DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection.  Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114.  Applicant's submission filed on 5/9/2022 has been entered.
As per instant Amendment, claims 1-3 and 5 have been amended; claims 1, 3, 4, 5, 12, 14 and 15 are independent claims. Claims 1-19 have been examined and are pending in this application. This Action is made Non-Final. 

Note to Applicant’s Representative
The examiner invites Applicant’s Representative to a courtesy interview to discuss the claimed invention.  The examiner wishes to discuss the selection as argued by Applicant and potential clarifications to aid in advancing prosecution.  






Response to Arguments
Applicant’s arguments towards Claims 1-19 rejected under 35 U.S.C. 101, have been withdrawn as applicant’s arguments have been found persuasive with respect to 35 U.S.C. 101. 
Applicant’s arguments towards Claims 1-19 rejected under 35 U.S.C. 102/103, have been fully considered but they are not persuasive.
Applicant Argues: As recited in independent Claim 1, the present invention includes, inter alia, the features of (i) an authentication device that selects one first authentication secret data or one second authentication secret data to be used for authentication depending on a version of the authentication target device, and (ii) an authentication target device that selects a plurality of pieces of first authentication target secret data or second authentication target secret data to be used for authentication depending on a version of the authentication device. Furthermore, independent Claim 1 recites that (1) when the first version is any of the versions from the third version to the fourth version, the second processor of the authentication target device calculates first response data using one first authentication target secret data, in the plurality pieces of first authentication target secret data, the one first authentication target secret data corresponding to the one first authentication secret data, and the first processor of the authentication device performs authentication of the authentication target device based on the first response data and the one first authentication secret data, and (2) when the first version is any of the versions from the fifth version to the sixth version, the second processor of the authentication target device 
calculates second response data using the one second authentication target secret data, and the first processor of the authentication device performs authentication of the authentication target device based on the second response data and the one second authentication secret data. 
Applicant submits that the cited art fails to disclose or suggest at least the above- mentioned features of the independent claims. 
First, Applicant notes that the Office Action asserts that Claim 1 does not recite selecting secret data. The above amendments clarify that one secret data is selected. 
Furthermore, the Office Action asserts that Lee discloses selecting secret data in paragraph 0061. Applicant respectfully disagrees. 
Lee discloses that each device has the AuT of one version. According to Fig. 3 of Lee, the AuT includes one Version Index indicating a version of the AuT, and one Group Authentication Key of the version. GK(i), which is a Group Authentication Key of version i, is generated from GK(i+1). Therefore, the joining device 115-e, which has the AuT of one version, can authenticate the group member device 115-f, which has the AuT of another version. 
When a first device authenticates a second device, the first device needs to know a version difference between the AuT included in the first device and the AuT included in the second device. However, this is not "selection" of data. More specifically, since each device has only one GK and only one version index in Lee, a device cannot select one GK from a plurality of GKs, and the device cannot select one version index from a plurality of version indexes. In other words, in Lee, the first device needs to calculate the version difference based on the version index of the AuT included in the first device and the version index of the AuT included in the second device; however, the first device and the second device do not need to perform selection- 15 - 
of version index and/or GK. What the first device uses to perform authentication is the one GK and the one Version index included in the one AuT that the first device has. 
Accordingly, Lee fails to disclose or suggest at least the above-mentioned features of Claim 1.
Examiner’s Response:  The examiner respectfully disagrees.  The examiner respectfully notes applicant argues that the references fail to show certain features of applicant’s invention, it is noted that the features upon which applicant relies (i.e., The above amendments clarify that one secret data is selected, more specifically (i) an authentication device that selects one first authentication secret data or one second authentication secret data to be used for authentication depending on a version of the authentication target device, and (ii) an authentication target device that selects a plurality of pieces of first authentication target secret data or second authentication target secret data to be used for authentication depending on a version of the authentication device.).  The examiner respectfully notes at best the claims recite storing... authentication secret data and authentication target secret data and then calculating responses based on use of target secret data with respect to a specific version.  There is no recitation of selection of what secret data, just a calculation using target secret data.   The examiner respectfully requests the claims be clarified to show such a selection as argued by applicant.
The examiner respectfully notes that Lee does in fact teach concepts of when the first version is any of the versions from the third version to the fourth version and/or the fifth version to the sixth version the first processor can calculate a response based on target secret data (i.e., one first authentication secret data from the plurality of pieces of first authentication data and/or second authentication target secret data) ([0050]-[0051]).  More specifically Lee teaches concepts of selecting a version of the group authentication key, see [0050]-[0051].  The examiner reasonably constructs that GK(1 and/or i) can reasonably represent one second authentication target data.  The examiner notes the use of - i-1, i-2, - i-3, etc. of the versioning can represent plurality of pieces of first authentication target secret data which can be a representation of third/fourth versioning selection and that a response can be calculated based on the selection of a version which produces the first response data (i.e., group key) that will be authenticated to the authentication secret data.  The examiner notes based on the version and group key generated a device can be authenticated, see [0061] - In another example, the group member device 115-f may authenticate the joining device 115-e based on the differences between the version index, e.g., up to one, two, three, etc., different versions are support for authentication. Other authentication determinations may be based on a combination of the reason code, the version index, as well as other factors known to the group member device 115-f and/or the joining device 115-e. Accordingly, the group member device may authenticate using version indexes that are newer and/or older than the version index from the joining device. Further, when reasonably constructed when GK(i) can represent the one second authentication target secret data and further in the cases of GK(i+1) can represent movement of the fifth to the sixth based on the teaching of Lee stating in [0050] - In some examples, the group authentication key 325 is distributed to mobile devices in the reverse order of creation, e.g., GK(4) is generated first and GK(3) is generated next since GK(3) is derived from GK(4) by construction, yet GK(3) is distributed first, GK(4) is distributed next, and so on.   Thus, when going from the fifth to the sixth version with GK(1 or i) to GK(1 or i+1) this would read on the concepts of the claim of calculating a second response in which authenticating, see [0061] – same citation as above, is based on the second response data and second authentication secret data which noted by antecedent by anteceded as the newer version than the second version. Thus, based on the use of secret data as the different versions a response can be calculated as the response data needed for authenticating based on that response and the first/second authentication secret data.  Therefore, the examiner respectfully notes that Lee does in fact read on the claims when reasonably constructed. Therefore, the examiner finds these arguments not persuasive. 
 The examiner again respectfully notes that there is no selection clearly or positively recited, and it is suggested to clarify within the claims the selection of authentication secret data and target secret data for use in the calculation of the response, because as best the claims recite storing and then using target secret data to calculate a response in which the response is authenticated based on the response and the authentication secret data.  
















Claim Rejections - 35 USC § 102
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –

(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale, or otherwise available to the public before the effective filing date of the claimed invention.


Claim(s) 1, 3, 4, 14-16 and 18 is/are rejected under 35 U.S.C. 102(a)(1) as being anticipated by Lee et al. (US 2016/0135045 A1).

