted signature whereas the claimed equation utilizes encrypted signature for authentication. Therefore, examiner submits that it would have been obvious for one of ordinary skill in the art to decrypt the hash value as claimed, rather than decrypting the input that is subsequently used for producing the hash value as shown in the equation described by Jung. Examiner further submits that both equation results into the same calculation of signature for authentication. However, Riley in view of Jung, Srivastava and Lambert do not explicitly disclose the equation:                         
                            
                                
                                    K
                                
                                
                                    u
                                
                            
                            
                                
                                    H
                                
                            
                            =
                            
                                
                                    R
                                
                                
                                    u
                                
                                
                                    -
                                    1
                                
                            
                            
                                
                                    
                                        
                                            R
                                        
                                        
                                            u
                                        
                                    
                                    
                                        
                                            
                                                
                                                    K
                                                
                                                
                                                    u
                                                
                                            
                                            
                                                
                                                    H
                                                
                                            
                                        
                                    
                                
                            
                        
                    .
 calculating the user signature according to the following equation:                          
                            
                                
                                    K
                                
                                
                                    u
                                
                            
                            
                                
                                    H
                                
                            
                            =
                            
                                
                                    R
                                
                                
                                    u
                                
                                
                                    -
                                    1
                                
                            
                            
                                
                                    
                                        
                                            R
                                        
                                        
                                            u
                                        
                                    
                                    
                                        
                                            
                                                
                                                    K
                                                
                                                
                                                    u
                                                
                                            
                                            
                                                
                                                    H
                                                
                                            
                                        
                                    
                                
                            
                        
                     where Ku(H) represents the user signature, H represents the hash value of the user data, Ru(Ku(H)) represents the second encrypted information, and R-u represents a decryption operation using the user random number (Ru) (Bettger illustrates in Figure 20B and discloses the generation and transmission of a double encrypted hash contract, i.e. user signature, where the  hash contract is first encrypted by a sender private key, i.e. (Ku(H), then twice/doubly encrypted by the recipient public key or symmetric key, corresponding to Ru, to produce (Ru(Ku(H))), such that when it is received by a recipient, the recipient decrypts using the recipient’s private key or symmetric key , i.e. Ru, to produce                         
                            
                                
                                    R
                                
                                
                                    u
                                
                                
                                    -
                                    1
                                
                            
                            
                                
                                    
                                        
                                            R
                                        
                                        
                                            u
                                        
                                    
                                    
                                        
                                            
                                                
                                                    K
                                                
                                                
                                                    u
                                                
                                            
                                            
                                                
                                                    H
                                                
                                            
                                        
                                    
                                
                            
                        
                    , then the senders public key to produce the hash contract H, i.e. unencrypted signature, [0375] “At block 2056, the double encrypted hash contract (and optionally any associated metadata) is decrypted using a private key associated with the recipient to form a single encrypted hash contract.”, [0376] “At block 2058, the single encrypted hash contract (and optionally any associated metadata) is decrypted using a public key associated with a sender to form a hash contract.”, [00378] discloses that the double encryption may utilize symmetric keys, therefore, it is feasible to use symmetric key, Ru, for the outer encryption/decryption).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Riley in view of Jung, Srivastava and Lambert to incorporate the teaching of Bettger to utilize the above feature, with the 

Regarding claim 24 (New), Riley in view of Jung, Srivastava, Lambert and Bettger teaches the IoT device of claim 22, 
wherein determining whether the user public key (Pu) exists in a list of access permitted user devices of the IoT device comprises: determining whether the user public key (Pu) exists in the list of access permitted user devices saved by the IoT device (Riley [0027] “The secure authentication server 150 may perform calculations to verify the recovered digital signature matches the calculated digital signature and that the public key used in the digital signature is on the list of known good public keys. The result of these calculations (or some indication thereof) may be sent in a secure fashion 155 back to the image/video submittal server 140. The image/video submittal server 140 may generate an appropriate message, and may forward, at 165, that message (or an indication thereof) to the anonymous user who originally requested authentication.”, where authentication is determined if public key is in a good list as illustrated in Figure 9 (910, 920), where the list is available/stored/registered at the secure authentication server 150 in Figure 1 to be able to make the determination).    

Claims 23 is rejected under 35 U.S.C. 103 as being unpatentable over Riley (US 20190123910 A1), hereinafter Riley, in view of Jung et. al. (US 20150180840 A1), hereinafter Jung, Srivastava et. al. (US 20160306966 A1), hereinafter Srivastava, Note: Citation from us-provisional-application US 62544573) and further in view of Maillard et. al. (US 20070113073 A1), hereinafter Maillard.

