Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Specification 
The specification filed on September 18, 2020 is accepted. 
Drawings
The drawings filed on September 18, 2020 are accepted.

Information Disclosure Statement
The information disclosure statement (IDS) submitted on 01/19/2022 was filed after the mailing date of the application no. 17/025111 on 09/18/2020.  The submission is in compliance with the provisions of 37 CFR 1.97.  Accordingly, the information disclosure statement is being considered by the examiner.
Claim Objections
Claims 10, 12, 16 and 18 objected to because of the following informalities: 
Claim 10 line 1 recites “the device comprising” should read “the verifier device comprising” to be consistent with a verifier device recited on line 1 of the claim.
Claim 10 last 2 lines recites “the verifier keying material” and” the receiver keying material” should read as “the verifier device keying material” and “the receiver device keying material” to be consistent with receiver device keying material recited on line 7 and verifier device keying material on line 8 respectively. 
Claim 12 line 1-2 recites “calculate the session key” should read as “calculate the session encryption key” as recited on last limitation of claim 10.
Claim 16 line 1 recites “the device comprising” should read “the receiver device comprising” to be consistent with a receiver device recited on line 1 of the claim.
Claim 18 line 1-2 recites “calculate the session key” should read as “calculate the session encryption key” as recited on last limitation of claim 16.
  Appropriate correction is required.
Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.


The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.


Claim 14 recites the limitation "the random number" in line 2.  There is insufficient antecedent basis for this limitation in the claim. it’s not clear if “the random number” refers to the first random number or the second random number recited in claim 10. If “the random number” does not refer back to the first or the second random number then the limitation should read as 
“…….change the counter value used to calculate [[the]] a random number…..”
Claim 20 recites the limitation "the random number" in line 2.  There is insufficient antecedent basis for this limitation in the claim. it’s not clear if “the random number” refers to the first random number or the second random number recited in claim 16. If “the random number” does not refer back to the first or the second random number then the limitation should read as 
“…….change the counter value used to calculate [[the]] a random number…..”


Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The factual inquiries for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1-4, 6-10 and 12-15 is/are rejected under 35 U.S.C. 103 as being unpatentable over Ishibashi (US 20090259850) in view of TANIMOTO et al (hereinafter TANIMOTO) (US 20190342081) and further in view of Day et al (hereinafter Day) (US 20150113276).

Regarding claim 1 Ishibashi teaches A method of device authentication, the method comprising: (Ishibashi on [0002] teaches a method of performing mutual authentication);
transmitting a first random number from a receiver device to an initiator device (Ishibashi Fig 3 block s2 and text on [0072-0073] teaches transmitting by the terminal (i.e. receiver device) the first random number generated at the terminal to IC card 12 (i.e. initiator device), the communication unit 38 of the IC card 12 receives the file number and first random number. See also Fig 14 block s122 and text on [0151] teaches transmitting a mutual authentication command along with first random number to the IC card 12);
transmitting the first random number, a second random number, and second key information from the initiator device to the receiver device (Ishibashi Fig 3 block S15 and text on [0075] teaches the communication unit 38 of IC card 12 (i.e. initiator device) transmits the second random number, first random number and ID (i.e. second key information) encrypted with key Ks to the terminal device (i.e. receiver device), the communication unit 28 of the information processing terminal 11 obtains the second random number, first random number, and ID encrypted with the degenerate key);
 transmitting the first random number, the second random number, and the first key information from the receiver device to the initiator device (Ishibashi Fig 3 block S8 and text on [0077] teaches terminal device transmit the first random number, second random number, and session key (i.e. first key information) encrypted with the degenerate key Ks to the IC card 12 (i.e. initiator device). See also Fig 14 block S148 and text on [0176] teaches transmitting by the terminal device the first and second random number along with session key);
 and encrypting information communicated between the initiator device and the receiver device [[using an encryption key determined using the first key information and the second key information]] (Ishibashi on [0080] teaches] the information processing terminal 11 and IC card 12 encrypt the information to be transmitted with the session key, then transmit the information).
	Ishibashi fails to explicitly teach determining, by the receiver device, first key information using the first random number and an encryption key determined using the first key information and the second key information, however TANIMOTO from analogous art teaches 
determining, by the receiver device, first key information using the first random number (TANIMOTO on [0034] teaches a session key sequence (i.e. first key information) using pseudo random numbers is prepared by the apparatus on the transmission side and stored).
Thus, it would have been obvious to one ordinary skill in the art before the effective filing date to implement the teaching of TANIMOTO into the teaching of Ishibashi by determining a key material using random number. One would be motivated to do so in order to secure communication between different devices using a key derived from random number when performing mutual authentication between two devices (TANIMOTO on [0009-0010]).
	Although the combination of Ishibashi and TANIMOTO teaches first and second key information (Ishibashi on [0075 and 0077]) but fails to explicitly teach an encryption key determined using the first key information and the second key information, however Day from analogous art teaches an encryption key determined using the first key information and the second key information (Day on [0018] teaches the server system can use a combined encryption key to encrypt client data received from the remote client during the session. The combined encryption key (i.e. encryption key) can be generated from the static key portion (i.e. static key), the session key portion (first key information), and the client key portion (i.e. second key information)).

