DETAILED ACTION

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

1.  This Non-Final Office Action is in response to amendment filed on 02/22/2022.
	Claim 1 has been amended. Claim 2 has been canceled. Claims 1-7 remain pending in the application. 
Response to Amendment

The amendment filed 02/22/2022 has been entered. Claim 1 has been amended. Claim 2 has been canceled. Claims 1-7 remain pending in the application.  
Applicant amendment to the Claims have overcome the objections previously set forth in the Final Office Action mailed on 08/19/2021. The objection has been withdrawn in view of the amended claims.




Continued Examination Under 37 CFR 1.114

A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection.  Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114.  Applicant's submission filed on 11/03/2021 has been entered.


Response to Arguments

 Regarding Applicant’s arguments, on page 5-8 of the remark filed on 02/22/2022, on the newly added limitations of independent claim 1 : generating a random number by a first messaging device that is not initially known to a second messaging device”  and that is not known to the second messaging device before this decryption”, arguments are not persuasive.
Applicant argues on page 5 paragraph 2 and Page 6 paragraph’s 2-3 of the remarks filed on 02/22/2022that the cited references do not explicitly teach generating a random number that is not initially known to a second messaging device and that is not 
Applicant argues on page Page 6 paragraph’s 2- of the remarks filed on 02/22/2022 that the cited references do not explicitly teach decryption the encrypted payload data using a decryption operation to recover the random number that is not known to a second messaging device before this decryption. Applicant’s interpretation of the reference has been noted; however, examiner respectfully disagrees. Nix discloses in Par. (0022) the correlation between random number within a seed/data. Nix further describes Par. (0026) the data associated with the random number is encrypted and continues on (Par. (0127) that teaches the decrypting the data and recovering the random number as a seed. Nix describes on Par. (0267) the use of values corresponding to messages that are encrypted for subsequent communication. One of ordinary skill in the art could conclude that recovering the random number that is not 


Claim Rejections - 35 USC § 112

The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.


The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.



Claims 2 and 9 is/are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as failing to set forth the subject matter which the inventor or a joint inventor, (or for applications subject to pre-AIA  35 U.S.C. 112, the applicant) regards as the invention. 

In regards to Claim 1 line 29 and Claim 6, the applicant recites the limitation “second messaging device”, this is unclear because a second messaging device was already previously recited earlier in the claims. This creates confusion as to which messaging device the applicant is referring to. The specification state on Par. (0004) “the first messaging device to the second messaging device, receiving the plurality of identifiers, the electronic signature, and the encrypted payload data from the message using a second messaging device, generating a cryptographic hash of the encrypted payload to produce a second hash value using the second messaging device, verifying the received electronic signature using at least a portion of the second hash value and the received plurality of identifiers using the second messaging device”. Therefore it will be broadly and reasonably interpreted that a second messaging device is referring to the same second messaging device recited earlier in the claim. Examiner suggest amending the claims by using the phrase “the”  in front of second messaging device to recite consistent claim language to and to eliminate confusion.

 In regards to Claim 3, the applicant recites the limitation “decryption operation”, this is unclear because  decryption operation was already previously recited earlier in the claims. This creates confusion as to which decryption operation the applicant is referring to. If it is the same decryption operation recited earlier in the claims or a new embodiment of a decryption operation. The specification state on Par. (0015) “In several embodiments, the sender device and the receiver device each store a root key in a secure chip set such that the root key can only be accessed by an encryption/decryption operation that the chip set is configured to perform. In further embodiments, the root key is stored in a portion of the secure chip set that is one time programmable (OTP) non-volatile memory”. Therefore it will be broadly and reasonably interpreted that a second messaging device is referring to the same second messaging device recited earlier in the claim. Examiner suggest amending the claims by using the phrase “the”  in front of decryption operation to recite consistent claim language to and to eliminate confusion.