Regarding Claim 1; 
Lee discloses an authentication system comprising an authentication device and an authentication target device (FIG. 2 – Joining Device and Group Member Device), wherein 
the authentication device includes:
a first memory configured to store  stores one first authentication secret data and one second authentication secret data, the one first authentication secret data to authenticate the authentication target device of a version from a first version that is the same as the authentication device to a second version newer than the first version, the one second authentication secret data to authenticate the authentication target device of a version newer than the second version (FIG. 1 and FIG. 3 – Group Authentication Key including GK1, GK2, GK3, and GK4 and Version Index and FIG. 8 and [0050] - In some examples, the group authentication key 325 is distributed to mobile devices in the reverse order of creation, e.g., GK(4) is generated first and GK(3) is generated next since GK(3) is derived from GK(4) by construction, yet GK(3) is distributed first, GK(4) is distributed next, and so on. When the key chain is exhausted, e.g., the final group authentication key 325 is distributed, a new chain may be created with and signed by the AS. In some examples, the mobile devices may be provided the root key (GK(1)) during initial account establishment and may use the root key to authenticate subsequent iterations of the group authentication key 325 and [0051] - In some examples, the subsequent version of the GK(i+1) is generated such that group member devices may verify the authenticity of GK(i+1) using GK(i) or prior versions of GKs, e.g., GK(i-1), GK(i-2), etc. and [0061] - At 435, the joining device 115-e may authenticate with the group member device 115-f using an AuT with version index i+1 whereas the group member device 115-f accepts the authentication using an AuT with version index i. As discussed, the AuT provided herein may permit forwards and/or backwards compatibility for authentication between devices... In another example, the group member device 115-f may authenticate the joining device 115-e based on the differences between the version index, e.g., up to one, two, three, etc., different versions are support for authentication...  Accordingly, the group member device may authenticate using version indexes that are newer and/or older than the version index from the joining device); and
a first processor (FIG. 1), and
the authentication target device includes:
a second memory configured to store a plurality pieces of first authentication target secret data and one second authentication target secret data, the plurality pieces of first authentication target secret data corresponding to each of versions from a third version that is same as the authentication target device to a fourth version older than the third version and for authentication by the authentication device of a version from the third version to the fourth version, one second authentication target secret data corresponding to each of versions from a fifth version to a sixth version and for authentication by the authentication device of a version from the fifth version to the sixth version, the fifth version being older than the fourth version by one version, the sixth version being older than the fifth version (FIG. 1 and FIG. 3 – Group Authentication Key including GK1, GK2, GK3, and GK4 and Version Index and [0050] - In some examples, the group authentication key 325 is distributed to mobile devices in the reverse order of creation, e.g., GK(4) is generated first and GK(3) is generated next since GK(3) is derived from GK(4) by construction, yet GK(3) is distributed first, GK(4) is distributed next, and so on. When the key chain is exhausted, e.g., the final group authentication key 325 is distributed, a new chain may be created with and signed by the AS. In some examples, the mobile devices may be provided the root key (GK(1)) during initial account establishment and may use the root key to authenticate subsequent iterations of the group authentication key 325 and [0051] - The version index 330 may include one or more information elements associated with indicating a version of the AuT 305. The AS may update the AuT 305 for various reasons, e.g., timed-rollover for maintenance, group authentication key compromise, etc. The AS may, in some examples, create the group authentication key 325 using the hash function based on the group secret being hashed with the group identifier 315. The version index 330 may indicate which iteration of the hashing function is associated with the current AuT 305... and FIG. 8  and [0061] - At 435, the joining device 115-e may authenticate with the group member device 115-f using an AuT with version index i+1 whereas the group member device 115-f accepts the authentication using an AuT with version index i. As discussed, the AuT provided herein may permit forwards and/or backwards compatibility for authentication between devices... In some examples, the group member device 115-f may authenticate the joining device 115-e based on the reason code, e.g., the reason code indicates that the key change was scheduled and, therefore, the group member device 115-f trusts the AuT from the joining device despite the different version index. In another example, the group member device 115-f may authenticate the joining device 115-e based on the differences between the version index, e.g., up to one, two, three, etc., different versions are support for authentication. Other authentication determinations may be based on a combination of the reason code, the version index, as well as other factors known to the group member device 115-f and/or the joining device 115-e. Accordingly, the group member device may authenticate using version indexes that are newer and/or older than the version index from the joining device.); and 
wherein 
when the first version is any of the versions from the third version to the fourth version,
 the second processor of the authentication target device calculates first response data using one first authentication target secret data, in the plurality pieces of first authentication target secret data, the one first authentication target secret data corresponding to the one first authentication secret data (FIG. 1 and FIG. 3 – Group Authentication Key including GK1, GK2, GK3, and GK4 and Version Index and [0050] - In some examples, the group authentication key 325 is distributed to mobile devices in the reverse order of creation, e.g., GK(4) is generated first and GK(3) is generated next since GK(3) is derived from GK(4) by construction, yet GK(3) is distributed first, GK(4) is distributed next, and so on. When the key chain is exhausted, e.g., the final group authentication key 325 is distributed, a new chain may be created with and signed by the AS. In some examples, the mobile devices may be provided the root key (GK(1)) during initial account establishment and may use the root key to authenticate subsequent iterations of the group authentication key 325 and [0051] - The version index 330 may include one or more information elements associated with indicating a version of the AuT 305. The AS may update the AuT 305 for various reasons, e.g., timed-rollover for maintenance, group authentication key compromise, etc. The AS may, in some examples, create the group authentication key 325 using the hash function based on the group secret being hashed with the group identifier 315. The version index 330 may indicate which iteration of the hashing function is associated with the current AuT 305... and FIG. 8  and [0061] - At 435, the joining device 115-e may authenticate with the group member device 115-f using an AuT with version index i+1 whereas the group member device 115-f accepts the authentication using an AuT with version index i. As discussed, the AuT provided herein may permit forwards and/or backwards compatibility for authentication between devices... In some examples, the group member device 115-f may authenticate the joining device 115-e based on the reason code, e.g., the reason code indicates that the key change was scheduled and, therefore, the group member device 115-f trusts the AuT from the joining device despite the different version index. In another example, the group member device 115-f may authenticate the joining device 115-e based on the differences between the version index, e.g., up to one, two, three, etc., different versions are support for authentication. Other authentication determinations may be based on a combination of the reason code, the version index, as well as other factors known to the group member device 115-f and/or the joining device 115-e. Accordingly, the group member device may authenticate using version indexes that are newer and/or older than the version index from the joining device.), and 
the first processor of the authentication device performs authentication of the authentication target device based on the first response data and the one first authentication secret data ([0051] -  In some examples, the subsequent version of the GK(i+1) is generated such that group member devices may verify the authenticity of GK(i+1) using GK(i) or prior versions of GKs, e.g., GK(i−1), GK(i−2), etc. and [0061]), and 
when the first version is any of the versions from the fifth version to the sixth version,
 the second processor of the authentication target device calculates second response data using the one second authentication target secret data (FIG. 1 and FIG. 3 – Group Authentication Key including GK1, GK2, GK3, and GK4 and Version Index and [0050] - In some examples, the group authentication key 325 is distributed to mobile devices in the reverse order of creation, e.g., GK(4) is generated first and GK(3) is generated next since GK(3) is derived from GK(4) by construction, yet GK(3) is distributed first, GK(4) is distributed next, and so on. When the key chain is exhausted, e.g., the final group authentication key 325 is distributed, a new chain may be created with and signed by the AS. In some examples, the mobile devices may be provided the root key (GK(1)) during initial account establishment and may use the root key to authenticate subsequent iterations of the group authentication key 325 and [0051] - The version index 330 may include one or more information elements associated with indicating a version of the AuT 305. The AS may update the AuT 305 for various reasons, e.g., timed-rollover for maintenance, group authentication key compromise, etc. The AS may, in some examples, create the group authentication key 325 using the hash function based on the group secret being hashed with the group identifier 315. The version index 330 may indicate which iteration of the hashing function is associated with the current AuT 305... and FIG. 8  and [0061] - At 435, the joining device 115-e may authenticate with the group member device 115-f using an AuT with version index i+1 whereas the group member device 115-f accepts the authentication using an AuT with version index i. As discussed, the AuT provided herein may permit forwards and/or backwards compatibility for authentication between devices... In some examples, the group member device 115-f may authenticate the joining device 115-e based on the reason code, e.g., the reason code indicates that the key change was scheduled and, therefore, the group member device 115-f trusts the AuT from the joining device despite the different version index. In another example, the group member device 115-f may authenticate the joining device 115-e based on the differences between the version index, e.g., up to one, two, three, etc., different versions are support for authentication. Other authentication determinations may be based on a combination of the reason code, the version index, as well as other factors known to the group member device 115-f and/or the joining device 115-e. Accordingly, the group member device may authenticate using version indexes that are newer and/or older than the version index from the joining device.), and
 the first processor of the authentication device performs authentication of the authentication target device based on the second response data and the one second authentication secret data ([0051] -  In some examples, the subsequent version of the GK(i+1) is generated such that group member devices may verify the authenticity of GK(i+1) using GK(i) or prior versions of GKs, e.g., GK(i−1), GK(i−2), etc. and [0061]).