Thus, it would have been obvious to one ordinary skill in the art before the effective filing date to implement the teaching of Day into the combined teaching of Ishibashi and TANIMOTO by generating encryption key from first and second key material. One would be motivated to do so in order to secure user credentials or sensitive data transmitted between the initiator device and the receiver device when establishing a session using the encryption key common between the first device and the second device because the encryption key is generated based on the keying information of first and the second device (Day on [0003-0004]).

Regarding claim 2 the combination of Ishibashi, TANIMOTO and Day teaches all the limitations of claim 1 above, Ishibashi further teaches and the first random number is bound to a specific context of communication between the initiator device and the receiver device (Ishibashi Fig 3 block S5 and text on [0076] teaches the common key authentication processing unit 23 compares the first random number obtained by decrypting with the first random number generated in step S1, thereby authenticating the IC card 12 (i.e. specific context of communication)).
The combination of Ishibashi and the cited portion of TANIMOTO fails to explicitly teach wherein the first random number is a pseudo random number determined using a counter value, however TANIMOTO on different portion teaches wherein the first random number is a pseudo random number determined using a counter value (TANIMOTO on [0214-0216] teaches the counter value buffer 352 is a buffer memory which stores a set value of a counter value used in the generation of a pseudo random number).
Thus, it would have been obvious to one ordinary skill in the art before the effective filing date to implement the teaching of TANIMOTO cited on [0214] into the teaching of Ishibashi generating a pseudo random number using a counter value. One would be motivated to do so in order to secure communication between different devices using a random number and tracking the random number based on a counter value for each communication session between client and server devices because every time a communication session is established a random number is generated and recorded as counter value (TANIMOTO on [0009-0010]).

Regarding claim 3 the combination of Ishibashi, TANIMOTO and Day teaches all the limitations of claim 2 above, TANIMOTO further teaches including updating the counter value for each communication session between the initiator device and the receiver device (TANIMOTO on [0216] teaches the counter value is incremented each time pseudo random number is generated in a pseudo random number generation processing unit 359).
The rationale to combine is the same as set forth above in claim 2.

	Regarding claim 4 the combination of Ishibashi, TANIMOTO and Day teaches all the limitations of claim 2 above, TANIMOTO further teaches including updating the counter value after the first random number is communicated between the receiver device and the initiator device(TANIMOTO on [0216] teaches the counter value is incremented each time pseudo random number is generated in a pseudo random number generation processing unit 359).
The rationale to combine is the same as set forth above in claim 2.
Regarding claim 6 the combination of Ishibashi, TANIMOTO and Day teaches all the limitations of claim 1 above, Day further teaches including determining the encryption key using a static key stored in each of the initiator and the receiver devices, the first key information, and the second key information (Day on [0018] teaches the server system can use a combined encryption key to encrypt client data received from the remote client during the session. The combined encryption key (i.e. encryption key) can be generated from the static key portion (i.e. static key), the session key portion (first key information), and the client key portion (i.e. second key information). See on [0019] teaches the same static key is used for different remote client in different session).
Thus, it would have been obvious to one ordinary skill in the art before the effective filing date to implement the teaching of Day into the combined teaching of Ishibashi and TANIMOTO by generating encryption key from first and second key material. One would be motivated to do so in order to secure user credentials or sensitive data transmitted between the initiator device and the receiver device when establishing a session using the encryption key common between the first device and the second device because the encryption key is generated based on the keying information of first and the second device (Day on [0003-0004]).