In regards to Claim 7, the applicant recites the limitation “the chipset identifier”, this is unclear because the claim limitation has a lack of antecedent basis as the chipset identifier was never previously recited in the independent claim. This creates confusion as to which chipset identifier the applicant is referring to. The specification state on Par. (0016) “A chipset identifier (chipid) can be used to uniquely identify the chipset used by the sender and receiver devices in the encryption and decryption operation . In several embodiments, the chipset identifier is in one time programmable memory and cannot be easily modified. A sequence number (seqNr) can be used to identify the particular exchange or transaction involving the encryption operation to establish secure communications (e.g., by establishing a session key and/or authentication”. Therefore it will be broadly and reasonably interpreted that the chipset identifier is referring to some form of ID or identification corresponding to the session such as a session identifier. Examiner suggest amending the claims by using the phrase “a”  in front of chipset identifier to recite proper claim language when first reciting a claim to and to eliminate confusion.





Claims 2, 4-5 and 7 are being additionally rejected for being dependent on a rejected base claim.



Claim Rejections - 35 USC § 103


In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  

The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.



Claims 1 and 3-5, is/are rejected under 35 U.S.C. 103 as being unpatentable over  Nix et al. (U.S Pub. No. 20150095648, hereinafter referred to as “Nix")  in further view of Cheng et al. (U.S Pub. No. 20190140837) 