Regarding Claim 3; 
Lee discloses an authentication system comprising an authentication device and an authentication target device (FIG. 2 – Joining Device and Group Member Device), 
wherein the authentication device includes:
 a first memory configured to store one first authentication secret data to authenticate the authentication target device of a first version that is the same as the authentication device and one second authentication secret data to authenticate the authentication target device of a version newer than the first version (FIG. 1 and FIG. 3 – Group Authentication Key including GK1, GK2, GK3, and GK4 and Version Index and FIG. 8 and [0050] - In some examples, the group authentication key 325 is distributed to mobile devices in the reverse order of creation, e.g., GK(4) is generated first and GK(3) is generated next since GK(3) is derived from GK(4) by construction, yet GK(3) is distributed first, GK(4) is distributed next, and so on. When the key chain is exhausted, e.g., the final group authentication key 325 is distributed, a new chain may be created with and signed by the AS. In some examples, the mobile devices may be provided the root key (GK(1)) during initial account establishment and may use the root key to authenticate subsequent iterations of the group authentication key 325 and [0051] - In some examples, the subsequent version of the GK(i+1) is generated such that group member devices may verify the authenticity of GK(i+1) using GK(i) or prior versions of GKs, e.g., GK(i-1), GK(i-2), etc. and [0061] - At 435, the joining device 115-e may authenticate with the group member device 115-f using an AuT with version index i+1 whereas the group member device 115-f accepts the authentication using an AuT with version index i. As discussed, the AuT provided herein may permit forwards and/or backwards compatibility for authentication between devices... In another example, the group member device 115-f may authenticate the joining device 115-e based on the differences between the version index, e.g., up to one, two, three, etc., different versions are support for authentication...  Accordingly, the group member device may authenticate using version indexes that are newer and/or older than the version index from the joining device); and
a first processor (FIG. 1), and
the authentication target device includes:
a second memory configured to stores a plurality of first authentication target secret data and one second authentication target secret data, the plurality of first authentication target secret data for authentication by the authentication device of a second version that is the same as the authentication target device, the one second authentication target secret data corresponding to each of versions from a third version to a fourth version and for authentication by the authentication device of a version from the third version to the fourth version, the third version being older than the second version by one version, the fourth version being older than the third version  (FIG. 1 and FIG. 3 – Group Authentication Key including GK1, GK2, GK3, and GK4 and Version Index and FIG. 8 and [0051] - The version index 330 may include one or more information elements associated with indicating a version of the AuT 305. The AS may update the AuT 305 for various reasons, e.g., timed-rollover for maintenance, group authentication key compromise, etc. The AS may, in some examples, create the group authentication key 325 using the hash function based on the group secret being hashed with the group identifier 315. The version index 330 may indicate which iteration of the hashing function is associated with the current AuT 305... and [0061] - At 435, the joining device 115-e may authenticate with the group member device 115-f using an AuT with version index i+1 whereas the group member device 115-f accepts the authentication using an AuT with version index i. As discussed, the AuT provided herein may permit forwards and/or backwards compatibility for authentication between devices... In some examples, the group member device 115-f may authenticate the joining device 115-e based on the reason code, e.g., the reason code indicates that the key change was scheduled and, therefore, the group member device 115-f trusts the AuT from the joining device despite the different version index. In another example, the group member device 115-f may authenticate the joining device 115-e based on the differences between the version index, e.g., up to one, two, three, etc., different versions are support for authentication. Other authentication determinations may be based on a combination of the reason code, the version index, as well as other factors known to the group member device 115-f and/or the joining device 115-e. Accordingly, the group member device may authenticate using version indexes that are newer and/or older than the version index from the joining device.); and 
a second processor (FIG. 1),
wherein 
when the first version is the same as the second version,
the second processor of the authentication target device calculates first response data using one first authentication target secret data, in the plurality pieces of first authentication target secret data, the one first authentication target secret data correspond to the one first authentication target secret data  (FIG. 1 and FIG. 3 – Group Authentication Key including GK1, GK2, GK3, and GK4 and Version Index and [0050] - In some examples, the group authentication key 325 is distributed to mobile devices in the reverse order of creation, e.g., GK(4) is generated first and GK(3) is generated next since GK(3) is derived from GK(4) by construction, yet GK(3) is distributed first, GK(4) is distributed next, and so on. When the key chain is exhausted, e.g., the final group authentication key 325 is distributed, a new chain may be created with and signed by the AS. In some examples, the mobile devices may be provided the root key (GK(1)) during initial account establishment and may use the root key to authenticate subsequent iterations of the group authentication key 325 and [0051] - The version index 330 may include one or more information elements associated with indicating a version of the AuT 305. The AS may update the AuT 305 for various reasons, e.g., timed-rollover for maintenance, group authentication key compromise, etc. The AS may, in some examples, create the group authentication key 325 using the hash function based on the group secret being hashed with the group identifier 315. The version index 330 may indicate which iteration of the hashing function is associated with the current AuT 305... and FIG. 8  and [0061] - At 435, the joining device 115-e may authenticate with the group member device 115-f using an AuT with version index i+1 whereas the group member device 115-f accepts the authentication using an AuT with version index i. As discussed, the AuT provided herein may permit forwards and/or backwards compatibility for authentication between devices... In some examples, the group member device 115-f may authenticate the joining device 115-e based on the reason code, e.g., the reason code indicates that the key change was scheduled and, therefore, the group member device 115-f trusts the AuT from the joining device despite the different version index. In another example, the group member device 115-f may authenticate the joining device 115-e based on the differences between the version index, e.g., up to one, two, three, etc., different versions are support for authentication. Other authentication determinations may be based on a combination of the reason code, the version index, as well as other factors known to the group member device 115-f and/or the joining device 115-e. Accordingly, the group member device may authenticate using version indexes that are newer and/or older than the version index from the joining device.), and 
the first processor of the authentication device performs authentication of the authentication target device based on the first response data and the one first authentication secret data ([0051] -  In some examples, the subsequent version of the GK(i+1) is generated such that group member devices may verify the authenticity of GK(i+1) using GK(i) or prior versions of GKs, e.g., GK(i−1), GK(i−2), etc. and [0061]), and 
when the first version is any of the versions from the third version to the fourth version,
 the second processor of the authentication target device calculates second response data using the one second authentication target secret data (FIG. 1 and FIG. 3 – Group Authentication Key including GK1, GK2, GK3, and GK4 and Version Index and [0050] - In some examples, the group authentication key 325 is distributed to mobile devices in the reverse order of creation, e.g., GK(4) is generated first and GK(3) is generated next since GK(3) is derived from GK(4) by construction, yet GK(3) is distributed first, GK(4) is distributed next, and so on. When the key chain is exhausted, e.g., the final group authentication key 325 is distributed, a new chain may be created with and signed by the AS. In some examples, the mobile devices may be provided the root key (GK(1)) during initial account establishment and may use the root key to authenticate subsequent iterations of the group authentication key 325 and [0051] - The version index 330 may include one or more information elements associated with indicating a version of the AuT 305. The AS may update the AuT 305 for various reasons, e.g., timed-rollover for maintenance, group authentication key compromise, etc. The AS may, in some examples, create the group authentication key 325 using the hash function based on the group secret being hashed with the group identifier 315. The version index 330 may indicate which iteration of the hashing function is associated with the current AuT 305... and FIG. 8  and [0061] - At 435, the joining device 115-e may authenticate with the group member device 115-f using an AuT with version index i+1 whereas the group member device 115-f accepts the authentication using an AuT with version index i. As discussed, the AuT provided herein may permit forwards and/or backwards compatibility for authentication between devices... In some examples, the group member device 115-f may authenticate the joining device 115-e based on the reason code, e.g., the reason code indicates that the key change was scheduled and, therefore, the group member device 115-f trusts the AuT from the joining device despite the different version index. In another example, the group member device 115-f may authenticate the joining device 115-e based on the differences between the version index, e.g., up to one, two, three, etc., different versions are support for authentication. Other authentication determinations may be based on a combination of the reason code, the version index, as well as other factors known to the group member device 115-f and/or the joining device 115-e. Accordingly, the group member device may authenticate using version indexes that are newer and/or older than the version index from the joining device.)
 the first processor of the authentication device performs authentication of the authentication target device based on the second response data and the one second authentication secret data ([0051] -  In some examples, the subsequent version of the GK(i+1) is generated such that group member devices may verify the authenticity of GK(i+1) using GK(i) or prior versions of GKs, e.g., GK(i−1), GK(i−2), etc. and [0061]).

