DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  

Continued Examination
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection. Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114. Applicant’s submission filed on 05/23/2022 has been entered.

Response to Amendment
This office action is in response to the amendment filed on 04/25/2022.
Claims 21-29 are pending for examination. Applicant amends claims 21-27. The amendments have been fully considered and entered.

Response to Arguments
For convenience, the newly introduced limitations, as made by amendments, are marked as underlined.
Applicant’s arguments, see Remarks, filed 04/25/2022, with respect to the rejection of claims 21, 23-24, 26, and 27 under 35 U.S.C. § 103 have been fully considered but are not persuasive. The following are applicant arguments recited in the Remarks followed by Examiner's response:
a.	Applicant argues that “Perez is silent about use of the disclosed procedures when a plurality of specific services are provided to one user. It is submitted that none of the cited reference discloses or teaches that the authentication procedures as claimed are used for or useful in providing ‘the plurality of the specific services through the one authentication of each corresponding internal user (or service) ID utilizing one authentication apparatus’ as recited in Applicant’s claims.” (Remarks, pg. 12)
Examiner respectfully disagrees and submits that this argument is moot in light of the new references used in the current rejection. The new references were necessitated by the amendment filed by the applicant.
b.	Applicant argues that “there is no reasonable reason or motivation to modify Oberheide in view of Perez as the focus of Perez is to provide efficient mutual authentication between two entities with a device having limited processing power.” (Remarks pg. 12)
Examiner respectfully disagrees and submits that Perez’s mutual authentication method bridges the gaps in Oberheide’s technique because Oberheide only does authentication one way (Fig. 2). Incorporating Perez’s mutual authentication method would enhance secure communication by having each party authenticate each other such that the service provider will not provide the service unless the user is authenticated and the user will not receive the service unless the service is authenticated.

Claim Objections
Claims 21 and 26 are objected to because of the following informalities:  
Regarding claim 21, the comma in the limitation “an authentication side registering unit configured to generate an authentication side private key to be used by the one authentication apparatus, and an authentication side public key corresponding to the authentication side private key,” in lines 11-12 should be deleted to correct grammar issues. 
Regrading claim 26, the limitation “generating the authentication side private key, the authentication side public key,” in line 5 should be “generating the authentication side private key[,] and the authentication side public key,” to correct grammar issues. Appropriate correction is required.

Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.


The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.


Claims 21-28 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA  35 U.S.C. 112, the applicant), regards as the invention.
Regrading claim 21, it is not clear whether the limitation “an internal user ID” in lines 40-41 is the same as the limitation “an internal user ID” in line 35 of the claim. If they are different, examiner suggests using “first” and “second” to distinguish them. Furthermore, there is insufficient antecedent basis regarding the limitation “the specific services” in lines 40 and 44. Claims 22, 26, and 28 do not remedy these deficiencies and are rejected with the same rationale.
Claim 22 recites the limitation "the specific services" in lines 27-28 and 31-32.  There is insufficient antecedent basis for this limitation in the claim.
Claim 23 recites the limitation "the specific services" in lines 36-37 and 40-41.  There is insufficient antecedent basis for this limitation in the claim. Claims 27 and 29 do not remedy this deficiency and are rejected with the same rationale.
Regrading claim 24, it is not clear whether the limitation “an internal user ID” in line 25 is the same as the limitation “an internal user ID” in line 9 of the claim. If they are different, examiner suggests using “first” and “second” to distinguish them. Furthermore, there is insufficient antecedent basis regarding the limitation “the specific services” in lines 24 and 28. Claim 25 does not remedy these deficiencies and is rejected with the same rationale.
Claim 26 recites the limitation "the specific services" in line 20.  There is insufficient antecedent basis for this limitation in the claim.
Claim 27 recites the limitation "the specific services" in line 19-20.  There is insufficient antecedent basis for this limitation in the claim.

