DETAILED ACTION
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
1.	Claims 1-20 are pending.

Double Patenting
The nonstatutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper timewise extension of the “right to exclude” granted by a patent and to prevent possible harassment by multiple assignees. A nonstatutory double patenting rejection is appropriate where the conflicting claims are not identical, but at least one examined application claim is not patentably distinct from the reference claim(s) because the examined application claim is either anticipated by, or would have been obvious over, the reference claim(s). See, e.g., In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969).
A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) or 1.321(d) may be used to overcome an actual or provisional rejection based on nonstatutory double patenting provided the reference application or patent either is shown to be commonly owned with the examined application, or claims an invention made as a result of activities undertaken within the scope of a joint research agreement. See MPEP § 717.02 for applications subject to examination under the first inventor to file provisions of the AIA  as explained in MPEP § 2159. See MPEP § 2146 et seq. for applications not subject to examination under the first inventor to file provisions of the AIA . A terminal disclaimer must be signed in compliance with 37 CFR 1.321(b). 
The USPTO Internet website contains terminal disclaimer forms which may be used. Please visit www.uspto.gov/patent/patents-forms. The filing date of the application in which the form is filed determines what form (e.g., PTO/SB/25, PTO/SB/26, PTO/AIA /25, or PTO/AIA /26) should be used. A web-based eTerminal Disclaimer may be filled out completely online using web-screens. An eTerminal Disclaimer that meets all requirements is auto-processed and approved immediately upon submission. For more information about eTerminal Disclaimers, refer to www.uspto.gov/patents/process/file/efs/guidance/eTD-info-I.jsp.
2.	Claims 1-20 are rejected on the ground of nonstatutory double patenting as being unpatentable over claims 1-18 of U.S. Patent No. 10,419,211. Although the claims at issue are not identical, they are not patentably distinct from each other because:	
Claims 1-20 of the current application ‘791 recite similar limitations to that of claims 1-20 of ‘211, such as generating and transmitting set of encryption keys where an encryption key is select from the set of encryption keys by a hash from the hash algorithm and transmitting the encryption keys enabling communication between nodes. Thus, it would have been obvious for one of ordinary skill in the art at time of the claimed invention of ‘791 to disclose a broad variation to the claimed invention of ‘211 as both have similar functionalities and end result. 

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

The factual inquiries for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.