Regarding Claim 4;
Lee discloses an authentication device (FIG. 2 –Group Member Device), comprising: 
one or more memories configured to store authentication secret data corresponding to a first authentication key of a first version, authentication secret data corresponding to a second authentication key of the first version, and one or more programs (FIG. 1 and FIG. 3 – Group Authentication Key including GK1, GK2, GK3, and GK4 and Version Index and FIG. 7 and FIG. 8 and [0045] – AuT and [0051] - In some examples, the subsequent version of the GK(i+1) is generated such that group member devices may verify the authenticity of GK(i+1) using GK(i) or prior versions of GKs, e.g., GK(i-1), GK(i-2), etc. and [0061] - At 435, the joining device 115-e may authenticate with the group member device 115-f using an AuT with version index i+1 whereas the group member device 115-f accepts the authentication using an AuT with version index i. As discussed, the AuT provided herein may permit forwards and/or backwards compatibility for authentication between devices... In another example, the group member device 115-f may authenticate the joining device 115-e based on the differences between the version index, e.g., up to one, two, three, etc., different versions are support for authentication...  Accordingly, the group member device may authenticate using version indexes that are newer and/or older than the version index from the joining device);
and one or more processors, wherein the one or more programs when executed by the one or more processors (FIG. 1 and FIG. 3), cause the one or more processors to perform:
communicating with an authentication target device to determine whether the authentication target device is a first authentication target device or a second authentication target device, the first authentication target device storing authentication target secret data corresponding to the first authentication key of the first version and authentication target secret data corresponding to the second authentication key of a second version older than the first version, the second authentication target device storing authentication target secret data corresponding to the first authentication key of a third version newer than the first version and authentication target secret data corresponding to the second authentication key of the first version (FIG. 1 and FIG. 3 – Group Authentication Key including GK1, GK2, GK3, and GK4 and Version Index and FIG. 7 and FIG. 8 and [0045] – AuT and [0051] - In some examples, the subsequent version of the GK(i+1) is generated such that group member devices may verify the authenticity of GK(i+1) using GK(i) or prior versions of GKs, e.g., GK(i-1), GK(i-2), etc. and [0061] - At 435, the joining device 115-e may authenticate with the group member device 115-f using an AuT with version index i+1 whereas the group member device 115-f accepts the authentication using an AuT with version index i. As discussed, the AuT provided herein may permit forwards and/or backwards compatibility for authentication between devices... In another example, the group member device 115-f may authenticate the joining device 115-e based on the differences between the version index, e.g., up to one, two, three, etc., different versions are support for authentication...  Accordingly, the group member device may authenticate using version indexes that are newer and/or older than the version index from the joining device and [0063] – preliminary authentication); and 
authenticating the authentication target device based on the first authentication key of the first version in accordance with a determination that the authentication target device is the first authentication target device  (FIG. 7 and  [0061] - At 435, the joining device 115-e may authenticate with the group member device 115-f using an AuT with version index i+1 whereas the group member device 115-f accepts the authentication using an AuT with version index i. As discussed, the AuT provided herein may permit forwards and/or backwards compatibility for authentication between devices... In another example, the group member device 115-f may authenticate the joining device 115-e based on the differences between the version index, e.g., up to one, two, three, etc., different versions are support for authentication...  Accordingly, the group member device may authenticate using version indexes that are newer and/or older than the version index from the joining device); and
authenticating the authentication target device based on the second authentication key of the first version in accordance with a determination that the authentication target device is the second authentication target device (FIG. 7 and  [0061] - At 435, the joining device 115-e may authenticate with the group member device 115-f using an AuT with version index i+1 whereas the group member device 115-f accepts the authentication using an AuT with version index i. As discussed, the AuT provided herein may permit forwards and/or backwards compatibility for authentication between devices... In another example, the group member device 115-f may authenticate the joining device 115-e based on the differences between the version index, e.g., up to one, two, three, etc., different versions are support for authentication...  Accordingly, the group member device may authenticate using version indexes that are newer and/or older than the version index from the joining device).

Regarding Claim 14;
Lee discloses an authentication target device comprising (FIG. 2 – Joining Device): 
one or more memories configured to store a plurality pieces of authentication target secret data respectively corresponding to a plurality of first authentication keys of a first version and an authentication target secret data corresponding to a second authentication key of a second version older than the first version, and one or more programs (FIG. 1 and FIG. 3 – Group Authentication Key including GK1, GK2, GK3, and GK4 and Version Index and [0051] - In some examples, the subsequent version of the GK(i+1) is generated such that group member devices may verify the authenticity of GK(i+1) using GK(i) or prior versions of GKs, e.g., GK(i-1), GK(i-2), etc. and [0061] - At 435, the joining device 115-e may authenticate with the group member device 115-f using an AuT with version index i+1 whereas the group member device 115-f accepts the authentication using an AuT with version index i. As discussed, the AuT provided herein may permit forwards and/or backwards compatibility for authentication between devices... In another example, the group member device 115-f may authenticate the joining device 115-e based on the differences between the version index, e.g., up to one, two, three, etc., different versions are support for authentication...  Accordingly, the group member device may authenticate using version indexes that are newer and/or older than the version index from the joining device);
one or more processors (FIG. 8), 
wherein the one or more programs when executed by the one or more processors (FIG. 8),, cause the one or more processors to perform:
communicating with an authentication device to perform a calculation based on authentication target secret data corresponding to one first authentication key of the plurality of first authentication keys for authentication by the authentication device when the authentication device is of the first version ([0061] - At 435, the joining device 115-e may authenticate with the group member device 115-f using an AuT with version index i+1 whereas the group member device 115-f accepts the authentication using an AuT with version index i. As discussed, the AuT provided herein may permit forwards and/or backwards compatibility for authentication between devices... In another example, the group member device 115-f may authenticate the joining device 115-e based on the differences between the version index, e.g., up to one, two, three, etc., different versions are support for authentication...  Accordingly, the group member device may authenticate using version indexes that are newer and/or older than the version index from the joining device and [0063] - At 505, the joining device 115-g and the group member device 115-h may perform a preliminary authentication. Generally, the preliminary authentication may include exchanging at least a portion of the AuT, e.g., the group authentication key and the current version index (e.g., GK(Index)). Based on that exchange, each device 115 may determine whether the other device holds a valid group authentication key and deny authentication to those who do not. The preliminary authentication may provide a quick and efficient mechanism to mitigate denial of service attacks, for example)).,
 communicating with the authentication device  to perform a calculation based on the authentication target secret data corresponding to the second authentication key for the authentication by the authentication device when the authentication device is of the second version ([0061] - At 435, the joining device 115-e may authenticate with the group member device 115-f using an AuT with version index i+1 whereas the group member device 115-f accepts the authentication using an AuT with version index i. As discussed, the AuT provided herein may permit forwards and/or backwards compatibility for authentication between devices... In another example, the group member device 115-f may authenticate the joining device 115-e based on the differences between the version index, e.g., up to one, two, three, etc., different versions are support for authentication...  Accordingly, the group member device may authenticate using version indexes that are newer and/or older than the version index from the joining device and [0063] - At 505, the joining device 115-g and the group member device 115-h may perform a preliminary authentication. Generally, the preliminary authentication may include exchanging at least a portion of the AuT, e.g., the group authentication key and the current version index (e.g., GK(Index)). Based on that exchange, each device 115 may determine whether the other device holds a valid group authentication key and deny authentication to those who do not. The preliminary authentication may provide a quick and efficient mechanism to mitigate denial of service attacks, for example)).