Regarding claim 23 (New), Riley in view of Jung, Srivastava, Lambert and Bettger teaches the IoT device of claim 22, wherein determining whether the user public key (Pu) exists in a list of access permitted user devices of the IoT device (Riley [0027] discloses determining whether the device public key is from a list of good public keys) comprises: 
Riley discloses for IoT devices, the list is reviewed to determine whether the device public key is within the good list, and accordingly authentication is determined. However, the above cited prior arts do not disclose sending a public key to a different device/provider to perform the determination whether the public key exists in a list, and accordingly a result indicating that the public key exists.
Maillard discloses sending the user public key (Pu) to a provider of the IoT device, the provider saving a list of access permitted user devices for each IoT device that belongs to the provider; and receiving, from the provider, a search result indicating whether the user public key (Pu) exists in the list of access permitted user devices of the IoT device (Maillard illustrating in Figure 4 communication between devices and a security module, separate from the devices, where a device sends a public key to the security module, where the security module determines whether the public key exists in a list and accordingly return the result indicating that the public key exists or not in the list, [0109] “…the security module may compare the received device public key with stored public keys associated with invalid devices when the flag has a setting "0", and compare the received device public key with both stored public keys associated with invalid devices and stored public keys associated with valid devices when the flag has a setting "1".”, [0110] “If the device 60 is determined to be an invalid device, the security module 64 terminates communication with the device 60. If, as shown in FIG. 4, the security module is in communication with other devices, communication with those devices is also terminated.”, [0111] If the device is determined to be a valid device, the security module 64 generates a secure authenticated channel (SAC) of communication between the device 60 and the security module 64. FIG. 6 shows the steps associated with the generation of a secure authenticated channel of communication between a device and a security module. ).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Riley in view of Jung, Srivastava, Lambert and Bettger to incorporate the teaching of Maillard to utilize the above feature, with the motivation of establishing a secure authenticated channel, as recognized by (Maillard [0111]).

Claims 25 is rejected under 35 U.S.C. 103 as being unpatentable over Jung et. al. (US 20150180840 A1), hereinafter Jung in view of Srivastava et. al. (US 20160306966 A1), hereinafter Srivastava.

Regarding claim 25 (New), Jung teaches a user device for implementing trust Internet of Things (IoT) services [based on a block chain] (Jung discloses establishing authentication/trust between server device and ECU devices illustrated in Figure 3 and disclosed in [0093], including e.g. smart-phone as disclosed in [0135], which is construed as an IoT), 
the user device being configured with a pair of user public key (Pu) and user private key (Ku) (Jung illustrates in Figure 4 server configured with public key 403 and private key 401), 
the user device comprising: a memory and a processor, the memory being stored with machine executable instructions that, when executed by the processor, cause the user device to perform operations (Jung illustrates in e.g. Figure 3 the communication for firmware encryption/decryption and re-programming between server terminals and ECU terminals for vehicles, where the terminals apply to computer devices as disclosed in e.g. [0135], which include memory and processor to perform the method) including: 
performing a hash operation on user data of the user device to generate a hash value of the user data (Jung [0024] “firmware data transmitted by a server includes receiving the firmware data including encrypted firmware, an encrypted secret key, and an encrypted hash value”, server 310 illustrated in Figure 3 corresponds to user device); 
5Attorney Docket No. 16501-021USU1obtaining, based on the IoT device public key (PIoT) of the IoT device and a user [random] number (Ru), first encrypted information (Jung [0024] “firmware data transmitted by a server includes receiving the firmware data including encrypted firmware, an encrypted secret key, and an encrypted hash value”, [0078] “The server 310 encrypts the server/ECU secret key 405 using the ECU public key 402. Hereinafter, the server/ECU secret key 405 encrypted using the ECU public key 402 will be referred to as "second data", for convenience of description.”, server 310 illustrated in Figure 3 corresponds to user device, where encrypted secret key by the ECU public key received by the ECU device, corresponds to first data, which is based on a secret key, i.e. Ru, and ECU public key, i.e. i.e. device public key); 
obtaining, based on the user private key (Ku), the user [random] number (Ru) and the hash value, second encrypted information (Jung [0024] “firmware data transmitted by a server includes receiving the firmware data including encrypted firmware, an encrypted secret key, and an encrypted hash value”, [0077] “When firmware which is a target for encryption is identified, the server 310 encrypts the identified original firmware using the server/ECU secret key 405. Hereinafter, original data encrypted by the server/ECU secret key 405 will be referred to as "first data", for convenience of description.”, [0080] “the server 310 generates a hash value by using the original firmware as an input value of a designated hash function which is known in advance and encrypts the generated hash value using the server private key 401.”, where the encrypted original firmware using the server/ECU secret key 405, i.e. RU, and the encrypted hash value using the server/user private key, correspond to the second encrypted information, server 310 illustrated in Figure 3 corresponds to user device); and 
[request] information to the IoT device, the authentication [request] information including the hash value of the user data, the first encrypted information, and the second encrypted information (Jung discloses transmitting/sending the recited information [0024] “firmware data transmitted by a server includes receiving the firmware data including encrypted firmware, an encrypted secret key, and an encrypted hash value”, as described above and further disclosed in [0077-0080]).
  Jung does not disclose authentication request in the context recited in the claim, the authentication based on blockchain and do not disclose random number (Ru), i.e. the secret key used by Jung is random.
Srivastava discloses sending authentication request (Srivastava discloses sending requests, which are received and analyzed and accordingly determining allowing communication in e.g. [0075, 0079]),
Srivastava discloses random number (Ru) (Srivastava discloses in [0155] generating random encryption key),
Srivastava further discloses authentication based on blockchain (Srivastava discloses in [00200] using a block chain or authenticated ledger)
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Riley in view of Jung to incorporate the teaching of Srivastava to utilize the above feature, with the motivation of utilizing a distributed network environment with distributed database, as recognized by (Srivastava [0200]), and further utilize randomness in generating keys to improve security. 