	Regarding Independent Claim 1 (Currently Amended), Nix teaches a method of authenticating a first device to a second device and establishing secure communications using a shared secret ([Figure 8 Label 813] wherein Nix [0016] defines The module may then utilize the recorded pre-shared secret key to authenticate with a server]) in a single message transmission, the method comprising: (([Figure 4a], [Figure 4b], (Par. (0013) "Methods and systems are provided for secure and efficient communication between modules and a server".), (Par. (0099) “when CPU 101b is active and the module 101 is connected to a network such as a wireless network 102 during data transmissions.”; transmission))
generating a random number by a first messaging device that is not initially known to a second messaging device (Figure 1f label 128; random number generator; (Par. (0100-0101) “ Symmetric key 127 may also include an expiration time 133, such that symmetric key 127 may only be used by module 101 during a limited period of time, such symmetric key 127 remaining only valid for a day, or a week, or during a session (where the session comprises multiple messages and/or responses between a module 101 and a server 105), etc. Module 101 can also derive symmetric key 127 according the Elliptic Curve Integrated Encryption Scheme (ECIES) and/or ECDH 159, discussed in FIG. 1f below, using module public key 111, server public key 114, and a random number from random number generator 128. [..] module 101 preferably uses a random number generator 128 to generate a random number for input into cryptographic algorithms 141, and the seed 129 in random number generator 128 Examiner Notes: In the current form of this limitation it is not clearly known whether the random number or the first messaging number is not initially known based on the specification of  instant application Par. (0041) it will be broadly and reasonably interpreted that the random number is not initially known. Examiner suggest amending the claims to clarify which element of the claimed limitation is unknown. Examiner further asserts that the random number is included in the cryptographic encryption process, therefore until the data associated with the random number is encrypted the random number is not initially known until the second messaging device receives and decrypts it. Examiner suggest further defining the claim to differ from the conventional key exchange that has data that is not initially known until it is decrypted by a valid user))
generating encrypted payload data (see Figure 8 label 403 where in Nix (0022) describes After deriving the new module public key and module private key, the module may then utilize the pre-shared secret key to encrypt the derived module public key using a symmetric ciphering algorithm, thereby creating a module encrypted data (which contains the encrypted derived module public key) as the encrypted payload data) from a root key (Figure 8 label 112] the random number (Figure If Label 128), an initial value (Figure 4a (305) ), unencrypted payload data ( Figure 9 label 110 wherein module identity serves as unencrypted data), and a plurality of identifiers (Figure 1d where in module identity 110 comprises of a unique and session identifier) using an encryption operation (Module encrypt and signing of the data process defined in Figure 3a and 4a.) using a first messaging device (Figure 2 label 101), wherein the root key is a shared secret (Par. (0024) “ith the module public key, and (ii) settings for use in a key derivation function using the new module public key and the server key. The module and the server can subsequently utilize a key derivation function, the new module public key, and server public key to derive a new shared secret key. The new shared secret key could be utilized as a symmetric ciphering key, or to jointly derive another symmetric ciphering key.”; shared secret key)). ) between the first messaging device and a second messaging device (Figure 2; 101 and 105); (Par. (0068) “FIG. 1b performing the action. Note that module 101 may also optionally include user interface 101j which may include one or more devices for receiving inputs and/or one or more devices for conveying outputs.: first and second messaging device (one or more devices receiving)); 
generating a cryptographic hash (see Cryptographic algorithms 141 in Figure If) of the encrypted payload data to produce a first hash value  (Par. (0136) “Cryptographic algorithms 141 may also include a set of secure hash algorithms 141c in order to compute and output a secure hash value or number based on a string or file input”; generate a cryptographic hash (compute a secure hash value) of the encrypted payload data (input)), (Par. (0236) “a secure hash signature, where server 105 generated the hash signature using as input [..] encrypted data 504”; of the encrypted payload daya to produce a first hash generate a hash using [..] encrypted data))  using the first messaging device;
transmitting the plurality of identifiers, the electronic signature, and the encrypted payload data using the first messaging device to the second messaging device (Figure 4a labels 403, 405 and 4B label 208, 410; module device transmits plurality of identifiers and encrypted payload data (module encrypted data) and electronic signature (signed w/ module key) to server in 4B), (Par. (0253) “Module identity 110 within module encrypted data 403 can represent the identity of module 110, and could represent a serial number read by module 101 from a read-only hardware address. Module identity 110 is described in FIG. 1c and can represent a unique identifier of module 101”; module encrypted data with unique identifier)), (Par. (0258) “each of the different values [..] may comprise a session identity or session identifier, as opposed to a different”; plurality of identifiers,(different session identifier values))
receiving the plurality of identifiers, the electronic signature, and the encrypted payload data from the message using the second messaging device ((Figure 4a labels 403, 405 and 4B label 208, 410; server receiving plurality of identifiers and encrypted payload data (module encrypted data) and electronic signature (signed w/ module key) from module in 4A), (Par. (0253) “Module identity 110 within module encrypted data 403 can represent the identity of module 110, and could represent a serial number read by module 101 from a read-only hardware address. Module identity 110 is described in FIG. 1c and can represent a unique identifier of module 101”; module encrypted data with unique identifier)), (Par. (0258) “each of the different values [..] may comprise a session identity or session identifier, as opposed to a different”; plurality of identifiers,(different session identifier values))
Generating a cryptographic hash (see Figure 1d Cryptographic hash algorithm 141) of the encrypted payload data to produce a second hash value (Nix defines (0137) a second secure hash value in the certificate 122." using the second messaging device as well.) , (Par. (0137) “a first secure hash value in the form of a signature 123 in a certificate 122 and a certificate authority public key 132 matches (ii) a second secure hash value in the certificate 122”; first and second secure hash values)
verifying the received electronic signature using at least a portion of the second hash value and the received plurality of identifiers using the second messaging device (Figure 4b (410]); Par. (0077) "Processing the received data could include deciphering or decrypting received data with a key, verifying a digital signature with a key, reading an instruction from a server 105, or similar transformations of the received data")
decrypting the encrypted payload data using a decryption operation (Figure 5b) using the root key, the received identifiers and at least a portion of the received electronic signature using the second messaging device to recover the random number that is not known to the second messaging device before this decryption , (Par. 0210) "the module verifying the identity and decrypting the message defined on Figure 5b wherein Nix further explains "413, where server 105 first decrypts module encrypted data 403 and can then verify module identity 110 by performing steps." Defined in Figure 3b and 4b), (Par. (0101-0106) “uses a random number generator 128 to generate a random number for input into cryptographic algorithms 141, and the seed 129 in random number generator 128 could utilize data from a sensor 101f in order to generate a random number with high entropy in the creation of symmetric Module 101 may also contain cryptographic algorithms 141, which may comprise a suite of algorithms or subroutines that can be utilized for (i) deriving a pair of keys comprising a public key and a private key, (ii) encrypting data using public keys, (iii) decrypting data using private keys”; that is not known to the second messaging device before decryption (data is decrypted and not known or accessed until valid device decrypts with corresponding keys))