Regarding Claim 15;
Lee discloses an authentication target device comprising (FIG. 2 – Joining Device): 
one or more memories configured to store a plurality pieces of first secret data respectively corresponding to a plurality of first authentication keys, second secret data corresponding to a second authentication key, signature data , and one or more programs (FIG. 1 and FIG. 3 – Group Authentication Key including GK1, GK2, GK3, and GK4 and Version Index and FIG. 8 and [0051] - In some examples, the subsequent version of the GK(i+1) is generated such that group member devices may verify the authenticity of GK(i+1) using GK(i) or prior versions of GKs, e.g., GK(i-1), GK(i-2), etc. and [0061] - At 435, the joining device 115-e may authenticate with the group member device 115-f using an AuT with version index i+1 whereas the group member device 115-f accepts the authentication using an AuT with version index i. As discussed, the AuT provided herein may permit forwards and/or backwards compatibility for authentication between devices... In another example, the group member device 115-f may authenticate the joining device 115-e based on the differences between the version index, e.g., up to one, two, three, etc., different versions are support for authentication...  Accordingly, the group member device may authenticate using version indexes that are newer and/or older than the version index from the joining device and [0052] – the signature for the AuT);
one or more processors (FIG. 8), 
wherein the one or more programs when executed by the one or more processors (FIG. 8),, cause the one or more processors to perform:
transmitting to an authentication device, information identifying the plurality pieces of first secret data and the second secret data stored in the one or more memories ([0063] - At 505, the joining device 115-g and the group member device 115-h may perform a preliminary authentication. Generally, the preliminary authentication may include exchanging at least a portion of the AuT, e.g., the group authentication key and the current version index (e.g., GK(Index)). Based on that exchange, each device 115 may determine whether the other device holds a valid group authentication key and deny authentication to those who do not. The preliminary authentication may provide a quick and efficient mechanism to mitigate denial of service attacks, for example)).
performing a calculation based on one first secret data of the plurality pieces of first secret data or the second secret data based on a determination result by the authentication device as to which of the one first secret data of the plurality pieces of first secret data and the second secret data is used for authentication ( [0051] - In some examples, the subsequent version of the GK(i+1) is generated such that group member devices may verify the authenticity of GK(i+1) using GK(i) or prior versions of GKs, e.g., GK(i-1), GK(i-2), etc. and [0061] - At 435, the joining device 115-e may authenticate with the group member device 115-f using an AuT with version index i+1 whereas the group member device 115-f accepts the authentication using an AuT with version index i. As discussed, the AuT provided herein may permit forwards and/or backwards compatibility for authentication between devices... In another example, the group member device 115-f may authenticate the joining device 115-e based on the differences between the version index, e.g., up to one, two, three, etc., different versions are support for authentication...  Accordingly, the group member device may authenticate using version indexes that are newer and/or older than the version index from the joining device and [0063] - At 505, the joining device 115-g and the group member device 115-h may perform a preliminary authentication. Generally, the preliminary authentication may include exchanging at least a portion of the AuT, e.g., the group authentication key and the current version index (e.g., GK(Index)). Based on that exchange, each device 115 may determine whether the other device holds a valid group authentication key and deny authentication to those who do not. The preliminary authentication may provide a quick and efficient mechanism to mitigate denial of service attacks, for example)).
the one or more processors, perform with a determination of the authentication device that the second secret data is used for the authentication, transmitting signature data to the authentication device ([0065]-[0066] - In some aspects, the full authentication may include exchanging a signature based on the AuT... At 520, the group member device determines whether the AuT from the joining device is valid, e.g., based on the signature received from the joining device 115-g. If so and at 525, the devices are authenticated and may communicate or otherwise exchange content).

Regarding Claim 16;
Lee discloses the authentication target device to Claim 15.
the one or more memories store a plurality pieces of first public data respectively corresponding to the plurality of first authentication keys and second public data corresponding to the second authentication key (FIG. 3 – Group Identifier and [0049] - As one non-limiting example, the group authentication key 325 may be formed as a hash function of the group secret or key being hashed repeatedly with the group identifier 315, for example. The group identifier 315 may be used as an input to the hash function to generate a unique hash chain for each group and [0102] - The preliminary authorization may provide for confirmation that the joining device AuT is associated with the correct group. In some examples, the devices may exchange components of the group AuT indicative of the group, e.g., a group identifier.) The examiner notes the group identifier is public data);
the one or more processors further perform (FIG. 8)
transmitting, to the authentication device, first public data corresponding to a first authentication key corresponding to the one first secret data in accordance with a determination of the authentication device that the one first secret data of the plurality pieces of first secret data is used for the authentication (FIG. 3 – Group Identifier and [0049] - As one non-limiting example, the group authentication key 325 may be formed as a hash function of the group secret or key being hashed repeatedly with the group identifier 315, for example. The group identifier 315 may be used as an input to the hash function to generate a unique hash chain for each group and 0052] - Accordingly, the group member devices may confirm the AuT 305 is associated with the group AS and yet, for further versions, realize reduced computational and/or communication overhead. In some examples, the subsequent version of the GK(i+1) is generated such that group member devices may verify the authenticity of GK(i+1) using GK(i) or prior versions of GKs, e.g., GK(i-1), GK(i-2), etc. and [0102] - The preliminary authorization may provide for confirmation that the joining device AuT is associated with the correct group. In some examples, the devices may exchange components of the group AuT indicative of the group, e.g., a group identifier.) The examiner notes the group identifier is public data);; and 
transmitting to the authentication device, the second public data in accordance with a determination of the authentication device determines that the second secret data is used for the authentication (FIG. 3 – Group Identifier and [0049] - As one non-limiting example, the group authentication key 325 may be formed as a hash function of the group secret or key being hashed repeatedly with the group identifier 315, for example. The group identifier 315 may be used as an input to the hash function to generate a unique hash chain for each group and [0052] - Accordingly, the group member devices may confirm the AuT 305 is associated with the group AS and yet, for further versions, realize reduced computational and/or communication overhead. In some examples, the subsequent version of the GK(i+1) is generated such that group member devices may verify the authenticity of GK(i+1) using GK(i) or prior versions of GKs, e.g., GK(i-1), GK(i-2), etc. and [0102] - The preliminary authorization may provide for confirmation that the joining device AuT is associated with the correct group. In some examples, the devices may exchange components of the group AuT indicative of the group, e.g., a group identifier.) The examiner notes the group identifier is public data).

Regarding Claim 18;
Lee disclose the authentication target device to Claim 15.
Lee further discloses wherein the plurality of first authentication keys are of a first version ([0051] – version index); and the second authentication key is of a second version older than the first version. ([0051] – version index and In some examples, the subsequent version of the GK(i+1) is generated such that group member devices may verify the authenticity of GK(i+1) using GK(i) or prior versions of GKs, e.g., GK(i-1), GK(i-2), etc.).






Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 2, 5-8, 10 and 11 is/are rejected under 35 U.S.C. 103 as being unpatentable over Lee et al. (US 2016/0135045 A1) in view of Brickell (US 2018/0131677 A1).