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 24-25 are rejected under 35 U.S.C. 103 as being unpatentable over Oberheide et al. (US 20150304110 A1; hereinafter “Oberheide”) which was included in the IDS filed on 09/11/2019 in view of Perez et al. (US 20150074403 A1; hereinafter “Perez”) which was included in the IDS filed on 04/28/2020, and further in view of Diestler et al. (US 20160255089 A1; hereinafter “Diestler”).
As per claim 24, Oberheide discloses: a service apparatus that is pairable with one authentication apparatus in an information communication system, the service apparatus comprising: 
a service side controller, wherein the service side controller comprises a processing hardware unit (Oberheide, Fig. 13, service provider includes processors) configured to authenticate a user ID identifying the authentication apparatus by: 
upon receiving an authentication side public key from the one authentication apparatus, storing the authentication side public key associating the authentication side public key with an internal user ID, which is an identification marker for the one authentication apparatus 6Application No. 16/567,248Attorney Docket No. P170127US01corresponding to a specific service, and transmitting the internal user ID to the one authentication apparatus (Oberheide, [0028], wherein the service provider receives the public key from the authentication device, [0067], and the received public key is stored and associated with a user identifier at the service provider, [0079], wherein the service provider provides the user identifier to the authentication device), and
upon receiving an authentication request with the internal user ID specified from the one authentication apparatus, transmitting service side encrypted data to the one authentication apparatus (Oberheide, Fig. 2 and [0025], after login request is received from a user, the service provider encrypts sensitive data and sends the encrypted sensitive data to the authentication device via an authentication service). 
Oberheide does not disclose, however, Perez teaches or suggests: the service side encrypted data being obtained by encrypting service side original data using the stored authentication side public key that corresponds to the internal user ID, the service side original data being any data prepared in the service apparatus (Perez, [0007], second entity (i.e., service apparatus) generates a first random number (i.e., any data prepared in the service apparatus) and encrypts the first random number with the first entity public key (i.e., authentication side public key)), 
receiving service side computed data from the one authentication apparatus, the service side computed data having been obtained by decrypting the service side encrypted data to obtain service side decrypted data and performing predetermined computation on the service side decrypted data (Perez, [0007], first entity decrypts the encrypted first random number using the first entity private key, generating a 1st hash of the first random number and transmitting an encrypted 1st hash of the first random number), and 
determining that the internal user ID is genuine when the service side computed data received from the authentication apparatus matches data obtained by performing the predetermined computation on the service side original data (Perez, [0007] and [0032], encrypted 1st hash is received and decrypted and the received 1st hash is checked with a generated hash to see if it matches to authenticate the first entity).
It would have been obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention to modify/combine the teachings of the modified Oberheide to include a mutual authentication system including generating random number challenges and utilizing asymmetric key encryption and hashing techniques to verify the random challenge as taught by Perez for the benefit of efficient mutual authentication with a device having limited processing power (Perez, [0006]).
While the modified Oberheide teaches: the information communication system is configured such that, when a plurality of the specific services are provided, the authentication side public key for authenticating an internal user ID is stored in the service apparatus that provides the specific service in association with the internal user ID, and the authentication side private key corresponding to the authentication side public key is stored in the authentication apparatus (Oberheide, [0020], “The authentication service can be used by a plurality of different service providers (i.e., plurality of services),” [0093], “the service provider 120 stores the public key received from the authentication device 140 in association with the user identifier,” [0028], “The private key is preferably stored at the authentication device”), the modified Oberheide does not disclose, however, Diestler teaches or suggests: authenticating an internal user ID related to each specific service so as to provide the plurality of the specific services through the authentication of the corresponding internal user ID utilizing the one authentication apparatus (Diestler, [0021], “The internal user identifier represents an aggregate identity of the distinct corresponding organizational identity(s) of the individual among the organizations and/or external identity(s) of the individual among external content services. The content access manager may map the individual's internal user identifier to content permissions (e.g., read/write/share permissions) associated with the individual across each organization that is associated with the individual and the external content service(s) associated with the individual,” [0083]-[0088], authenticating an internal user ID to provide access to a plurality of specific services).
It would have been obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention to modify/combine the teachings of the modified Oberheide to include authenticating an internal user ID to provide access to a plurality of specific services as taught by Diestler for the benefit of managing content access and sharing across organizations, while still protecting the content from unauthorized access (Diestler, [0005]).

As per claim 25, claim 24 is incorporated and the modified Oberheide discloses: wherein the service apparatus is pairable with the one authentication apparatus (Oberheide, [0028], synchronizing keys between service provider and authentication device to establish trust).
The modified Oberheide does not disclose, however, Perez teaches or suggests: the authentication apparatus comprising an authentication side controller (Perez, [0042], processor), and 
wherein the authentication side controller comprises a processing hardware unit configured to authenticate a service ID identifying the service apparatus, by comparing a set of data that has been subject to at least one round of encryption and decryption using a pair of public and private keys associated with the service ID with the same set of data before the at least one round of encryption and decryption (Perez, [0042], processor, [0007], and [0029]-[0032], mutual authentication method including comparing data that has been subject to at least one round of encryption and decryption using a public-private key pair).
It would have been obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention to modify/combine the teachings of modified Oberheide to include an authentication side controller configured to authenticate a service ID identifying the service apparatus as taught by Perez for the benefit of efficient mutual authentication with a device having limited processing power (Perez, [0006]).