and establishing a secure channel (Figure Id) for subsequent communications between the first messaging device and second messaging device using the random number as key material for a session key as a second shared secret. (Par. (0100) “Symmetric key 127 can be a secure, shared private key for use with symmetric encryption or symmetric ciphering algorithms 141b. Symmetric key 127 can be derived by using module public key 111 and/or server public key 114, possibly through the use of a key derivation function 141f. Symmetric key 127 can be used for both encryption and decryption with symmetric cryptographic algorithms 141b described in FIG. 1f below, where a shared secret key can be used to both encrypt/cipher and decrypt/decipher. Symmetric key 127 may also include an expiration time 133, such that symmetric key 127 may only be used by module 101 during a limited period of time, such symmetric key 127”; session key (symmetric key) as a second shared secret (can be used as a  shared secret)), (Par. (0110) “Thus, one key pair could be used with digital signatures, a second key pair used for asymmetric ciphering, and a third key pair to derive shared secret keys. Each of the three illustrated pairs of keys could comprise a set of keys.”; second shared secret key (second key pair corresponding to shared secret keys)), (Par. (0116) “he pre-shared secret key 129a shared secret key code 134 could be physically printed on module 101, such as next to a serial number printed on the enclosure of the device. Pre-shared secret key code 134 could be a unique and/or randomized string such as an exemplary 8 byte number or 10 character string (and other possibilities exist as well), where upon (a) successful submission to a web page of both the pre-shared secret key code 134”; second shared secret  (pre-shared secret key and shared secret key code)) (Figure 4a label 127) to secure the channel. (Par. 0248) ''for message 208 and a single packet for response 209 for secure communication between module 101 and server 105'') explaining a secure communication between the module and the server defined in Figure 1d) (Par. 0019) "The module can utilize the server public key to securely send a symmetric key inside message encrypted with an asymmetric ciphering algorithm, and the symmetric key can be used to encrypt the sensor data within the message or a subsequent message (session key). (Par. (0101) “module 101 preferably uses a random number generator 128 to generate a random number for input into cryptographic algorithms 141, and the seed 129 in random number generator 128 could utilize data from a sensor 101f in order to generate a random number with high entropy in the creation of symmetric key 127”; using the random number for a session key (creation of symmetric key)), (Par. (0107) “The creation of random numbers with a high degree of entropy may be important the use of [..] utilize the last two digits appended from a series of measurements for input into a seed 129 in order to generate a random number. Random number generator 128 could also utilize data input from the other components a security token 401, which could also be a random number, or a randomly generated text, binary, or hexadecimal string. [..] A random number in security token 401 could be processed by module 101 using a seed 129 in a random number generator 128, where the seed utilizes data from sensor 101f as input into the seed, as illustrated in FIG. 1d above”; using the random number))
However Nix does not explicitly teach generating an electronic signature of the encrypted payload data from, the random number, the plurality of identifiers and at least a portion of the first hash value using the encryption operation using the first messaging device; 
Wherein Cheng teaches generating an electronic signature of the encrypted payload data from the random number, and the plurality of identifiers and at least a portion of the first hash value using the encryption operation using the first messaging device; (Par. (0118) “the second digital signature by using at least the second random number, the public key in the digital certificate of the eUICC, and the first identifier may be as follows: The SM-DP+ server decrypts the second digital signature by using the public key in the digital certificate of the eUICC, to obtain a message digest, and then performs a hash operation according to at least the first identifier and the second random number that is previously generated by the SM-DP+ generated electronic signature (digital signature) from (using) the random number (second random number) and plurality of identifiers (first identifier) using first messaging device (message digest)), (Par. (0086) “the SM-DP+ server may perform a hash operation on [.] to obtain the first digital signature.”; first hash value (hash operation correlating to generating of electronic signature digital signature)), (Par. (0097) “SM-DP+ server, the first identifier, and an eUICC identifier that are sent by an SM-DS server, the LPA triggers the eUICC to generate the first random number.”; plurality of identifiers (first identifier and eUICC identifier)), (Par. (0021) “the SM-DP+ server may further send a second message to a subscription manager-discovery service SM-DS server after receiving a first message sent by the LPA, where the second message includes at least an address of the SM-DP+ server, an eUICC identifier, and the first identifier, the second message is used by the SM-DS server to delete at least the address of the SM-DP+, the eUICC identifier, and the first identifier that are sent by the SM-DP+ server, and the first message includes at least the first identifier and a digital signature generated by the eUICC according to the first identifier.”; messaging device (first and second messages are sent and received)), (Par. (0068) “he user terminal may include various electronic devices, such as a mobile phone, a tablet computer, a personal digital assistant (Personal Digital Assistant, PDA), a television, an in-vehicle device, a machine-to-machine (Machine to Machine, M2M) device, a mobile Internet device (Mobile Internet Device, MID), and an intelligent wearable device (such as a smartwatch and a smart band). An eUICC and an LPA are disposed in the user terminal. The LPA may be deployed in the eUICC, or the LPA and the eUICC may be messaging devices)), (Par. (0172) “to obtain a message digest, and then encrypts the message digest by using a private key of the SM-DP+ server, to obtain the first digital signature.”; encryption operation (encrypts the message))
Therefore, it would have been obvious before the effective filing date of the claimed invention to combine the teachings of Cheng within the teachings of Nix to include generating an electronic signature of the encrypted payload data from the random number, and the plurality of identifiers and at least a portion of the first hash value using the encryption operation using the first messaging device because of the analogous concept of authenticating message transmission of a device using a signature, random number and hash operation to establish secure communications. Cheng includes the generation of the electronic signature to be from a hash value, random number and multiple identifiers using an encryption operation of a messaging device. By using these three elements in unison to create the signature the authentication of the message is even more securely protected because during the encryption operation the payload data must correspond to the correct an accurate hash value, identifier and random number in order to be verified as an authorized user of the message. This lessens the likelihood of risk, vulnerability and possible compromise of the messaging devices because in order to decrypt the transmitted data the signature must include all three elements. The motivation to combine these references is by implementing a random number, hash value and identifier in the generation of the signature users can be ensured that messages transmitted will not be intercepted and 