3.	Claims 1-20 is/are rejected under 35 U.S.C. 103 as being unpatentable over Gueh [US 20140358777] in view of Riedl [US 2009/0161866].
Claim 1:	Gueh teach a method comprising: 
generating, by a first node over a network [Gueh: para 0111, 0124; e.g. verification processor. First node (and second node) can be given the broadest reasonable interpretation as a device or processor, system, server, or a user/client entity such as a card or smartcard per se. Examples in of “first node include but not limited to a cardholder or PH1 as user phone device, or processor/controller, and also interchangeably to those referring as “second node”, which includes cardholder CD2, or card issuer, or  SEV1 or ATM device, or any devices or processors per se para 0214-0215, 0237-0239, 0291, 0328-0336], a first set of encryption keys; [Gueh: para 0332]
transmitting, by the first node, the first set of encryption keys and a hash algorithm to a controller to cause the controller [Gueh: para 0341-0343; A cryptographic system comprising: identifying a session digest message to be sent to a target device (e.g. controller) in response to a session request initiated by a remote main processor (e.g. second node) belonging to the system; selecting a specific one-time generated session digest to be inserted in the session digest message, wherein the target device is the intended recipient of the specific one-time generated session digest and digest is generated using a current public encryption key (PK/ScK/a); forwarding the session digest message to the target device where target device receive the session digest message. The sub-processor initiating and exchanging transport layer security (TLS) cryptographic protocol data with the main processor to establish an encrypted data communication link between sub-processor and main processor if session digest is verified. Thus, main processor and subprocessor are different as the main processor is remote associated to the cryptographic system that’s referring to the claimed “second node” and the subprocessor associated to the target device that’s referring to the “controller” ] **to apply the hash algorithm to select a first encryption key from the first set of encryption keys by a hash from applying the hash algorithm [**as rejected under a secondary reference, discussion below] and transmit the first encryption key to a second node, the first encryption key enabling communication between the first node and the second node; [Gueh: para 0330-0331; cryptographic facility (e.g. second node) receiving from an initial communications link session initiated by verification processor (e.g. first node) a session digest and cryptographic facility using a SK private key part (SK/ScK). The cryptographic facility is on the user phone device that may be referring to the claimed “second node”]  
receiving, by the first node, a second encryption key from a second set of encryption keys generated by the second node, the second encryption key enabling the communication between the first node and the second node [Gueh: para 0337-0338; cryptographic facility (e.g. second node) operable to transmit only PK/ScK from phone device to the verification processor (e.g. first node) for subsequent generation of the said session digest by the verification processor, and said facility storing SK/ScK within cryptographic facility memory space for subsequent verification of the session digest received from verification processor. The multi-factor verification method further includes the primary key pair (PvK) comprising a PK public key part (PK/PvK) of said PvK and a SK private key part (SK/PvK) of said PvK, where PvK is generated on verification processor (e.g. first node) and the secondary key pair (ScK) comprising a PK public key part (PK/ScK) of said ScK and a SK private key part (SK/ScK) of said ScK, where ScK is generated on the phone device using cryptographic facility (e.g. second node) and only the PK/ScK is transmitted to the verification processor and SK/ScK is contained within the cryptographic facility on the phone device], wherein the first node, the second node and the controller are different. [Gueh: para 0166, 0329, 0348-0349; A multi-factor transaction-processing system for performing verification of transactions between a plurality of users and a verification processor wherein part of the said verification of each transaction is implemented between a gateway device and a phone device belonging to a specific user of each originating transaction of said plurality of users, the verification processor further comprising at least one gateway switch and a plurality of gateway devices are in operative communication with the gateway switch, verification processor in operative communication with a database and said processor receiving a plurality of transaction verification request signals. As explained above, the remote main processor is associated to the cryptographic system that’s referring to the claimed “second node”, the subprocessor associated to the target device that’s referring to the “controller”, and the verification processor referring to the “first node”. Accordingly, the verification processor, main processor and subprocessor are different] 
