DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Information Disclosure Statement
The information disclosure statement (IDS) submitted on 12/18/2020 is in compliance with the provisions of 37 CFR 1.97.  Accordingly, the information disclosure statement is being considered by the examiner.

Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(d):
(d) REFERENCE IN DEPENDENT FORMS.—Subject to subsection (e), a claim in dependent form shall contain a reference to a claim previously set forth and then specify a further limitation of the subject matter claimed. A claim in dependent form shall be construed to incorporate by reference all the limitations of the claim to which it refers.

The following is a quotation of pre-AIA  35 U.S.C. 112, fourth paragraph:
Subject to the following paragraph [i.e., the fifth paragraph of pre-AIA  35 U.S.C. 112], a claim in dependent form shall contain a reference to a claim previously set forth and then specify a further limitation of the subject matter claimed. A claim in dependent form shall be construed to incorporate by reference all the limitations of the claim to which it refers.

Claim(s) 9-14 is/are rejected under 35 U.S.C. 112(d) or pre-AIA  35 U.S.C. 112, 4th paragraph, as being of improper dependent form for failing to further limit the subject matter of the claim upon which it depends, or for failing to include all the limitations of the claim upon which it depends. Claims 9-10 are CRM claims but they depend on claim 1, the system claim.  Moreover, claims 11-14 are dependent on claim 10.  Applicant may cancel the claim(s), amend the claim(s) to place the claim(s) in proper dependent form, rewrite the claim(s) in independent form, or present a sufficient showing that the 

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claim(s) 1 and 8 is/are rejected under 35 U.S.C. 103 as being unpatentable over MENG, US-20190253249-A1 (hereinafter “MENG ‘249”) in view of CLAES et al., US-20160191494-A1 (hereinafter “CLAES ‘494”) and Grawrock, US-20040117625-A1 (hereinafter “Grawrock ‘625”).
Per claim 1 (independent):
MENG ‘249 discloses: A system comprising a first non-transitory computer-readable medium storing a first program and a second non-transitory computer-readable medium storing a second program, the first program and second program including instructions that, when executed by one or more processors, execute a method of securely replacing a first data value with a second data value, the method comprising: ([0008], requesting the server to return a seed parameter (first data value)  for generating an offline payment code … using the shared key to encrypt a seed parameter (encrypted seed parameter; second data value) to which the data request corresponds.);
generating a first public key and a first private key; … generate a second public key and a second private key; combining the first public key with the second private key using public key cryptography to create a shared encryption key ([0008], the first public key is a public key in an asymmetrical key pair generated by the client, and the asymmetrical key pair generated by the client further comprises a first private key; obtaining an asymmetrical key pair comprising a second public key and a second private key, and generating a shared key (shared encryption key) based on the second private key and the first public key using a preset key-agreement algorithm (public key cryptography); using the shared key to encrypt a seed parameter);
MENG ‘249 does not disclose but CLAES ‘494 discloses: generating a cryptographic seed value; passing the shared encryption key through a symmetric algorithm to encrypt the cryptographic seed value ([0143], the first encryption key (shared encryption key) may be shared between the authentication server and the first authentication token, and encrypting the first personalization seed (cryptographic seed value) using the first encryption key may comprise encrypting the first personalization seed using a symmetric encryption algorithm.).
It would have been obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention to have modified MENG ‘249 with the generation of personalization seed encrypted via a shared encryption key based on a symmetric encryption algorithm as taught by CLAES ‘494 because it would improve the security of a validation process of a confirmation credential at an authentication server by depending on the personalization seed [0138].
MENG ‘249 in view of CLAES ‘494 does not disclose but Grawrock ‘625 discloses: passing the cryptographic seed value through an elliptic curve to generate a second public key and a second private key ([0020], the processing units 200, 212 may generate the asymmetric key pairs (a second public key and a second private key) based upon an RSA (Rivest-Shamir­Adleman), EC (Elliptic Curve), or some other asymmetric key pair generation algorithm that has been seeded with a random number.).


Per claim 8 (independent):
The limitations of the claim(s) correspond(s) to features of claim 1 and the claim(s) is/are rejected for the reasons detailed with respect to claim 1.

Claim(s) 2 and 9 is/are rejected under 35 U.S.C. 103 as being unpatentable over MENG ‘249 in view of CLAES ‘494 and Grawrock ‘625 as applied to claim 1 above, and further in view of Wu, US-20200127817-A1 (hereinafter, “Wu ‘817”).
Per claim 2 (dependent on claim 1):
MENG ‘249 in view of CLAES ‘494 and Grawrock ‘625 discloses the elements detailed in the rejection of claim 1 above, incorporated herein by reference.
MENG ‘249 in view of Grawrock ‘625 does not disclose but CLAES ‘494 discloses: The system of claim 1, wherein the method further comprises: … passing the shared encryption key through the symmetric algorithm ([0143], the first encryption key (shared encryption key) may be shared between the authentication server and the first authentication token, and encrypting the first personalization seed using the first encryption key may comprise encrypting the first personalization seed using a symmetric encryption algorithm.).
MENG ‘249 in view of CLAES ‘494 and Grawrock ‘625 does not disclose but Wu ‘817 discloses: removing the second private key after creating the shared encryption key before passing the shared encryption key (FIG. 2, [0040], after generating the public key and the private key (second private key), shared encryption key) as that of sharing persons based on the private key, display the child keys to the asset sharing parties, and delete the private key (second private key); [0031], the original key (second private key) is … a private key in the asymmetric encryption… generating the plurality of child keys based on the original key and restoring the original key by using the received child keys.).
It would have been obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention to have modified MENG ‘249 in view of CLAES ‘494 and Grawrock ‘625 with the generation of child keys from an original private key, which is to be deleted, before restoring the original private key used for verifying a transaction as taught by Wu ‘817 because it would ensure key data security, and prevent an asset sharing party from using the private key for an asset transaction privately [0037].