Regarding claim 7 the combination of Ishibashi, TANIMOTO and Day teaches all the limitations of claim 1 above, Ishibashi further teaches wherein the initiator device is a verifier device and the receiver device is a credential device (Ishibashi Fig 1 and text on [0061] teaches the communication system 1 shown in FIG. 1 is made up of two devices of an information processing terminal 11 (i.e. verifier device) having a communication function and an IC (Integrated Circuit) card 12 (i.e. credential device), and is a system wherein the information processing terminal 11 and IC card 12 perform mutual communication and exchange information).

Regarding claim 8 the combination of Ishibashi, TANIMOTO and Day teaches all the limitations of claim 7 above, Ishibashi further teaches wherein the receiver device is a smartphone and the initiator device is a server or an access control device (Ishibashi on [0301] teaches the IC card (i.e. receiver device) may be a portable telephone, music player, digital camera, notebook-type personal computer, or PDA (Personal Digital Assistant). See on [0228] teaches the terminal device (i.e. initiator device) as an access control device).

Regarding claim 9 the combination of Ishibashi, TANIMOTO and Day teaches all the limitations of claim 7 above, Ishibashi further teaches wherein the receiver device is a smart card and the initiator device is a server or an access control device (Ishibashi on [0301] teaches the IC card (i.e. receiver device) may be a portable telephone, music player, digital camera, notebook-type personal computer, or PDA (Personal Digital Assistant). See on [0228] teaches the terminal device (i.e. initiator device) as an access control device).

Regarding claim 10 Ishibashi teaches a verifier device of an authentication system, the device comprising (Ishibashi Fig 1 and text on [0061] teaches the communication system 1 shown in FIG. 1 is made up of two devices of an information processing terminal 11 (i.e. credential device) having a communication function and an IC (Integrated Circuit) card 12 (i.e. verifier device), and is a system wherein the information processing terminal 11 and IC card 12 perform mutual communication and exchange information);
physical layer circuitry (Ishibashi Fig 1 block 23 and text on [0064] teaches the IC card 12 comprising a common key authentication processing unit 33 (i.e. physical layer circuitry) made up of computing processing device such as CPU for mutual authentication process);
and processing circuitry operatively coupled to the physical layer circuitry and configured to: (Ishibashi Fig 1 block 23 and text on [0064] teaches the IC card 12 comprising a common key authentication processing unit 33 (i.e. physical layer circuitry) made up of computing processing device such as CPU for mutual authentication process coupled with communication unit 38 (i.e. processing circuitry) is made up of an IC chip or loop antenna or the like including a communicating circuit);
[[decode]] a response communication received from the credential device, wherein the response communication includes a first random number (Ishibashi Fig 3 block s2 and text on [0072-0073] teaches transmitting by the terminal (i.e. credential device) the first random number generated at the terminal to IC card 12 (i.e. verifier device), the communication unit 38 of the IC card 12 receives the file number and first random number);
encrypt the first random number, a second random number, and verifier device keying material for sending to the credential device (Ishibashi Fig 4 and text on [0074-0075] teaches encrypt the second random number, first random number, and the ID of the IC card 12 (i.e. verifier key material) thereof with the degenerate key Ks for transmitting to the terminal device. See also on Fig 14 block S137 and text on [0162] teaches encrypting the first random number, the second random number and the keying information);
decrypt encrypted information received from the credential device, wherein the encrypted information includes the first random number, the second random number, and the receiver device keying material (Ishibashi on [0078] teaches decrypt the encoded first random number, second random number, and session key (i.e. receiver device keying material) with the degenerate key Ks).