Regarding Claim 2; 
Lee discloses the authentication system according to Claim 1.
Lee further discloses wherein the authentication target device includes a third memory configured to store device further stores signature data corresponding to each of versions from the fifth version to the sixth version ([0051] - The version index 330 may include one or more information elements associated with indicating a version of the AuT 305... The version index 330 may indicate which iteration of the hashing function is associated with the current AuT 305... and and [0061] - At 435, the joining device 115-e may authenticate with the group member device 115-f using an AuT with version index i+1 whereas the group member device 115-f accepts the authentication using an AuT with version index i. As discussed, the AuT provided herein may permit forwards and/or backwards compatibility for authentication between devices... In some examples, the group member device 115-f may authenticate the joining device 115-e based on the reason code, e.g., the reason code indicates that the key change was scheduled and, therefore, the group member device 115-f trusts the AuT from the joining device despite the different version index. In another example, the group member device 115-f may authenticate the joining device 115-e based on the differences between the version index, e.g., up to one, two, three, etc., different versions are support for authentication. Other authentication determinations may be based on a combination of the reason code, the version index, as well as other factors known to the group member device 115-f and/or the joining device 115-e. Accordingly, the group member device may authenticate using version indexes that are newer and/or older than the version index from the joining device and [0065]-[0066]  In some aspects, the full authentication may include exchanging a signature based on the AuT. For example, the signature may include or be derived based on a hashing function of the group authentication key and its associated index.... In some examples, the group authentication key and associated index value may be maintained at the group member device 115-h and used to verify the AuT from the joining device 115-g is valid. At 520, the group member device determines whether the AuT from the joining device is valid, e.g., based on the signature received from the joining device 115-g); when the first version is any of the versions from the fifth version to the sixth version, the first processor of the authentication device acquires signature data corresponding to the first version from the authentication target device and verifies the signature data corresponding to the first version ([0051- The version index 330 may include one or more information elements associated with indicating a version of the AuT 305... The version index 330 may indicate which iteration of the hashing function is associated with the current AuT 305... and [0061] - At 435, the joining device 115-e may authenticate with the group member device 115-f using an AuT with version index i+1 whereas the group member device 115-f accepts the authentication using an AuT with version index i. As discussed, the AuT provided herein may permit forwards and/or backwards compatibility for authentication between devices... In some examples, the group member device 115-f may authenticate the joining device 115-e based on the reason code, e.g., the reason code indicates that the key change was scheduled and, therefore, the group member device 115-f trusts the AuT from the joining device despite the different version index. In another example, the group member device 115-f may authenticate the joining device 115-e based on the differences between the version index, e.g., up to one, two, three, etc., different versions are support for authentication. Other authentication determinations may be based on a combination of the reason code, the version index, as well as other factors known to the group member device 115-f and/or the joining device 115-e. Accordingly, the group member device may authenticate using version indexes that are newer and/or older than the version index from the joining device and [0065]-[0066] -- signature); and ... verification of the signature data corresponding to the first version is successful... (FIG. 12 and [0061]).
The examiner respectfully notes Lee teaches a preliminary authentication with the group authentication key and current version index and a full authentication with signature (see, [0063]-[0066]), however Lee fails to explicitly disclose when verification of the signature data corresponding to the first version is successful [a] processor of the authentication device performs the authentication of the authentication target device based on the second response data and one second authentication secret data.
However, in an analogous art, Brickell teaches when verification of the signature data corresponding to the first version is successful [a] processor of the authentication device performs the authentication of the authentication target device based on the second response data and one second authentication secret data ([0088] The Access Protected Application 712 verifies the signature of the auditor on Public Key Exchange Key 540, and verifies that the key that created the signature was either the Attestation Key 532 or another key that had previously been attested to belong to the Access Protected Application 512).
Therefore, it would have been obvious before the effective filing date of the claimed invention to combine the teachings of Brickell to the authentication of Lee to include when verification of the signature data corresponding to the first version is successful [a] processor of the authentication device performs the authentication of the authentication target device based on the second response data and one second authentication secret data.
One would have been motivated to combine the teachings of Brickell to Lee to do so as it provides / allows attestation via performing a cryptographic key exchange (Brickell, [0085]-[0086]).

Regarding Claim 5;
Lee discloses an authentication device (FIG. 2 –Group Member Device),   comprising: 
one or more memories configured to store a first secret data corresponding to a selected authentication key selected from a plurality of first authentication keys and second secret data corresponding to a second authentication key version, and one or more programs (FIG. 1 and FIG. 3 – Group Authentication Key including GK1, GK2, GK3, and GK4 and Version Index and FIG. 7 and [0045] – AuT and [0051] - In some examples, the subsequent version of the GK(i+1) is generated such that group member devices may verify the authenticity of GK(i+1) using GK(i) or prior versions of GKs, e.g., GK(i-1), GK(i-2), etc. and [0061] - At 435, the joining device 115-e may authenticate with the group member device 115-f using an AuT with version index i+1 whereas the group member device 115-f accepts the authentication using an AuT with version index i. As discussed, the AuT provided herein may permit forwards and/or backwards compatibility for authentication between devices... In another example, the group member device 115-f may authenticate the joining device 115-e based on the differences between the version index, e.g., up to one, two, three, etc., different versions are support for authentication...  Accordingly, the group member device may authenticate using version indexes that are newer and/or older than the version index from the joining device); 
one or more processors (FIG. 8), 
wherein the one or more programs when executed by the one or more processors (FIG. 8),, cause the one or more processors to perform:
communicating with an authentication target device to determine that the authentication target device includes third secret data corresponding to the selected authentication key or fourth secret data corresponding to the second authentication key ( [0045] – AuT and FIG. 1 and FIG. 3 – Group Authentication Key including GK1, GK2, GK3, and GK4 and Version Index and FIG. 7 and [0051] - In some examples, the subsequent version of the GK(i+1) is generated such that group member devices may verify the authenticity of GK(i+1) using GK(i) or prior versions of GKs, e.g., GK(i-1), GK(i-2), etc. and [0061] - At 435, the joining device 115-e may authenticate with the group member device 115-f using an AuT with version index i+1 whereas the group member device 115-f accepts the authentication using an AuT with version index i. As discussed, the AuT provided herein may permit forwards and/or backwards compatibility for authentication between devices... In another example, the group member device 115-f may authenticate the joining device 115-e based on the differences between the version index, e.g., up to one, two, three, etc., different versions are support for authentication...  Accordingly, the group member device may authenticate using version indexes that are newer and/or older than the version index from the joining device and [0063] – preliminary authentication); and
authenticating the authentication target device based on the selected authentication key or the second authentication key depending one whether the authentication target device includes the third secret data or the fourth secret data (FIG. 7 and FIG. 13 – Authenticate with second device and [0061]);  
wherein the one or more processes further perform (FIG. 8):
verifying signature data stored in the authentication target device when the authentication device includes the fourth secret data (FIG. 7 [0051]  - The version index 330 may include one or more information elements associated with indicating a version of the AuT 305... The version index 330 may indicate which iteration of the hashing function is associated with the current AuT 305... and [0061] - At 435, the joining device 115-e may authenticate with the group member device 115-f using an AuT with version index i+1 whereas the group member device 115-f accepts the authentication using an AuT with version index i. As discussed, the AuT provided herein may permit forwards and/or backwards compatibility for authentication between devices... In some examples, the group member device 115-f may authenticate the joining device 115-e based on the reason code, e.g., the reason code indicates that the key change was scheduled and, therefore, the group member device 115-f trusts the AuT from the joining device despite the different version index. In another example, the group member device 115-f may authenticate the joining device 115-e based on the differences between the version index, e.g., up to one, two, three, etc., different versions are support for authentication. Other authentication determinations may be based on a combination of the reason code, the version index, as well as other factors known to the group member device 115-f and/or the joining device 115-e. Accordingly, the group member device may authenticate using version indexes that are newer and/or older than the version index from the joining device and [0065]-[0066]  In some aspects, the full authentication may include exchanging a signature based on the AuT. For example, the signature may include or be derived based on a hashing function of the group authentication key and its associated index.... In some examples, the group authentication key and associated index value may be maintained at the group member device 115-h and used to verify the AuT from the joining device 115-g is valid. At 520, the group member device determines whether the AuT from the joining device is valid, e.g., based on the signature received from the joining device 115-g), and
... verification of the signature data corresponding to the first version is successful... (FIG. 12 and [0061]).
The examiner respectfully notes Lee teaches a preliminary authentication with the group authentication key and current version index and a full authentication with signature (see, [0063]-[0066]), however Lee fails to explicitly disclose when verification of the signature data corresponding to the first version is successful authenticating the authentication target device based on the one second authentication secret data 
However, in an analogous art, Brickell teaches when verification of the signature data corresponding to the first version is successful authenticating the authentication target device based on the one second authentication secret data ([0088] - ] The Access Protected Application 712 verifies the signature of the auditor on Public Key Exchange Key 540, and verifies that the key that created the signature was either the Attestation Key 532 or another key that had previously been attested to belong to the Access Protected Application 512).
Therefore, it would have been obvious before the effective filing date of the claimed invention to combine the teachings of Brickell to the authentication of Lee to include when verification of the signature data corresponding to the first version is successful authenticating the authentication target device based on the one second authentication secret data
One would have been motivated to combine the teachings of Brickell to Lee to do so as it provides / allows attestation via performing a cryptographic key exchange (Brickell, [0085]-[0086]).