Regarding Dependent Claim 3 (Original), the combination of Nix and Cheng teach the method of claim 1, Nix further teaches the method of claim 1 wherein the encryption operation and decryption operation are block ciphers (Par. (0199-0200) “may be calculated with input from either (i) the plaintext in an encrypted message such as module encrypted data 403 or (ii) the ciphered data before conversion to plaintext, such as module encrypted data 403 before decryption at step 413. [..] block codes and convolution codes. Block codes could include Reed-Solomon, Golay, BCH, Hamming, and turbo codes. According to a preferred exemplary embodiment, channel coding 406 can utilize a turbo code, so that server 105 can correct bit errors received by server 105 in message 208. Alternatively, module 101 could implement channel coding by simply transmitting the same packet more than once and the use of block codes or convolution codes could be bypassed. Or, module 101 could implement channel coding by both transmitting the same packet more than once and also using a block code or convolution code in the body of the packet.”; block codes corresponding to encryption and decryption of message))

Regarding Dependent Claim 4 (Original), the combination of Nix and Cheng teach the method of claim 1, Nix further teaches the method of claim 1 wherein the plurality of identifiers includes a provider identifier (Par. (0175) "Module identity 110 can be a unique identifier associated with module 101, and can represent a number a chipset identifier (Par. (0103) " a module identity 110 can also have more than one use. A first module identity 110 could comprise a serial number for the physical hardware of module 101, as described in the paragraph above. A second module identity 110 could also comprise a session identifier, for data sessions between module 101 and server 105, where the session identifier can be uniquely associated by a server 105 to module 101.”; chipset identifier (serial numbers)) ''}), and a sequence number (Par. (0059) “Module public key identity 111a could be a string or sequence number uniquely associated with module public key 111.).