Claims 21, 26, and 28 are rejected under 35 U.S.C. 103 as being unpatentable over Oberheide in view of Perez and further in view of Spencer et al. (US 9980140 B1; hereinafter “Spencer”) and Diestler.
As per claims 21 and 26, Oberheide discloses: an information communication system and an information communication method, the system comprising: 
a service apparatus configured to provide a specific service (Oberheide, Fig. 3, service provider 120), and 
one authentication apparatus configured to perform an authentication at a time of using the specific service and to communicate with the service apparatus via an information communication means (Oberheide, Fig. 3, authentication device 140), wherein: 
the one authentication apparatus comprises an authentication side controller comprising an authentication side registering unit configured to generate an authentication side private key to be used by the one authentication apparatus, and an authentication side public key corresponding to the authentication side private key, to store the authentication side private key, and to transmit the authentication side public key to the service apparatus (Oberheide, Fig. 12, authentication device includes processors (i.e., authentication side controller and units), [0028], wherein the authentication device generates a public key and private key, stores the private key and passes the public key to the service provider), 
the service apparatus comprises a service side controller comprising a service side registering unit that, upon receiving the authentication side public key from the authentication apparatus, is configured to store the authentication side public key associating the authentication side public key with an internal user ID, which is an identification marker for the one authentication apparatus corresponding to the specific service, and to transmit the internal user ID to the one authentication apparatus (Oberheide, Fig. 13, service provider includes processors (i.e., service side controller and units), [0028], wherein the service provider receives the public key from the authentication device, [0067] and [0092], and the received public key is stored and associated with a user identifier at the service provider, [0079], wherein the service provider provides the user identifier to the authentication device), and
the service side controller further comprises a service side encrypting unit that, upon receiving from the one authentication apparatus an authentication request with the internal user ID specified, is configured to transmit service side encrypted data to the authentication side controller (Oberheide, Fig. 2 and [0025], after login request is received from a user, the service provider encrypts sensitive data and sends the encrypted sensitive data to the authentication device via an authentication service).
Oberheide does not disclose, however, Perez teaches or suggests: the service side encrypted data being obtained by encrypting service side original data using the authentication side public key that corresponds to the internal user ID and is stored in the service side registering unit, the service side original data being any data prepared in the service apparatus (Perez, [0007], second entity (i.e., service apparatus) generates a first random number (i.e., any data prepared in the service apparatus) and encrypts the first random number with the first entity public key (i.e., authentication side public key)), 
the authentication side controller further comprises an authentication side decrypting unit configured to transmit to the service apparatus service side computed data obtained by performing predetermined computation on service side decrypted data, the service side decrypted data being obtained by decrypting the service side encrypted data received from the service side controller, using the authentication side private key that is stored in the authentication side registering unit (Perez, [0007], first entity decrypts the encrypted first random number using the first entity private key, generating a 1st hash of the first random number and transmitting an encrypted 1st hash of the first random number), and 
the service side controller further comprises an internal user ID genuineness determining unit configured to determine that the internal user ID is genuine when the service side computed data received from the one authentication apparatus matches data obtained by performing the predetermined computation on the service side original data (Perez, [0007] and [0032], encrypted 1st hash is received and decrypted and the received 1st hash is checked with a generated hash to see if it matches to authenticate the first entity).
It would have been obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention to modify/combine the teachings of the modified Oberheide to include a mutual authentication system including generating random number challenges and utilizing asymmetric key encryption and hashing techniques to verify the random challenge as taught by Perez for the benefit of efficient mutual authentication with a device having limited processing power (Perez, [0006]).
The modified Oberheide does not teach, however, Spencer teaches or suggests: the information communication system is configured to perform the authentication for making the specific service available on a precondition that pairing is established between the service apparatus and the one authentication apparatus (Spencer, col. 22 lines 30-35, after pairing is complete, the controller seeks to validate the device by executing a challenge/authentication process).
It would have been obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention to modify/combine the teachings of the modified Oberheide to include pairing before performing an authentication as taught by Spencer for the benefit of enhancing security by validating each party to each other after establishing secure communications/pairing (Spencer, col. 22 lines 30-35).
While the modified Oberheide teaches: the information communication system is configured such that, when a plurality of the specific services are provided, the authentication side public key for authenticating an internal user ID is stored in the service apparatus that provides the specific service in association with the internal user ID, and the authentication side private key corresponding to the authentication side public key is stored in the authentication apparatus (Oberheide, [0020], “The authentication service can be used by a plurality of different service providers (i.e., plurality of services),” [0093], “the service provider 120 stores the public key received from the authentication device 140 in association with the user identifier,” [0028], “The private key is preferably stored at the authentication device”), the modified Oberheide does not disclose, however, Diestler teaches or suggests: authenticating an internal user ID related to each specific service so as to provide the plurality of the specific services through the authentication of the corresponding internal user ID utilizing the one authentication apparatus (Diestler, [0021], “The internal user identifier represents an aggregate identity of the distinct corresponding organizational identity(s) of the individual among the organizations and/or external identity(s) of the individual among external content services. The content access manager may map the individual's internal user identifier to content permissions (e.g., read/write/share permissions) associated with the individual across each organization that is associated with the individual and the external content service(s) associated with the individual,” [0083]-[0088], authenticating an internal user ID to provide access to a plurality of specific services).
It would have been obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention to modify/combine the teachings of the modified Oberheide to include authenticating an internal user ID to provide access to a plurality of specific services as taught by Diestler for the benefit of managing content access and sharing across organizations, while still protecting the content from unauthorized access (Diestler, [0005]).