Regarding Claim 6;
Lee and Brickell disclose the authentication device to Claim 5.
Lee further discloses wherein, when the authentication target device includes the third secret data, the one or more processors perform authenticating the authentication target device based on the selected authentication key without verifying the signature data ([0061] - In another example, the group member device 115-f may authenticate the joining device 115-e based on the differences between the version index, e.g., up to one, two, three, etc., different versions are support for authentication. Other authentication determinations may be based on a combination of the reason code, the version index, as well as other factors known to the group member device 115-f and/or the joining device 115-e. Accordingly, the group member device may authenticate using version indexes that are newer and/or older than the version index from the joining device and [0066] - As discussed, in some examples the preliminary authentication may be considered sufficient for the devices to connect to form the mesh network. In such examples, the full authentication may be considered a second authentication and serve as an increased security measure for the devices).  
Regarding Claim 7;
Lee and Brickell disclose the authentication device to Claim 5.
Lee further discloses wherein the authentication target device includes first public data corresponding to the selected authentication key when the authentication target device includes the third secret data (FIG. 3 and [0049] - As one non-limiting example, the group authentication key 325 may be formed as a hash function of the group secret or key being hashed repeatedly with the group identifier 315, for example. The group identifier 315 may be used as an input to the hash function to generate a unique hash chain for each group) The examiner notes the group identifier is public data); the third secret data is generated by a one-way function with the first secret data and the first public data as input ([0049] - As one non-limiting example, the group authentication key 325 may be formed as a hash function of the group secret or key being hashed repeatedly with the group identifier 315, for example. The group identifier 315 may be used as an input to the hash function to generate a unique hash chain for each group) and [0040] – HMAC-256 or HMAC 384 and [0051- version index may indicate which iteration of the hashing function is associated with the current AuT and [0102] - The preliminary authorization may provide for confirmation that the joining device AuT is associated with the correct group. In some examples, the devices may exchange components of the group AuT indicative of the group, e.g., a group identifier and [0102] - The preliminary authorization may provide for confirmation that the joining device AuT is associated with the correct group. In some examples, the devices may exchange components of the group AuT indicative of the group, e.g., a group identifier.); and the one or more processors further perform authenticating the authentication target device based on the first authentication key by acquiring a first calculation result based on the third secret data from the authentication target device, by acquiring the first public data from the authentication target device, and by comparing the first calculation result with a second calculation result based on the first secret data and the first public data when the authentication target device includes the third secret data ([0052] - Accordingly, the group member devices may confirm the AuT 305 is associated with the group AS and yet, for further versions, realize reduced computational and/or communication overhead. In some examples, the subsequent version of the GK(i+1) is generated such that group member devices may verify the authenticity of GK(i+1) using GK(i) or prior versions of GKs, e.g., GK(i-1), GK(i-2), etc. and [0102] - The preliminary authorization may provide for confirmation that the joining device AuT is associated with the correct group. In some examples, the devices may exchange components of the group AuT indicative of the group, e.g., a group identifier.)

Regarding Claim 8;
Lee and Brickell disclose the authentication device to Claim 5.
Lee further discloses wherein the authentication target device includes second public data corresponding to the second authentication key when the authentication target device includes the fourth secret data (FIG. 3 and [0049] - As one non-limiting example, the group authentication key 325 may be formed as a hash function of the group secret or key being hashed repeatedly with the group identifier 315, for example. The group identifier 315 may be used as an input to the hash function to generate a unique hash chain for each group) The examiner notes the group identifier is public data) and [0102] - The preliminary authorization may provide for confirmation that the joining device AuT is associated with the correct group. In some examples, the devices may exchange components of the group AuT indicative of the group, e.g., a group identifier); the fourth secret data is generated by a one-way function with the second secret data and the second public data as input ([0049] - As one non-limiting example, the group authentication key 325 may be formed as a hash function of the group secret or key being hashed repeatedly with the group identifier 315, for example. The group identifier 315 may be used as an input to the hash function to generate a unique hash chain for each group) and [0040] – HMAC-256 or HMAC 384 and [0052] and [0102] - The preliminary authorization may provide for confirmation that the joining device AuT is associated with the correct group. In some examples, the devices may exchange components of the group AuT indicative of the group, e.g., a group identifier.); and wherein the one or more processors perform authenticating the authentication target device based on the second authentication key by acquiring a third calculation result based on the fourth secret data from the authentication target device, by acquiring the second public data from the authentication target device, and by comparing the third calculation result with a fourth calculation result based on the second secret data and the second public data when the authentication target device includes the fourth secret data ([0052] - Accordingly, the group member devices may confirm the AuT 305 is associated with the group AS and yet, for further versions, realize reduced computational and/or communication overhead. In some examples, the subsequent version of the GK(i+1) is generated such that group member devices may verify the authenticity of GK(i+1) using GK(i) or prior versions of GKs, e.g., GK(i-1), GK(i-2), etc and [0102] - The preliminary authorization may provide for confirmation that the joining device AuT is associated with the correct group. In some examples, the devices may exchange components of the group AuT indicative of the group, e.g., a group identifier.)



Regarding Claim 10;
Lee and Brickell disclose the authentication device to Claim 5.
Lee further discloses wherein the plurality of first authentication keys and the second authentication key correspond to a first version ([0051] – version index); and the authentication target device includes a secret data corresponding to each of a plurality of first authentication keys of a second version newer than the first version when the authentication target device includes the fourth secret data ([0051] – version index and In some examples, the subsequent version of the GK(i+1) is generated such that group member devices may verify the authenticity of GK(i+1) using GK(i) or prior versions of GKs, e.g., GK(i-1), GK(i-2), etc.).

Regarding Claim 11;
Lee and Brickell disclose the authentication device to Claim 10.
Lee further discloses wherein the authentication target device includes secret data corresponding to the second authentication key of a third version older than the first version when the authentication target device includes the third secret data. ([0051] – version index and In some examples, the subsequent version of the GK(i+1) is generated such that group member devices may verify the authenticity of GK(i+1) using GK(i) or prior versions of GKs, e.g., GK(i-1), GK(i-2), etc.).



Claim 9 is/are rejected under 35 U.S.C. 103 as being unpatentable over Lee et al. (US 2016/0135045 A1) in view of Brickell (US 2018/0131677 A1) and in further in view of Tatebayashi et al. (US 6,859,535 A1).

Regarding Claim 9.
Lee and Brickell disclose the authentication device according to Claim 8.
	Lee further discloses concepts of the second authentication key and the second public data (FIG. 3 and [0049] - As one non-limiting example, the group authentication key 325 may be formed as a hash function of the group secret or key being hashed repeatedly with the group identifier 315, for example. The group identifier 315 may be used as an input to the hash function to generate a unique hash chain for each group) The examiner notes the group identifier is public data) and [0102] - The preliminary authorization may provide for confirmation that the joining device AuT is associated with the correct group. In some examples, the devices may exchange components of the group AuT indicative of the group, e.g., a group identifier).
	Lee and Brickell fail to explicitly disclose wherein the signature data is message-recovery type signature data of data including at least one of an identifier of the ... key and the ... public data.
	However, in an analogous art, Tatebayashi wherein the signature data is message-recovery type signature data of data including at least one of an identifier of the ... key and the ... public data (Tatebayashi, col. 24, lines 15-25 - However, in this modification, a secret key Ks and a public key Kp are obtained under the message recovery signature scheme over an elliptic curve, that is a public key cryptosystem).
Therefore, it would have been obvious before the effective filing date of the claimed invention to combine the teachings of Tatebayashi to the authentication of Lee to include wherein the signature data is message-recovery type signature data of data including at least one of an identifier of the ... key and the ... public data
One would have been motivated to combine the teachings of Tatebayashi to Lee to do so as it provides / allows making it provides security by utilizing discrete logarithm questions (Tatebayashi, col. 24, lines 65-col. 25, lines 1).

Claims 12, 13 and 19 is/are rejected under 35 U.S.C. 103 as being unpatentable over Lee et al. (US 2016/0135045 A1) in view of Lee (US 2014/0169803 A1).