Regarding Dependent Claim 5 (Original), the combination of Nix and Cheng teach the method of claim 1, Nix further teaches the method of claim 1 further comprising sending a plurality of additional messages encrypted (Figure 4a 208) using the session key between the first device and the second device, (Par. (0018) “The module can utilize the server public key to securely send a symmetric key inside message encrypted with an asymmetric ciphering algorithm, and the symmetric key can be used to encrypt the sensor data within the message or a subsequent message. The module can utilize the module private key to create and include a digital signature of the module in the message. The message can also include a module identity and a security token. The server can receive the message and (i) verify the digital signature of the module by utilizing the module public key and module identity, and (ii) decrypt the sensor data by utilizing the server private key to decrypt the symmetric key and then using the symmetric key to decrypt the sensor data.”; session key (symmetric key)) where each of the additional messages includes a sequence number (Par. (0324) : sequence number 111a is illustrated as a separate field in module encrypted data 403a, module public key sequence number 111 a could optionally be included in parameters 126, such that the value within parameters 126 specifies the current sequence number for the current module public key]) that is incremented over the sequence number included in the previous message.))


Claim 6, is/are rejected under 35 U.S.C. 103 as being unpatentable over  Nix et al. (U.S Pub. No. 20150095648, hereinafter referred to as “Nix"), Cheng et al. (U.S Pub. No. 20190140837, hereinafter referred to as “Cheng”) in further view of Le Saint et al. (U.S Pub. No. 20040218762, hereinafter referred to as “Le Saint”).

Regarding Dependent Claim 6 (Original), the combination of Nix and Cheng teach the method of claim 1, Nix further teaches establishing a secure channel (Figure ld) for subsequent communications between the first messaging device and second messaging device using the second random number as key material for a session key to secure the channel (Par. (0127)" The server private key 105c and module public key 111 can be utilized by server 105 to secure communication with module 101" Wherein he describes server and module serve as first messaging device and seconding messaging device establishing a secure channel.), (Par. (0079) “The host and cryptographic module random numbers are then encrypted with the retrieved cryptographic module session key 382”; second random number (random numbers corresponding to session key)), (Par. (0020-0022) “the symmetric key is typically a random number having a sufficient bit strength of at least 64 bits but preferably 112 bits or greater [..] Multiple symmetric keys may be established to allow access to applications which require different CSPs and/or associated with different entities requiring access to the cryptographic module.”; second random number (symmetric key corresponding to a random number, multiple symmetric keys) )
However Nix and Cheng do not explicitly teach the method of claim 1 further comprising: expiring the session key; generating a second random number using the first messaging device; repeating the encrypting, transmitting, and decrypting operations in a single message exchange to communicate the second random number to the second messaging device;
Wherein Le Saint teaches the method of claim 1 further comprising: expiring the session key (Par. (0065) “ the sending entity is authenticated and the session key Ksys'SID[x] 220' is established as a surrogate of the PIN 230 for the duration of the session by the Security Executive application  [..] The duration of the session may be controlled by events initiated by the authenticated entity or user, such as disconnection of the cryptographic module from its interface with the host, logout from the host or may be time dependent such as exceeding a predetermined session length or extended idle period may terminate the session”; expiring the session key (terminate the session corre3sponding to exceeding a time associated with session key)); and
generating a second random number ( Par. (0077-0079) “he Host Security Manager application causing the generation of a host random number 372 which is encrypted with the session key 374 associated with the session to be reactivated. The encrypted host random number is then sent to the Security Executive application and cryptographic module random numbers are then encrypted with the retrieved cryptographic module session key 382 and the resulting cryptogram sent to Host Security Manager application installed inside the host computer system.. “; generation of a second random number (generation of a host random number associated with multiple random numbers))) using the first messaging device;
 repeating the encrypting, transmitting, and decrypting operations in a single message exchange to communicate the second random number to the second messaging device (Par. 0078) "The Security Executive application causes the encrypted host random number to be decrypted using the retrieved session key 378 and causes a cryptographic module random number to be generated " (Wherein the security executive application serves as second messaging device.), (Par. (0020) “subsequently repeats the process of collecting sensor data and securely sending a message to the server.”; repeating of process)), (Par. (0077-0079) “he Host Security Manager application causing the generation of a host random number 372 which is encrypted with the session key 374 associated with the session to be reactivated. The encrypted host random number is then sent to the Security Executive application installed inside the cryptographic module 376 [..] he host and cryptographic module random numbers are then encrypted with the retrieved cryptographic module session key 382 and the resulting cryptogram sent to Host Security Manager application installed inside the host computer system.. “;second random number (generation of a host random number associated with multiple random numbers))), (Figure 3B labels 372, 374, 376 384 and, 386; encrypted random number is transmitted (sent) to hos that is decrypted))
.