As per claim 28, claim 26 is incorporated and the modified Oberheide discloses: a non-transitory computer-readable medium storing a program that, when executed by a computer, performs the information communication method according to claim 26 (Oberheide, [0129] and [0139], machine-readable storage medium).

Claims 22 is rejected under 35 U.S.C. 103 as being unpatentable over Oberheide in view of Perez, Spencer, Diestler, and further in view of Ross et al. (US 20190334884 A1; hereinafter “Ross”).
As per claim 22, claim 21 is incorporated and the modified Oberheide discloses: wherein: the service side registering unit is further configured to generate a service side private key being a private key to be used by the service apparatus and a service side public key corresponding to the service side private key, to store the service side private key, and to transmit the service side public key to the authentication apparatus (Oberheide, Fig. 13, service provider includes processors (i.e., service side controller and units), [0028], wherein the service provider generates a public key and private key, stores the private key and passes the public key to the authentication device).
The modified Oberheide does not disclose, however, Perez teaches or suggests: transmitting the service side public key together with a service ID that is an identification marker for the service apparatus in the specific service to the one authentication apparatus (Perez, [0009] and [0029], the second entity (i.e., service apparatus) sends a certificate chain to the first entity (i.e., authentication apparatus) where a certificate chain includes an identifier of the second entity (i.e., service ID) and the public key of the second entity),
upon receiving the service side public key from the service apparatus, the authentication side registering unit is further configured to store the service side public key associating the service side public key with the service ID (Perez, [0029]-[0030] and [0009], entity A (i.e., authentication apparatus) stores entity B’s (i.e., service apparatus) certificate chain which consists of entity B’s identifier and public key, thus, the public key of entity B is stored and is associated with the identifier of entity B), 
the authentication side controller further comprises an authentication side encrypting unit that, upon receiving information to request authentication with the service ID specified from the service apparatus, is configured to transmit authentication side encrypted data to the service apparatus, the authentication side encrypted data being obtained by encrypting authentication side original data prepared in the one authentication apparatus, using the service side public key that corresponds to the service ID and is stored in the authentication side registering unit (Perez, [0007] and [0029]-[0032], upon entity A (i.e., authentication apparatus) receiving the HelloB message which includes the certificate chain of entity B (i.e., service apparatus), entity A generates a KeyConfirmA message which includes a random number (i.e., authentication side original data) encrypted using the public key of entity B and sends keyConfirmA to entity B),
the service side controller further comprises a service side decrypting unit that is configured to transmit authentication side computed data, obtained by performing predetermined computation on authentication side decrypted data, to the one authentication apparatus, the authentication side decrypted data being obtained by decrypting the authentication side encrypted data received from the one authentication apparatus, using the service side private key that is stored in the service side registering unit (Perez, [0032]-[0033], entity B (i.e., service apparatus) sends KeyConfirmB (i.e., authentication side computed data) to entity A (i.e., authentication apparatus), the KeyConfirmB obtained by hashing the decrypted RanA value which was obtained by decrypting KeyConfirmA using the private key of entity B), and