Gueh discloses a cryptographic system comprising: identifying a session digest message to be sent to a target device (e.g. controller) in response to a session request initiated by a remote main processor (e.g. second node) belonging to the system wherein the target device is the intended recipient of the specific one-time generated session digest and digest is generated using a current public encryption key (PK/ScK/a) and forwarding the session digest message to the target device where target device receive the session digest message. The sub-processor initiating and exchanging cryptographic protocol data with the main processor to establish an encrypted data communication link between sub-processor and main processor if session digest is verified. Thus, main processor and subprocessor are different as the main processor is remote associated to the cryptographic system that’s referring to the claimed “second node” and the subprocessor associated to the target device that’s referring to the “controller” [Gueh: para 0341-0343]. However, Gueh did not clearly apply a hash algorithm to select an encryption key; in terms of the limitation “to apply the hash algorithm to select  a first encryption key from the first set of encryption keys by a hash from applying the hash algorithm”.
Riedl teach the present invention that allows a form of "Silent Key Encryption" which in this case means that time is used by both parties to simultaneously select or generate the same encryption key from a very large set of pre-stored numbers using only the time and a method known only to the two encrypting parties. No key has to be passed between the parties for any one transaction. Ideally, the method used by both parties to select the key from the set of pre-stored numbers is different in most if not all key selection events by employing different Hashing Algorithms. This provides "cryptographic depth" as the use of the same method each time could potentially simplify the task of any code-breaker [Riedl: 0049]. Riedl further discloses A Message Entry Hashing Algorithm is defined as a mathematical formula that is used to choose the encryption key starting at the point reached in the One-Time Pad at the desired start of the encrypted transaction or some agreed relative time to that [Riedl: 0080]. The combination of the synchronised agreed Start Time, for the encrypted session, and the Message Entry Hashing Algorithm are used to select or generate an encryption key [Riedl: 0081]. Accordingly, Riedl obviously suggest “apply the hash algorithm to select  a first encryption key from the first set of encryption keys by a hash from applying the hash algorithm” by the method used by both parties to select the key from the set of pre-stored numbers is different in most if not all key selection events by employing different Hashing Algorithms [Riedl: 0049] which suggests the ability to select an (first) encryption key [Riedl: 0080] from a set of encryption keys since the method implies from the set of pre-stored numbers of the involved devices/parties per se. Thus, motivation to “apply the hash algorithm to select a first encryption key from the first set of encryption keys by a hash from applying the hash algorithm”, for the reason to provide "cryptographic depth" by employing different hashing algorithms [Riedl: 0049].
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine Riedl with Gueh to teach utility to “apply the hash algorithm to select a first encryption key from the first set of encryption keys by a hash from applying the hash algorithm”, for the reason to provide "cryptographic depth" by employing different hashing algorithms [Riedl: 0049].
Claim 2:  See Re1: para 0337-0338; discusses the method of claim 1, further comprising: sending, by the second node, the second encryption key to the first node via the controller.
Claim 3:  See Gueh: para 0332; discusses the method of claim 1, further comprising: generating, by the first node, the hash algorithm; and transmitting, by the first node, the hash algorithm to the controller.	
Claim 4:  See Re1: para 0246-0247, 0337-0349; discusses the method of claim 1, wherein the encryption key and the second encryption key form a pairwise key pair.
Claim 5:  See Re1: para 0246-0247, 0337-0349; discusses the method of claim 4, further comprising: determining by the first node, each encryption key assigned by the controller to other nodes in a network for communications using pairwise keys of the first set of encryption keys.
Claim 6:  See Gueh: para 0341-0343discusses the method of claim 5, wherein the determining performed by the first node is based on the hash algorithm.
Claim 7:  See Re1: para 0337-0338; discusses the method of claim 4, wherein for communications from the first node to the second node, the first node encrypts the communications using the second encryption key generated by the second node.
Claim 8:  See Gueh: para 0341-0343; discusses the method of claim 4, wherein for communications from the second node to the first node, the second node encrypts the communications using the first encryption key.
Claim 9:  See Re1: para 0204, 0209; discusses the method of claim 1, further comprising: notifying, via a notification generated by the controller, the first node if the encryption key is selected for two different nodes.
Claim 10:  See Re1: para 0204, 0346-0347; discusses the method of claim 9, further comprising: generating, by the first node in response to the notification, another hash algorithm for the controller, or a set of new keys and the another hash algorithm for the controller.
Claim 11:  See Re1: para 0337-0349; discusses the method of claim 1, wherein a number of keys in the first set of encryption keys is greater than a number nodes in a network that includes the first node.
Claim 12:	Gueh teach a computer network comprising: 