Claim 7, is/are rejected under 35 U.S.C. 103 as being unpatentable over  Nix et al. (U.S Pub. No. 20150095648, hereinafter referred to as “Nix"),  and Cheng et al. (U.S Pub. No. 20190140837, hereinafter referred to as “Cheng”) in further view of Itamar et al. (U.S Pub. No. 20180123790, hereinafter referred to as “Itamar”).

Regarding Dependent Claim 7 (Original), the combination of Nix and Cheng teach the method of claim 1, Nix further teaches the method of claim 1, wherein the second messaging device (Par. (0068) “1b performing the action. Note that module 101 may also optionally include user interface 101j which may include one or more devices for receiving inputs and/or one or more devices for conveying outputs.”; second messaging device (one or more devices))
with the first messaging device (Par. (0068) “1b performing the action. Note that module 101 may also optionally include user interface 101j which may include one or more devices for receiving inputs and/or one or more devices for conveying outputs.”; second messaging device (one or more devices))
However Nix and Cheng do not explicitly teach stores a root key lookup table and locates the correct root key associated …. using the chipset identifier.
Wherein Itamar teaches stores a root key lookup table and (Par. (0052) “highly secure key table that is located within the database server, preventing server administrators from accessing the keys in the key table, and further having higher security standards than having a single master key for accessing the key table;”; stores a root key lookup table (keys table stored within database server))
locates the correct root key associated …… using the chipset identifier (Par. ( 0043) “Master key and the Type identifier [0048] (d) Grantor hashes the Instance key for the Instance with the Type key and the Instance identifier (e.g., instance's serial number).”; root key using the chipset identifier (master key corresponding to serial numbers)), (Par. (0030) “The public/private key pair is stored within the encryption key table.”; root key (keys pairs stored in key table)), (Par. (0073-0094) “The public/private key pair is stored within the encryption key table. [..] the Master key and stores it in said user's wallet and encrypts it with said user's public key. [..] for granting permission access to an instance through key granting for grantee system users: [0092] (a) Grantor decrypts his Private key with His password. [0093] (b) Grantor decrypts his key with His If grantor's key is a Master key, grantor hashes a Type key for the instance with the Master key and the Type identifier”; key is stored in table and located corresponding to access/permission))
Therefore, it would have been obvious before the effective filing date of the claimed invention to combine the teachings of Itamar within the teachings of Nix and Cheng to include storing a root key lookup table and locating the correct root key associated with the first messaging device using the chipset identifier because of the analogous concept of using a session key or root key to authenticate messages in a system. Itamar includes teachings of a second messaging device soring a root key lookup table into Nix' s teaching of locating the correct root associated with the first messaging device using an identify for the benefit of storing the root key lookup table and being able to locate and identify it.


Relevant Prior Art

The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.

1.	Lance Dover (15692802) "Secure memory arrangements" because of its method of authenticating first messaging device to a second using symmetric key encryption.

3.	Dominique Fedronic (12,282,782) "Method And System For Storing A Key In A Remote Security Module" because it used a method of authenticating using a control key between a module and manufacturer using symmetric key
encryption.")


Conclusion


Any inquiry concerning this communication or earlier communications from the examiner should be directed to HASSAN A HUSSEIN whose telephone number is (571)272-3554. The examiner can normally be reached on 7:30am-5pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Eleni Shiferaw can be reached on (571)272-3867. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system. Status information for published 
/H.A.H./Examiner, Art Unit 2497                                                                                                                                                                                                        
/Jeremy S Duffield/Primary Examiner, Art Unit 2498