the authentication side controller further comprises a service ID genuineness determining unit configured to determine that the service ID is genuine when the authentication side computed data received from the service apparatus matches data obtained by performing the predetermined computation on the authentication side original data (Perez, [0033], entity A (i.e., authentication apparatus) receives KeyConfirmB and verifies the received hash matches a computed hash).
It would have been obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention to modify/combine the teachings of the modified Oberheide to include a mutual authentication system including generating random number challenges and utilizing asymmetric key encryption and hashing techniques to verify the random challenge as taught by Perez for the benefit of efficient mutual authentication with a device having limited processing power (Perez, [0006]).
While the modified Oberheide teaches: the information communication system is configured such that, when the plurality of the specific services are provided, the service side public key for authenticating is stored in the authentication apparatus, and the service side private key corresponding to the service side public key is stored in the service apparatus (Oberheide, [0020], “The authentication service can be used by a plurality of different service providers (i.e., plurality of services),” [0028], wherein the service provider generates a public key and private key, stores the private key and passes the public key to the authentication device), the modified Oberheide does not disclose, however, Ross teaches or suggests: wherein a public key is stored in association with the service ID and authenticating a service ID related to each specific service so as to provide the plurality of the specific services through the authentication of the corresponding service ID utilizing the one authentication apparatus (Ross, Abstract, “A storage device stores public key portions of authentication tokens for mobile device users and remote service identifiers … For actions to initiate a remote service, the program code is for receiving a remote service identifier and challenge information from a remote service server, transmitting at least a portion of the challenge information to a user's mobile device, receiving messages from the user's mobile device, validating at least one of the received messages using the stored public key portion of the authentication token for the user, and if validated, initiating the remote service,” [0056], “the inventors have observed that in using various embodiments of the systems and methods described herein, an Internet user can authenticate to a plurality of Internet (e.g. online) RP Internet services over the Internet from any access point by initiating requests over the Internet for access to the plurality of (RP) Internet services that are pre-registered with a single identity provider (IDP) service such that the requested RP Internet services are identifiable to the single IDP service via Open ID Connect protocol communications, and asserting his/her identity over the Internet to the single IDP service to initiate a device identity provider application (dID app) (such as for example, a PrivaKey™ device identity and authentication application) residing on a registered device of the Internet user”).
It would have been obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention to modify/combine the teachings of the modified Oberheide to include authenticating an internal user ID to provide access to a plurality of specific services as taught by Ross for the benefit of cost-effective, secure, computer-implemented systems and methods to resolve technical challenges and vulnerabilities unique to, and specifically arising in, Internet-centric authentication of Internet users accessing relying party services over the Internet (Ross, [0009]).