Ishibashi fails to explicitly teach determine receiver device keying material using the first random number, encode an authentication command for sending to a credential device, and calculate a session encryption key using the verifier keying material and the receiver keying material, however TANIMOTO from analogous art teaches determine receiver device keying material using the first random number (TANIMOTO on [0034] teaches a session key sequence using pseudo random numbers is prepared by the apparatus on the transmission side and stored).
Thus, it would have been obvious to one ordinary skill in the art before the effective filing date to implement the teaching of TANIMOTO into the teaching of Ishibashi by determining a key material using random number. One would be motivated to do so in order to secure communication between different devices using a key derived from random number when performing mutual authentication between two devices (TANIMOTO on [0009-0010]).
	Although the combination of Ishibashi and TANIMOTO teaches command containing first random number issued by the terminal device, but fails to explicitly teach encode an authentication command for sending to a credential device, decoding a response and calculate a session encryption key using the verifier keying material and the receiver keying material, however Day from analogous art teaches encode an authentication command for sending to a credential device (Day Fig 1 block 106, 110, 116 and text on [0031 and 0042] teaches the client application executed on computing device 104 transmitting session command along with credential, wherein the credential comprises authentication information such as user name or password for performing authentication based on authentication information from the credential (i.e. authentication information encoded in the credential));
decoding a response (Day Fig 1 block 106, 110, 116 and text on [0031] teaches the client application executed on computing device 104 transmitting session command along with credential, wherein the credential comprises authentication information such as user name or password for performing authentication based on authentication information from the credential (i.e. authentication information encoded in the credential) by comparing the authentication information included in the credential with the stored authentication information (i.e. decoding authentication command));
and calculate a session encryption key using the verifier keying material and the receiver keying material (Day on [0018] teaches the server system can use a combined encryption key to encrypt client data received from the remote client during the session. The combined encryption key (i.e. session encryption key) can be generated from the static key portion (i.e. static key), the session key portion (i.e. verifier keying material), and the client key portion (i.e. receiver keying material)).
Thus, it would have been obvious to one ordinary skill in the art before the effective filing date to implement the teaching of Day into the combined teaching of Ishibashi and TANIMOTO by generating encryption key from first and second key material and sending an encoded command to the device. One would be motivated to do so in order to secure user credentials or sensitive data transmitted between the initiator device and the receiver device when establishing a session using the encryption key common between the first device and the second device because the encryption key is generated based on the keying information of first and the second device (Day on [0003-0004]).

Regarding claim 12 the combination of Ishibashi, TANIMOTO and Day teaches all the limitations of claim 10 above, Day further teaches wherein the processing circuitry is configured to calculate the session key using a static key, the verifier device keying material, and the receiver device keying material (Day on [0018] teaches the server system can use a combined encryption key to encrypt client data received from the remote client during the session. The combined encryption key (i.e. encryption key) can be generated from the static key portion (i.e. static key), the session key portion (first key information), and the client key portion (i.e. second key information). See on [0019] teaches the same static key is used for different remote client in different session).
Thus, it would have been obvious to one ordinary skill in the art before the effective filing date to implement the teaching of Day into the combined teaching of Ishibashi and TANIMOTO by generating encryption key from first and second key material along with static key. One would be motivated to do so in order to secure user credentials or sensitive data transmitted between the initiator device and the receiver device when establishing a session using the encryption key common between the first device and the second device because the encryption key is generated based on the keying information of first and the second device (Day on [0003-0004]).

Regarding claim 13 the combination of Ishibashi, TANIMOTO and Day teaches all the limitations of claim 10 above, the combination of Ishibashi and the cited portion of TANIMOTO fails to explicitly teach wherein the processing circuitry is configured to calculate the first random number by applying a counter value to a pseudo random number function, however TANIMOTO on different section teaches wherein the processing circuitry is configured to calculate the first random number by applying a counter value to a pseudo random number function (TANIMOTO on [0214-0216] teaches counter value buffer 352 is a buffer memory which stores a set value of a counter value used in the generation of a pseudo random number).
Thus, it would have been obvious to one ordinary skill in the art before the effective filing date to implement the teaching of TANIMOTO cited on [0214] into the teaching of Ishibashi generating a pseudo random number using a counter value. One would be motivated to do so in order to secure communication between different devices using a random number and tracking the random number based on a counter value for each communication session between client and server devices because every time a communication session is established a random number is generated and recorded as counter value (TANIMOTO on [0009-0010]).
Regarding claim 14 the combination of Ishibashi, TANIMOTO and Day teaches all the limitations of claim 13 above TANIMOTO further teaches wherein the processing circuitry is configured to change the counter value used to calculate the random number for each communication session with the credential device (TANIMOTO on [0216] teaches the counter value is incremented each time pseudo random number is generated in a pseudo random number generation processing unit 359).
The rationale to combine is the same as set forth above in claim 13.