Regarding Claim 12;
Lee discloses an ... apparatus comprising:
one or more memories configured to store authentication secret data corresponding to a first authentication key of a first version, authentication secret data corresponding to a second authentication key of the first version, and one or more programs (FIG. 1 and FIG. 3 – Group Authentication Key including GK1, GK2, GK3, and GK4 and Version Index and FIG. 7 and [0045] – AuT and [0051] - In some examples, the subsequent version of the GK(i+1) is generated such that group member devices may verify the authenticity of GK(i+1) using GK(i) or prior versions of GKs, e.g., GK(i-1), GK(i-2), etc. and [0061] - At 435, the joining device 115-e may authenticate with the group member device 115-f using an AuT with version index i+1 whereas the group member device 115-f accepts the authentication using an AuT with version index i. As discussed, the AuT provided herein may permit forwards and/or backwards compatibility for authentication between devices... In another example, the group member device 115-f may authenticate the joining device 115-e based on the differences between the version index, e.g., up to one, two, three, etc., different versions are support for authentication...  Accordingly, the group member device may authenticate using version indexes that are newer and/or older than the version index from the joining device); and
one or more processors (FIG. 8), 
wherein the one or more programs when executed by the one or more processors (FIG. 8),, cause the one or more processors to perform:
communicating with an authentication target device to determine whether the authentication target device is a first authentication target device or a second authentication target device, the first authentication target device storing authentication target secret data corresponding to the first authentication key of the first version and authentication target secret data corresponding to the second authentication key of a second version older than the first version, the second authentication target device storing authentication target secret data corresponding to the first authentication key of a third version newer than the first version and authentication target secret data corresponding to the second authentication key of the first version (FIG. 1 and FIG. 3 – Group Authentication Key including GK1, GK2, GK3, and GK4 and Version Index and [0051] - The version index 330 may include one or more information elements associated with indicating a version of the AuT 305. The AS may update the AuT 305 for various reasons, e.g., timed-rollover for maintenance, group authentication key compromise, etc. The AS may, in some examples, create the group authentication key 325 using the hash function based on the group secret being hashed with the group identifier 315. The version index 330 may indicate which iteration of the hashing function is associated with the current AuT 305... and [0061] - At 435, the joining device 115-e may authenticate with the group member device 115-f using an AuT with version index i+1 whereas the group member device 115-f accepts the authentication using an AuT with version index i. As discussed, the AuT provided herein may permit forwards and/or backwards compatibility for authentication between devices... In some examples, the group member device 115-f may authenticate the joining device 115-e based on the reason code, e.g., the reason code indicates that the key change was scheduled and, therefore, the group member device 115-f trusts the AuT from the joining device despite the different version index. In another example, the group member device 115-f may authenticate the joining device 115-e based on the differences between the version index, e.g., up to one, two, three, etc., different versions are support for authentication. Other authentication determinations may be based on a combination of the reason code, the version index, as well as other factors known to the group member device 115-f and/or the joining device 115-e. Accordingly, the group member device may authenticate using version indexes that are newer and/or older than the version index from the joining device.); and 
authenticating the authentication target device based on the first authentication key of the first version in accordance with a determination that the authentication target device is the first authentication target device (FIG. 7 and  [0061] - At 435, the joining device 115-e may authenticate with the group member device 115-f using an AuT with version index i+1 whereas the group member device 115-f accepts the authentication using an AuT with version index i. As discussed, the AuT provided herein may permit forwards and/or backwards compatibility for authentication between devices... In another example, the group member device 115-f may authenticate the joining device 115-e based on the differences between the version index, e.g., up to one, two, three, etc., different versions are support for authentication...  Accordingly, the group member device may authenticate using version indexes that are newer and/or older than the version index from the joining device);
authenticating the authentication target device based on the second authentication key of the first version in accordance with a determination that the authentication target device is the second authentication target device (FIG. 7 and  [0061] - At 435, the joining device 115-e may authenticate with the group member device 115-f using an AuT with version index i+1 whereas the group member device 115-f accepts the authentication using an AuT with version index i. As discussed, the AuT provided herein may permit forwards and/or backwards compatibility for authentication between devices... In another example, the group member device 115-f may authenticate the joining device 115-e based on the differences between the version index, e.g., up to one, two, three, etc., different versions are support for authentication...  Accordingly, the group member device may authenticate using version indexes that are newer and/or older than the version index from the joining device).
Lee fails to explicitly disclose an image forming apparatus....
However, in an analogous art, Lee ‘803 teaches an image forming apparatus comprising [security between the image forming apparatus and a toner product] (Lee ‘803, [0008]).
Therefore, it would have been obvious before the effective filing date of the claimed invention to combine the teachings of Lee ‘803 to the devices of Lee to include teaches an image forming apparatus comprising [security between the image forming apparatus and a toner product]
One would have been motivated to combine the teachings of Lee to Lee to do so as it provides / allows a printer apparatus and a security method used for the apparatus and, more particularly, to a printer apparatus that is composed of a printer host and toner, having replaceable security algorithms, and a security method used for the printer apparatus (Lee, ‘803 [0002]).

Regarding Claim 13;
Lee and Lee ‘803 disclose the image forming apparatus to Claim 12.
	Lee teaches ...the authentication target device (FIG. 1).
	Lee ‘803 further teaches wherein a... target device is a cartridge that is detachable form the image forming apparatus (Lee ‘803, [0008] – toner).

Regarding Claim 19;
Lee discloses the target device to Claim 18.
	Lee teaches ...the authentication target device (FIG. 1).
Lee fails to explicitly wherein the authentication target device is a u cartridge nit that is detachable from an image forming apparatus.
However, in an analogous art, Lee ‘803 further teaches wherein a... target device is a cartridge that is detachable form the image forming apparatus (Lee ‘803, [0008]).
Therefore, it would have been obvious before the effective filing date of the claimed invention to combine the teachings of Lee ‘803 to the devices of Lee to include teaches wherein a... target device is a cartridge that is detachable form the image forming apparatus.
One would have been motivated to combine the teachings of Lee to Lee to do so as it provides / allows a printer apparatus and a security method used for the apparatus and, more particularly, to a printer apparatus that is composed of a printer host and toner, having replaceable security algorithms, and a security method used for the printer apparatus (Lee, ‘803 [0002]).

Claim 17 is/are rejected under 35 U.S.C. 103 as being unpatentable over Lee et al. (US 2016/0135045 A1) in view of Tatebayashi et al. (US 6,859,535 A1).

Regarding Claim 17;
Lee disclose the authentication target device according to Claim 16.
Lee further discloses concepts of the second authentication key and the second public data (FIG. 3 and [0049] - As one non-limiting example, the group authentication key 325 may be formed as a hash function of the group secret or key being hashed repeatedly with the group identifier 315, for example. The group identifier 315 may be used as an input to the hash function to generate a unique hash chain for each group) The examiner notes the group identifier is public data) and [0102] - The preliminary authorization may provide for confirmation that the joining device AuT is associated with the correct group. In some examples, the devices may exchange components of the group AuT indicative of the group, e.g., a group identifier).
	Lee fail to explicitly disclose wherein the signature data is message-recovery type signature data of data including at least one of an identifier of the ... key and the ... public data.
	However, in an analogous art, Tatebayashi wherein the signature data is message-recovery type signature data of data including at least one of an identifier of the ... key and the ... public data (Tatebayashi, col. 24, lines 15-25 - However, in this modification, a secret key Ks and a public key Kp are obtained under the message recovery signature scheme over an elliptic curve, that is a public key cryptosystem).
Therefore, it would have been obvious before the effective filing date of the claimed invention to combine the teachings of Tatebayashi to the authentication of Lee to include wherein the signature data is message-recovery type signature data of data including at least one of an identifier of the ... key and the ... public data
One would have been motivated to combine the teachings of Tatebayashi to Lee to do so as it provides / allows making it provides security by utilizing discrete logarithm questions (Tatebayashi, col. 24, lines 65-col. 25, lines 1).

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to KARI L SCHMIDT whose telephone number is (571)270-1385. The examiner can normally be reached Monday-Friday 10am - 6pm (MDT).
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Luu Pham can be reached on (571)270-5002. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/KARI L SCHMIDT/Primary Examiner, Art Unit 2439