Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

DETAILED ACTION
This is in response to applicant’s amendment filed on 01/18/2022 to Application #16/495,447 filed on 09/19/2019 in which Claims 1, 3-4, 7-8 are pending, Claims 2, 5-6, 9-10 are canceled.

Status of Claims
Claims 1, 3-4, 7-8 are pending, of which Claims 1, 3-4, 7-8 are rejected under 35 U.S.C. 103.

Prior Art Rejections - 35 USC § 102 and/or 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:



Claim(s) 1, 3-4, 7-8 are rejected under 35 U.S.C. 103 as being unpatentable over ZOU CN-106101079-A in view of Rivera et al. US Patent Application Publication 2007/0014416 and further in view of ESCOTT et al. US Patent Application Publication No. 2011/0314287.

Regarding Claim 1, ZOU discloses:
An authentication system comprising: a processor; and a memory having stored therein computer instructions, wherein the processor executes the instructions to [(ZOU Page 7 Lines 34-36) where ZHO teaches an authentication server having a processor, memory, and computer instructions executed by the processor]:
generate a public key and a generation rule of an encryption key, in response to a key issuance request including a plurality of pieces of specific information that are specific to a terminal device [(ZOU Page 4 Line 48; Page 8 Lines 20-22, 28-37) where ZHO teaches in response to a key issuance request from a client or terminal device containing client or terminal device specific information regarding a malicious attack message received by the client or terminal device, the generation of both a public key by a public key generation module and an encryption key generation rule by an encryption rule generation module];
generate identification information that identifies the terminal device [(ZOU Page 2 Lines 19-25) where ZHO teaches that the generation of identification information of a signature according to a public key and a preset rule for identifying a client or terminal device];
generate the encryption key, based on the generation rule and the plurality of pieces of specific information [(ZOU Page 8 Lines 20-22, 36-37) where ZHO teaches that the new encryption key generation rule with terminal device specific information is used for generating a signature, requiring the use of a generated encryption key matching the rule and the public key to sign or encrypt the hash of an applicable message to be signed, of an encrypted service request authentication];
generate a challenge, based on an authentication request including the identification information [(ZOU Page 2 Lines 19-25) where ZHO teaches that the generation of identification information of a signature according to a public key and a preset rule for identifying a client or terminal device which is then sent as a challenge request to a receiving device to open communication with the receiving device].

ZOU does not appear to explicitly disclose:
encrypt the public key with the encryption key, and generate an encrypted public key
generate a composite key, based on the challenge and the generation rule by the terminal device

However, Rivera et al. discloses:
encrypt the public key with the encryption key, and generate an encrypted public key [(Rivera et al. Par 25 Lines 5-8) where Rivera et al. teaches that a public key is encrypted with the encryption key, then the generated encrypted public key is stored as a backup key].

ZOU and Rivera et al. are analogous art because they are from the “same field of endeavor” and are from the same “problem-solving area”.  Namely, they are both from the field of “information security”.

It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of ZOU and the teachings of Rivera et al. by providing a public key that is encrypted with an encryption key, then storing away the generated encrypted public key as a backup key as taught by Rivera et al. in the teaching described by ZOU.
The motivation for doing so would be to increase the usability and flexibility of ZOU by providing a public key that is encrypted with an encryption key, then storing away the generated encrypted public key as a backup key as taught by Rivera et al. in the teaching described by ZOU so as to provide a secure encrypted backup of the public key should the unencrypted public key ever become comprised or corrupted.

The combination of ZOU and Rivera et al. does not appear to explicitly disclose:
generate a composite key, based on the challenge and the generation rule by the terminal device

However, ESCOTT et al. discloses:
generate a composite key, based on the challenge and the generation rule by the terminal device [(ESCOTT et al. Par 95 Lines 11-16; Fig 11) where ESCOTT et al. teaches that a terminal device generates a composite key based on responding to a challenge and a generation rule to combine subscriber authentication information and device authentication information when generating the composite key].

ZOU, Rivera et al., and ESCOTT et al. are analogous art because they are from the “same field of endeavor” and are from the same “problem-solving area,”.  Namely, they are both from the field of “information security”.

It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of ZOU and Rivera et al. and the teachings of ESCOTT et al. by providing a terminal device that generates a composite key based on responding to a challenge and a generation rule to combine subscriber authentication information and device authentication information when generating the composite key as taught by ESCOTT et al. in the teaching described by ZOU and Rivera et al.
The motivation for doing so would be to increase the usability and flexibility of ZOU and Rivera et al. by providing a terminal device that generates a composite key based on responding to a challenge and a generation rule to combine subscriber authentication information and device authentication information when generating the composite key as taught by ESCOTT et al. in the teaching described by ZOU and Rivera et al. so as to utilize information belonging to both devices as the basis for generating a composite key used for authentication between the separate devices.

Regarding Claim 3 most of the limitations of this claim have been noted in the rejection of Claim 1.  Applicant is directed to the rejection of Claim 1 above.  In addition, the combination of ZOU, Rivera et al., and ESCOTT et al. discloses:
The authentication system according to claim 1, wherein the processor further execute instructions to: decrypt the encrypted public key with a decryption key [(Rivera et al. Par 25 Lines 5-8; Claim 7 Lines 1-6) where Rivera et al. teaches that an encrypted RSA key which has both Public and Private parts is decrypted using a password derived key to render the RSA key]; and
encrypt the challenge with the encryption key and generate an encrypted challenge, and generate a response authentication request including the encrypted challenge and the identification information [(ZOU Page 2 Lines 19-25, 39-40, 44-48; Page 3 Lines 3-5) where ZHO teaches that the generation of identification information of a signature according to a public key and a preset rule for identifying a client or terminal device which is then encrypted and sent as an encrypted challenge request to a receiving device to open communication with the receiving device, with the receiving device if authentication is successful, generating an encrypted authentication request response that includes the encrypted challenge and encrypted identification information].