Regarding claim 15 the combination of Ishibashi, TANIMOTO and Day teaches all the limitations of claim 13 above TANIMOTO further teaches wherein the processing circuitry is configured to change the counter value used to calculate the first random number after an exchange of information with the credential device (TANIMOTO on [0216] teaches the counter value is incremented each time pseudo random number is generated in a pseudo random number generation processing unit 359).
The rationale to combine is the same as set forth above in claim 13.


Claims 5 and 11 is/are rejected under 35 U.S.C. 103 as being unpatentable over Ishibashi (US 20090259850) in view of TANIMOTO et al (hereinafter TANIMOTO) (US 20190342081) in view of Day et al (hereinafter Day) (US 20150113276) and further in view of Sutton et al (hereinafter Sutton) (US 20070124589).

Regarding claim 5 the combination of Ishibashi, TANIMOTO and Day teaches all the limitations of claim 1 above, although the combination of Ishibashi, TANIMOTO and Day teaches determining first key information using random number, but fails to explicitly teach wherein the determining the first key information includes determining the first key information using a static key and the first random number, however Sutton from analogous art teaches wherein the determining the first key information includes determining the first key information using a static key and the first random number (Sutton on [0020-0021] teaches the unit generates its own random number, the generated random number and the second static key can then be used to generate a session key).
Thus, it would have been obvious to one ordinary skill in the art before the effective filing date to implement the teaching of Sutton into the combined teaching of Ishibashi, TANIMOTO and Day by generating first key information using both the generated random number and the static key. One would be motivated to do so in order to perform mutual authentication between host and smart card using the session key because the session key would be specific to the device which transmits the random number and letter can be used in authentication process when comparing the first random number at the receiver side with the first random number originally generated (Sutton on [0001 and 0021]).

Regarding claim 11 the combination of Ishibashi, TANIMOTO and Day teaches all the limitations of claim 10 above, although the combination of Ishibashi, TANIMOTO and Day teaches determining first key information using random number, but fails to explicitly teach wherein the processing circuitry is configured to calculate the receiver device keying material using a static key and the first random number, however Sutton from analogous art teaches wherein the processing circuitry is configured to calculate the receiver device keying material using a static key and the first random number (Sutton on [0020-0021] teaches the unit generates its own random number. Both the locally generated random number and the second static key can then be used to generate a session key (i.e. receiver device keying material)).
Thus, it would have been obvious to one ordinary skill in the art before the effective filing date to implement the teaching of Sutton into the combined teaching of Ishibashi, TANIMOTO and Day by generating first key information using both the generated random number and the static key. One would be motivated to do so in order to perform mutual authentication between host and smart card using the session key because the session key would be specific to the device which transmits the random number and letter can be used in authentication process when comparing the first random number at the receiver side with the first random number originally generated (Sutton on [0001 and 0021]).

Claims 16 and 18 is/are rejected under 35 U.S.C. 103 as being unpatentable over Ishibashi (US 20090259850) in view of Day et al (hereinafter Day) (US 20150113276).