a first node configured to: [Gueh: para 0111, 0124; e.g. verification processor. First node (and second node) can be given the broadest reasonable interpretation as a device or processor, system, server, or a user/client entity such as a card or smartcard per se. Examples in of “first node include but not limited to a cardholder or PH1 as user phone device, or processor/controller, and also interchangeably to those referring as “second node”, which includes cardholder CD2, or card issuer, or  SEV1 or ATM device, or any devices or processors per se para 0214-0215, 0237-0239, 0291, 0328-0336]
generate a first set of encryption keys, [Gueh: para 0332] 
transmit, over the network, the first set of encryption keys and a hash algorithm to a controller to cause the controller [Gueh: para 0341-0343; A cryptographic system comprising: identifying a session digest message to be sent to a target device (e.g. controller) in response to a session request initiated by a remote main processor (e.g. second node) belonging to the system; selecting a specific one-time generated session digest to be inserted in the session digest message, wherein the target device is the intended recipient of the specific one-time generated session digest and digest is generated using a current public encryption key (PK/ScK/a); forwarding the session digest message to the target device where target device receive the session digest message. The sub-processor initiating and exchanging transport layer security (TLS) cryptographic protocol data with the main processor to establish an encrypted data communication link between sub-processor and main processor if session digest is verified. Thus, main processor and subprocessor are different as the main processor is remote associated to the cryptographic system that’s referring to the claimed “second node” and the subprocessor associated to the target device that’s referring to the “controller” ] **to apply the hash algorithm to select first encryption key from the first set of encryption keys by a hash from applying the hash algorithm [**as rejected under a secondary reference, discussion below] and transmit the first encryption key to a second node, and [Gueh: para 0330-0331; cryptographic facility (e.g. second node) receiving from an initial communications link session initiated by verification processor (e.g. first node) a session digest and cryptographic facility using a SK private key part (SK/ScK). The cryptographic facility is on the user phone device that may be referring to the claimed “second node”]  
receive a second encryption key from a second set of encryption keys generated by the second node, the second encryption key enabling communication between the first node and the second node [Gueh: para 0337-0338; cryptographic facility (e.g. second node) operable to transmit only PK/ScK from phone device to the verification processor (e.g. first node) for subsequent generation of the said session digest by the verification processor, and said facility storing SK/ScK within cryptographic facility memory space for subsequent verification of the session digest received from verification processor. The multi-factor verification method further includes the primary key pair (PvK) comprising a PK public key part (PK/PvK) of said PvK and a SK private key part (SK/PvK) of said PvK, where PvK is generated on verification processor (e.g. first node) and the secondary key pair (ScK) comprising a PK public key part (PK/ScK) of said ScK and a SK private key part (SK/ScK) of said ScK, where ScK is generated on the phone device using cryptographic facility (e.g. second node) and only the PK/ScK is transmitted to the verification processor and SK/ScK is contained within the cryptographic facility on the phone device], wherein the first node, the second node and the controller are different.  [Gueh: para 0166, 0329, 0348-0349; A multi-factor transaction-processing system for performing verification of transactions between a plurality of users and a verification processor wherein part of the said verification of each transaction is implemented between a gateway device and a phone device belonging to a specific user of each originating transaction of said plurality of users, the verification processor further comprising at least one gateway switch and a plurality of gateway devices are in operative communication with the gateway switch, verification processor in operative communication with a database and said processor receiving a plurality of transaction verification request signals. As explained above, the remote main processor is associated to the cryptographic system that’s referring to the claimed “second node”, the subprocessor associated to the target device that’s referring to the “controller”, and the verification processor referring to the “first node”. Accordingly, the verification processor, main processor and subprocessor are different] 