Claims 26 is rejected under 35 U.S.C. 103 as being unpatentable over Jung et. al. (US 20150180840 A1), hereinafter Jung in view of Srivastava et. al. (US 20160306966 A1), hereinafter Srivastava and further in view of Bettger (US 20190052466 A1), hereinafter Bettger. (Note: Citation from us-provisional-application US 62544573).

Regarding claim 26 (New), Jung in view of Srivastava teaches the user device of claim 25, wherein obtaining, based on the IoT device public key (PoT) of the IoT device and a user [random] number (Ru), first encrypted information comprises: encrypting the user [random] number (Ru) by using the IoT device public key (PIoT) to generate the first encrypted information (PIoT(Ru)) (Jung [0024] “firmware data transmitted by a server includes receiving the firmware data including encrypted firmware, an encrypted secret key, and an encrypted hash value”, [0078] “The server 310 encrypts the server/ECU secret key 405 using the ECU public key 402. Hereinafter, the server/ECU secret key 405 encrypted using the ECU public key 402 will be referred to as "second data", for convenience of description.”, server 310 illustrated in Figure 3 corresponds to user device, where encrypted secret key by the ECU public key received by the ECU device, corresponds to first data, which is based on a secret key, i.e. Ru, and ECU public key, i.e. i.e. device public key; and 
wherein obtaining based on the user private key (Ku), the user [random] number (Ru), and the hash value, second encrypted information comprises: encrypting the hash value by using the user private key (Ku) to generate a user signature (Ku(H)) of the user (Jung [0080] “Thereafter, the server 310 generates a hash value by using the original firmware as an input value of a designated hash function which is known in advance and encrypts the generated hash value using the server private key 401. Hereinafter, the hash value encrypted using the server private key 401 (i.e. Ku) will be referred to as "third data", for convenience of description.”). 
Jung does not disclose random number, however Srivastava discloses random number key. Rationale and motivation in claim 25 applies.
While Jung discloses the above limitations, in addition to the rationale described in claim 22 above, however, Jung in view of Srivastava do not explicitly disclose the below limitations.
Bettger discloses encrypting the user signature by using the [random] number to generate the second encrypted information (Ru(Ku(H))) (Bettger illustrates in Figure 20B and discloses the generation and transmission of a double encrypted hash contract, i.e. user signature, where the  hash contract is first encrypted by a sender private key, i.e. (Ku(H), then twice/doubly encrypted by the recipient public key or symmetric key, corresponding to Ru, to produce (Ru(Ku(H))), such that when it is received by a recipient, the recipient decrypts using the recipient’s private key or symmetric key , i.e. Ru, and then the senders public key to produce the hash contract, i.e. unencrypted signature, [0375] “At block 2056, the double encrypted hash contract (and optionally any associated metadata) is decrypted using a private key associated with the recipient to form a single encrypted hash contract.”, [0376] “At block 2058, the single encrypted hash contract (and optionally any associated metadata) is decrypted using a public key associated with a sender to form a hash contract.”, [00378] discloses that the double encryption may utilize symmetric keys, therefore, it is feasible to use symmetric key, Ru, for the outer encryption/decryption).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Jung in view of Srivastava to incorporate the teaching of Bettger to utilize the above feature, with the motivation of securing hash contracts/signatures in unsecured environment from malicious users, as recognized by (Bettger [0001]).

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure:
(US 20180060596 A1) discloses secure storage audit verification system, where a request comprising various verification fields.
(US 20170214522 A1) system and process for tokenization of digital media
(US 20170064554 A1) discloses secure data interaction method and system, where signature value encrypted and decrypted by session keys.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to BASSAM A NOAMAN whose telephone number is (571)272-2705. The examiner can normally be reached Monday-Friday 8:30 AM-5:00PM.

If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Eleni A. Shiferaw can be reached on (571) 272-3867. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/BASSAM A NOAMAN/Examiner, Art Unit 2497