Regarding claim 16 Ishibashi teaches a receiver device of an authentication system, the device comprising: (Ishibashi Fig 1 and text on [0061] teaches the communication system 1 shown in FIG. 1 is made up of two devices of an information processing terminal 11 (i.e. credential device) having a communication function and an IC (Integrated Circuit) card 12 (i.e. verifier device), and is a system wherein the information processing terminal 11 and IC card 12 perform mutual communication and exchange information);
physical layer circuitry (Ishibashi Fig 1 block 23 and text on [0061] teaches the terminal device 11 comprises the common key authentication processing unit 23 (i.e. physical layer circuitry) is made up of a computing processing device such as a CPU);
and processing circuitry operatively coupled to the physical layer circuitry and configured to: (Ishibashi Fig 1 block 23 and text on [0061] teaches the terminal device 11 comprises the common key authentication processing unit 23 (i.e. physical layer circuitry) is made up of a computing processing device such as a CPU coupled to the communication unit 28 (i.e. processing circuitry) is made up of an IC chip or loop antenna including a communication circuit);
[[encode]] a response for sending to the verifier device, wherein the response includes a first random number (Ishibashi Fig 3 block s2 and text on [0072-0073] teaches transmitting by the terminal (i.e. receiver device) the first random number generated at the terminal to IC card 12 (i.e. verifier device), the communication unit 38 of the IC card 12 receives (i.e. extract) the file number and first random number);
decrypt encrypted information received from the verifier device, wherein the encrypted information includes the first random number, a second random number, and verifier device keying material (Ishibashi Fig 3 block S4 and text on [0076] teaches the common key authentication processing unit 23 of the information processing terminal 11 controls the decrypting unit 27 to decrypt the encrypted second random number, first random number, and ID (i.e. verifier device key material) with the degenerate day received from the IC card 12);
encrypt the first random number, the second random number and receiver device keying material for sending to the verifier device (Ishibashi Fig 3 block S7 and text on [0077] teaches the terminal (i.e. receiver device) encrypt the first random number, second random number, and session key (i.e. receiver device key material) with the degenerate key Ks).
Although the combination of Ishibashi teaches command containing first random number issued by the terminal device, but fails to explicitly teach decode an authentication command received from a verifier device and calculate a session encryption key using the verifier device keying material and the receiver device keying material, however Day from analogous art teaches decode an authentication command received from a verifier device (Day Fig 1 block 106, 110, 116 and text on [0031] teaches the client application executed on computing device 104 transmitting session command along with credential, wherein the credential comprises authentication information such as user name or password for performing authentication based on authentication information from the credential (i.e. authentication information encoded in the credential) by comparing the authentication information included in the credential with the stored authentication information (i.e. decoding authentication command));
encode an authentication command (Day Fig 1 block 106, 110, 116 and text on [0031 and 0042] teaches the client application executed on computing device 104 transmitting session command along with credential, wherein the credential comprises authentication information such as user name or password for performing authentication based on authentication information from the credential (i.e. authentication information encoded in the credential));
and calculate a session encryption key using the verifier device keying material and the receiver device keying material (Day on [0018] teaches the server system can use a combined encryption key to encrypt client data received from the remote client during the session. The combined encryption key (i.e. session encryption key) can be generated from the static key portion (i.e. static key), the session key portion (i.e. verifier keying material), and the client key portion (i.e. receiver keying material)).
Thus, it would have been obvious to one ordinary skill in the art before the effective filing date to implement the teaching of Day into the combined teaching of Ishibashi and TANIMOTO by generating encryption key from first and second key material and sending an encoded command to the device. One would be motivated to do so in order to secure user credentials or sensitive data transmitted between the initiator device and the receiver device when establishing a session using the encryption key common between the first device and the second device because the encryption key is generated based on the keying information of first and the second device (Day on [0003-0004]).

Regarding claim 18 the combination of Ishibashi and Day teaches all the limitations of claim 16 above, Day further teaches wherein the processing circuitry is configured to calculate the session key using a static key, the verifier device key material, and the receiver device keying material (Day on [0018-0019] teaches the server system can use a combined encryption key to encrypt client data received from the remote client during the session. The combined encryption key (i.e. session encryption key) can be generated from the static key portion (i.e. static key), the session key portion (i.e. verifier keying material), and the client key portion (i.e. receiver keying material), the static key is the same for different client device).
Thus, it would have been obvious to one ordinary skill in the art before the effective filing date to implement the teaching of Day into the combined teaching of Ishibashi and TANIMOTO by generating encryption key from first and second key material and sending an encoded command to the device. One would be motivated to do so in order to secure user credentials or sensitive data transmitted between the initiator device and the receiver device when establishing a session using the encryption key common between the first device and the second device because the encryption key is generated based on the keying information of first and the second device (Day on [0003-0004]).