Gueh discloses a cryptographic system comprising: identifying a session digest message to be sent to a target device (e.g. controller) in response to a session request initiated by a remote main processor (e.g. second node) belonging to the system wherein the target device is the intended recipient of the specific one-time generated session digest and digest is generated using a current public encryption key (PK/ScK/a) and forwarding the session digest message to the target device where target device receive the session digest message. The sub-processor initiating and exchanging cryptographic protocol data with the main processor to establish an encrypted data communication link between sub-processor and main processor if session digest is verified. Thus, main processor and subprocessor are different as the main processor is remote associated to the cryptographic system that’s referring to the claimed “second node” and the subprocessor associated to the target device that’s referring to the “controller” [Gueh: para 0341-0343]. However, Gueh did not clearly apply a hash algorithm to select an encryption key; in terms of the limitation “to apply the hash algorithm to select  a first encryption key from the first set of encryption keys by a hash from applying the hash algorithm”.
Riedl teach the present invention that allows a form of "Silent Key Encryption" which in this case means that time is used by both parties to simultaneously select or generate the same encryption key from a very large set of pre-stored numbers using only the time and a method known only to the two encrypting parties. No key has to be passed between the parties for any one transaction. Ideally, the method used by both parties to select the key from the set of pre-stored numbers is different in most if not all key selection events by employing different Hashing Algorithms. This provides "cryptographic depth" as the use of the same method each time could potentially simplify the task of any code-breaker [Riedl: 0049]. Riedl further discloses A Message Entry Hashing Algorithm is defined as a mathematical formula that is used to choose the encryption key starting at the point reached in the One-Time Pad at the desired start of the encrypted transaction or some agreed relative time to that [Riedl: 0080]. The combination of the synchronised agreed Start Time, for the encrypted session, and the Message Entry Hashing Algorithm are used to select or generate an encryption key [Riedl: 0081]. Accordingly, Riedl obviously suggest “apply the hash algorithm to select  a first encryption key from the first set of encryption keys by a hash from applying the hash algorithm” by the method used by both parties to select the key from the set of pre-stored numbers is different in most if not all key selection events by employing different Hashing Algorithms [Riedl: 0049] which suggests the ability to select an (first) encryption key [Riedl: 0080] from a set of encryption keys since the method implies from the set of pre-stored numbers of the involved devices/parties per se. Thus, motivation to “apply the hash algorithm to select a first encryption key from the first set of encryption keys by a hash from applying the hash algorithm”, for the reason to provide "cryptographic depth" by employing different hashing algorithms [Riedl: 0049].
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine Riedl with Gueh to teach utility to “apply the hash algorithm to select a first encryption key from the first set of encryption keys by a hash from applying the hash algorithm”, for the reason to provide "cryptographic depth" by employing different hashing algorithms [Riedl: 0049].
Claim 13:  See Re1: para 0084, 0334-0336; discusses the computer network of claim 12, wherein the first node is further configured to generate the hash algorithm.
Claim 14:  Re1: para 0342-0343; discusses the computer network of claim 13, wherein the first node is further configured to transmit the hash algorithm to the controller.
Claim 15:  See Re1: para 0246-0247; discusses the computer network of claim 12, wherein the first encryption key and the second encryption key form a pairwise key pair.
Claim 16:  See Re1: para 0246-0247, 0337-0349; discusses the computer network of claim 15, wherein the first node is further configured to determine each encryption key assigned by the controller to other nodes in the network for communications using pairwise keys of the first set of encryption keys.
Claim 17:  See Re1: para 0084, 0334-0336; discusses the computer network of claim 16, wherein determining performed by the first node is based on a hash algorithm.
Claim 18:  See Re1: para 0337-0338; discusses the computer network of claim 15, wherein for communications from the first node to the second node, the first node is further configured to encrypt the communications using the second encryption key generated by the second node.
Claim 19:  See Re1: para 0337-0349; discusses the computer network of claim 15, wherein for communications from the second node to the first node, the second node is further configured to encrypt the communications using the first encryption key assigned to it by the controller.
Claim 20:  See Re1: para 0204, 0209; discusses the computer network of claim 12, wherein the controller is further configured to notify the first node if the first encryption key is selected for two different nodes.

Response to Arguments
4.	Applicant’s arguments with respect to claim(s) 1-20 have been considered but are moot because the new ground of rejection does not rely on any reference applied in the prior rejection of record for any teaching or matter specifically challenged in the argument.

Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to LEYNNA TRUVAN whose telephone number is (571)272-3851. The examiner can normally be reached Monday-Friday 8:00AM-5:00PM, EST.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Joseph Hirl can be reached on 571-272-3685. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

LEYNNA TRUVAN
Examiner
Art Unit 2435





/L.TT/Examiner, Art Unit 2435  

/JOSEPH P HIRL/Supervisory Patent Examiner, Art Unit 2435