Regarding Claim 4 most of the limitations of this claim have been noted in the rejection of Claim 3.  Applicant is directed to the rejection of Claim 3 above.  In addition, the combination of ZOU, Rivera et al., and ESCOTT et al. discloses:
The authentication system according to claim 3, wherein the processor further executes the instructions to: decrypt the encrypted challenge with the public key, and authenticate the terminal device by the identification information associated with the public key [(ZOU Page 2 Lines 19-25, 39-40, 44-48; Page 3 Lines 3-5) where ZHO teaches that the encrypted challenge is decrypted with the public key and the client or terminal device is authenticated utilizing identification information associated with the public key].

Regarding Claim 7:
It is a method claim corresponding as a subset to the system claim of claim 1.  Therefore, claim 7 is rejected with the same rationale as applied against claim 1 above.
In addition, the combination of ZOU, Rivera et al., and ESCOTT et al. discloses:
the challenge and the generation rule are used for generating a composite key by the terminal device [which is also rejected with the same rationale as applied in the rejection of claim 1 above].

Regarding Claim 8:
It is a method claim corresponding as a subset to the system claim of claim 1.  Therefore, claim 8 is rejected with the same rationale as applied against claim 1 above.
In addition, the combination of ZOU, Rivera et al., and ESCOTT et al. discloses:
An authentication method comprising: by a computer of a terminal device, generating a key issuance request [(ZOU Page 8 Lines 20-22, 28-37) where ZHO teaches in response to a key issuance request from a client or terminal device containing client or terminal device specific information regarding a malicious attack message received by the client or terminal device, the generation of both a public key by a public key generation module and an encryption key generation rule by an encryption rule generation module],
generating the encryption key, based on a public key [(ZOU Page 5 Lines 38-40) where ZHO teaches that generating the required components for generating a signature, requiring the use of a generated encryption key matching the rule and the public key to sign or encrypt the hash of an applicable message to be signed are based on a preset public key]
that the challenge is generated by an authentication device [(ESCOTT et al. Par 95 Lines 3-7; Fig 11) where ESCOTT et al. teaches that a subscription authentication challenge and/or a device authentication challenge is generated by a mobile management entity authentication device].

Response to Arguments
Applicant’s arguments filed 01/18/2022 have been fully considered but are not fully persuasive.

The claim objections to Claim 8 are withdrawn as a result of applicant’s amendments.

On Page 4 of the Applicant’s Response, applicant states that applicant has amended Claims 1, 7, and 8 consistent with the allowable subject matter of Claim 2, and that the application is now in condition for allowance.
Regrettably the examiner disagrees.
First, regarding Claim 1, the applicant did not move up ALL the limitations of Claim 2 into Claim 1, therefore the previous object allow requirements of Claim 2 if moved up into Claim 1 was not satisfied.  The examiner was thereby forced to reject amended Claim 1, since it did not meet the object allow requirements of the previous office action.
Second, regarding Claim 7, Claim 7 was originally a subset of Claim 1, the examiner never stated in the previous office action that Claim 7 would be allowable if the limitations of Claim 2 were moved into Claim 7, because Claim 7 was both too broad and Claim 7 also did not have any dependent claims to object allow to, since Claim 2 was dependent on Claim 1, not Claim 7.  Claim 7 after applicant’s amendments is still a subset of Claim 1 plus one relatively trivial added limitation that does not appear in Claim 1.
Third, regarding Claim 8, Claim 8 was originally a subset of Claim 1 plus additional limitations, the examiner never stated in the previous office action that Claim 8 would be allowable if the limitations of Claim 2 were moved into Claim 8, because Claim 8 was both too broad and Claim 8 also did not have any dependent claims to object allow to, since Claim 2 was dependent on Claim 1, not Claim 8.  Claim 8 after applicant’s amendments is still a subset of Claim 1 plus added limitations that do not appear in Claim 1.
As a result of Applicants amendments with an unsuccessful attempt to move up Claim 2 into Claim 1, and the addition of related, but not completely the same, amendments to Claims 7 and 8, the examiner was forced to add additional art and now reject all of the pending Claims, 1, 3-4, 7-8.
Even if applicant had successfully completely moved up all of Claim 2’s limitations into Claims 1, 7, 8.  Claim 1 would have been allowable as per the previous office action’s object allow to Claim 2, but Claims 7 and 8 would not, since they were not object allowed to and both Claims 7 and 8 did not and still do not have the same limitations as Claim 1.

As a result, 35 U.S.C. 103 rejections are maintained on Independent Claims 1, 7, 8.

Since 35 U.S.C. 103 rejections are maintained on Independent Claims 1, 7, 8 they are also maintained on dependent Claims 3, 4.

Therefore 35 U.S.C. 103 rejections are now maintained on Claims 1, 3-4, 7-8 of the Instant Application.

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.
Hori et al. - US_20020138442_A1_I: Hori et al teaches the secure encryption and secure authentication of a content distribution system.
Hayashi - US_20020073229_A1_I: Hayashi teaches the secure encryption and secure authentication of a wireless system.

Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action.

Any inquiry concerning this communication or earlier communications from the examiner should be directed to BRADLEY HOLDER whose telephone number is 571-270-3789.  The examiner can normally be reached on Monday-Friday 10:00AM-7:00PM Eastern Time.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Yin-Chen Shaw can be reached on (571) 272- 8878.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/BRADLEY W HOLDER/
Primary Examiner, Art Unit 2498