Per claim 9 (dependent on claim 8):
MENG ‘249 in view of CLAES ‘494 and Grawrock ‘625 discloses the elements detailed in the rejection of claim 8 above, incorporated herein by reference.
The limitations of the claim(s) correspond(s) to features of claim 2 and the claim(s) is/are rejected for the reasons detailed with respect to claim 2.

Claim(s) 3-4 and 10-11 is/are rejected under 35 U.S.C. 103 as being unpatentable over MENG ‘249 in view of CLAES ‘494 and Grawrock ‘625 as applied to claim 1 above, and further in view of Maeng et al., US-10057061-B1 (hereinafter, “Maeng ‘061”).
Per claim 3 (dependent on claim 1):
MENG ‘249 in view of CLAES ‘494 and Grawrock ‘625 discloses the elements detailed in the rejection of claim 1 above, incorporated herein by reference.
 The system of claim 1, wherein the method further comprises: sending the encrypted cryptographic seed value … through a communications interface from the first non-transitory computer-readable medium to the second non-transitory computer-readable medium ([0143], at the authentication server (first CRM), encrypting the first personalization seed using a first encryption key … including the encrypted first personalization seed in the first personalization initiation message; at the first authentication token (second CRM), retrieving the encrypted first personalization seed from the first personalization initiation message.).
MENG ‘249 in view of CLAES ‘494 and Grawrock ‘625 does not disclose but Maeng ‘061 discloses: sending … the second public key through a communications interface (FIG. 11, [Col. 10], ll. 54-64, Once the recipient MTA 11020 (second CRM) receives the sender's public key (from first CRM), the recipient MTA 11020 may verify the certificate (e.g., if the public key was provided as a digital certificate), decrypt the signature, calculate the message hash and compare the decrypted signature hash with the calculated message hash.).
 It would have been obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention to have modified MENG ‘249 in view of CLAES ‘494 and Grawrock ‘625 with the transmission of a public key provided as a digital certificate between two different applications as taught by Maeng ‘061 because it would enhance the security of messages exchanged by efficiently indicating whether a sender is legitimate [Col. 10], ll. 54-64.

Per claim 4 (dependent on claim 3):
MENG ‘249 in view of CLAES ‘494 and Grawrock ‘625 and Maeng ‘061 discloses the elements detailed in the rejection of claim 3 above, incorporated herein by reference.
 The system of claim 3, wherein the method further comprises: … using the second public key and the first private key, generating a second shared key to decrypt … ([0008], the client generates a shared key based on the first private key and the second public key using the key-agreement algorithm and uses the shared key to decrypt the ciphertext.).
MENG ‘249 in view of Grawrock ‘625 and Maeng ‘061 does not disclose but CLAES ‘494 discloses: generating a second shared key to decrypt the encrypted cryptographic seed value and to generate a decrypted cryptographic seed value ([0143], at the first authentication token, retrieving the encrypted first personalization seed from the first personalization initiation message, and decrypting the retrieved encrypted first personalization seed (encrypted cryptographic seed value).).
MENG ‘249 in view of CLAES ‘494 and Grawrock ‘625 does not disclose but Maeng ‘061 discloses: receiving the encrypted cryptographic seed value and the second public key on the second non-transitory computer-readable medium (FIG. 11, [Col. 10], ll. 54-64, Once the recipient MTA 11020 (second CRM) receives the sender's public key (second public key), the recipient MTA 11020 may verify the certificate (e.g., if the public key was provided as a digital certificate), decrypt the signature (encrypted cryptographic seed value), calculate the message hash and compare the decrypted signature hash with the calculated message hash.).

Per claim 10 (dependent on claim 8):
MENG ‘249 in view of CLAES ‘494 and Grawrock ‘625 discloses the elements detailed in the rejection of claim 8 above, incorporated herein by reference.
The limitations of the claim(s) correspond(s) to features of claim 3 and the claim(s) is/are rejected for the reasons detailed with respect to claim 3.

Per claim 11 (dependent on claim 10):

The limitations of the claim(s) correspond(s) to features of claim 4 and the claim(s) is/are rejected for the reasons detailed with respect to claim 4.

Allowable Subject Matter
Claim(s) 5-7 is/are objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims.  Claims 12-14 would be allowable if rewritten in independent form including all of the limitations of the base claim and intervening claims, and rewritten to overcome the 112 rejection.

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to SANGSEOK PARK whose telephone number is (571)272-4332. The examiner can normally be reached Monday-Thursday 7:30-5:30 and Alternate Fridays 8:30-5:30.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jung Kim can be reached on (571) 272-3804. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and 





/SANGSEOK PARK/Examiner, Art Unit 2494                                                                                                                                                                                                        
/JUNG W KIM/Supervisory Patent Examiner, Art Unit 2494