Claim 17 is/are rejected under 35 U.S.C. 103 as being unpatentable over Ishibashi (US 20090259850) in view of Day et al (hereinafter Day) (US 20150113276) and further in view of Sutton et al (hereinafter Sutton) (US 20070124589).

Regarding claim 17 the combination of Ishibashi and Day teaches all the limitations of claim 16 above, the combination fails to explicitly teach wherein the processing circuitry is configured to calculate the receiver device keying material using a static key and the second random number, however Sutton from analogous art teaches wherein the processing circuitry is configured to calculate the receiver device keying material using a static key and the second random number (Sutton on [0020-0021] teaches the unit generates its own random number, the generated random number and the second static key can then be used to generate a session key).
Thus, it would have been obvious to one ordinary skill in the art before the effective filing date to implement the teaching of Sutton into the combined teaching of Ishibashi, TANIMOTO and Day by generating first key information using both the generated random number and the static key. One would be motivated to do so in order to perform mutual authentication between host and smart card using the session key because the session key would be specific to the device which transmits the random number and letter can be used in authentication process when comparing the first random number at the receiver side with the first random number originally generated (Sutton on [0001 and 0021]).

Claims 19-20 is/are rejected under 35 U.S.C. 103 as being unpatentable over Ishibashi (US 20090259850) in view of Day et al (hereinafter Day) (US 20150113276) and further in view of Sutton et al (hereinafter Sutton) (US 20070124589).

Regarding claim 19 the combination of Ishibashi and Day teaches all the limitations of claim 16 above, the combination fails to explicitly teach wherein the processing circuitry is configured to calculate the first random number by applying a counter value to a pseudo random number function, however TANIMOTO from analogous art teaches wherein the processing circuitry is configured to calculate the first random number by applying a counter value to a pseudo random number function (TANIMOTO on [0214-0216] teaches the counter value buffer 352 is a buffer memory which stores a set value of a counter value used in the generation of a pseudo random number).
Thus, it would have been obvious to one ordinary skill in the art before the effective filing date to implement the teaching of TANIMOTO cited on [0214] into the teaching of Ishibashi generating a pseudo random number using a counter value. One would be motivated to do so in order to secure communication between different devices using a random number and tracking the random number based on a counter value for each communication session between client and server devices because every time a communication session is established a random number is generated and recorded as counter value (TANIMOTO on [0009-0010]).

Regarding claim 20 the combination of Ishibashi, Day and TANIMOTO teaches all the limitations of claim 19 above, TANIMOTO further teaches wherein the processing circuitry is configured to change the counter value used to calculate the random number for each communication session with the verifier device (TANIMOTO on [0216] teaches the counter value is incremented each time pseudo random number is generated in a pseudo random number generation processing unit 359).
The rationale to combine is the same as set forth above in claim 19.

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. 
Oda et al (US 20200036518) The invention is directed towards securing communication between two devices by use of a self-synchronizing stream cipher enables encrypted communications in which pseudo-random number synchronization can be automatically established between the transmitter node and the receiver node.
Fahn et al (US 8694783) is directed towards a secure authentication channel (SAC) between two nodes in a communication network is created by the nodes themselves using mutual authentication. More specifically, it relates to establishing secure channels between entities in a data communications network.
SCHIFFMAN et al (US 20190036689) is directed towards pairing a first electronic device and a data relay apparatus associated with a second electronic device to establish a secure wireless communication link there between. The pairing may include mutual verification of an identifier using the verifier, establishing shared key data and using the shared key data to establish a shared secret value for use in determining a derived key.

Any inquiry concerning this communication or earlier communications from the examiner should be directed to MOEEN KHAN whose telephone number is (571)272-3522. The examiner can normally be reached 7AM-5PM EST M-TH Alternate Fridays.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Shewaye Gelagay can be reached on (571)272-4219. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/MOEEN KHAN/               Examiner, Art Unit 2436