Claims 23, 27, and 29 are rejected under 35 U.S.C. 103 as being unpatentable over Oberheide in view of Perez, Spencer, and further in view of Ross.
As per claims 23 and 27, Oberheide discloses: an information communication system and method, the information communication system comprising: 
a service apparatus configured to provide a specific service (Oberheide, Fig. 3, service provider 120), and 
one authentication apparatus configured to perform an authentication at a time of using the specific service and to communicate with the service apparatus via an information communication means (Oberheide, Fig. 3, authentication device 140), wherein: 
the service apparatus comprises a service side controller comprising a service side registering unit configured to generate a service side private key to be used by the service apparatus and a service side public key corresponding to the service side private key, to store the service side private key, and to transmit to the one authentication apparatus the service side public key (Oberheide, Fig. 13, service provider includes processors (i.e., service side controller and units), [0028], wherein the service provider generates a public key and private key, stores the private key and passes the public key to the authentication device).
Oberheide does not disclose, however, Perez teaches or suggests: transmitting the service side public key together with a service ID that is an identification marker for the service apparatus in the specific service to the authentication apparatus (Perez, [0009] and [0029], the second entity (i.e., service apparatus) sends a certificate chain to the first entity (i.e., authentication apparatus) where a certificate chain includes an identifier of the second entity (i.e., service ID) and the public key of the second entity),
the one authentication apparatus comprises an authentication side controller comprising an authentication side registering unit that, upon receiving the service side public key from the service apparatus, is configured to store the service side public key associating the service side public key with the service ID (Perez, [0039], processor 216 (i.e., authentication side controller and units), [0029]-[0030] and [0009], entity A (i.e., authentication apparatus) stores entity B’s (i.e., service apparatus) certificate chain which consists of entity B’s identifier (i.e., service ID) and public key, thus, the public key of entity B is stored and is associated with the identifier of entity B), 
the authentication side controller further comprises an authentication side encrypting unit that, upon receiving from the service apparatus an authentication request with the service ID specified, is configured to transmit authentication side encrypted data to the service apparatus, the authentication side encrypted data being obtained by encrypting authentication side original data using the service side public key that corresponds to the service ID and that is stored in the authentication side registering unit, the authentication side original data being any data prepared in the one authentication apparatus (Perez, [0007] and [0029]-[0032], upon entity A receiving the HelloB message which includes the certificate chain entity B, entity A generates a KeyConfirmA message which includes a random number (i.e., authentication side original data) encrypted using the public key of entity B and sends keyConfirmA to entity B (i.e., service apparatus)),
the service side controller further comprises a service side decrypting unit configured to transmit to the one authentication apparatus authentication side computed data obtained by performing predetermined computation on authentication side decrypted data, the authentication side decrypted data being obtained by decrypting the authentication side encrypted data received from the one authentication apparatus, using the service side private key that is stored in the service side registering unit (Perez, [0032]-[0033], entity B sends KeyConfirmB (i.e., authentication side computed data) to entity A, the KeyConfirmB obtained by hashing the decrypted RanA value which was obtained by decrypting KeyConfirmA using the private key of entity B), and
the authentication side controller further comprises a service ID genuineness determining unit configured to determine that the service ID is genuine when the authentication side computed data received from the service apparatus matches data obtained by performing the predetermined computation on the authentication side original data (Perez, [0033], entity A receives KeyConfirmB and verifies the received hash matches a computed hash).
It would have been obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention to modify/combine the teachings of the modified Oberheide to include a mutual authentication system including generating random number challenges and utilizing asymmetric key encryption and hashing techniques to verify the random challenge as taught by Perez for the benefit of efficient mutual authentication with a device having limited processing power (Perez, [0006]).
The modified Oberheide does not teach, however, Spencer teaches or suggests: the information communication system is configured to perform the authentication for making the specific service available on a precondition that pairing is established between the service apparatus and the one authentication apparatus (Spencer, col. 22 lines 30-35, after pairing is complete, the controller seeks to validate the device by executing a challenge/authentication process).
It would have been obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention to modify/combine the teachings of the modified Oberheide to include pairing before performing an authentication as taught by Spencer for the benefit of enhancing security by validating each party to each other after establishing secure communications/pairing (Spencer, col. 22 lines 30-35).
While the modified Oberheide teaches: the information communication system is configured such that, when the plurality of the specific services are provided, the service side public key for authenticating is stored in the authentication apparatus, and the service side private key corresponding to the service side public key is stored in the service apparatus (Oberheide, [0020], “The authentication service can be used by a plurality of different service providers (i.e., plurality of services),” [0028], wherein the service provider generates a public key and private key, stores the private key and passes the public key to the authentication device), the modified Oberheide does not disclose, however, Ross teaches or suggests: wherein a public key is stored in association with the service ID and authenticating a service ID related to each specific service so as to provide the plurality of the specific services through the authentication of the corresponding service ID utilizing the one authentication apparatus (Ross, Abstract, “A storage device stores public key portions of authentication tokens for mobile device users and remote service identifiers … For actions to initiate a remote service, the program code is for receiving a remote service identifier and challenge information from a remote service server, transmitting at least a portion of the challenge information to a user's mobile device, receiving messages from the user's mobile device, validating at least one of the received messages using the stored public key portion of the authentication token for the user, and if validated, initiating the remote service,” [0056], “the inventors have observed that in using various embodiments of the systems and methods described herein, an Internet user can authenticate to a plurality of Internet (e.g. online) RP Internet services over the Internet from any access point by initiating requests over the Internet for access to the plurality of (RP) Internet services that are pre-registered with a single identity provider (IDP) service such that the requested RP Internet services are identifiable to the single IDP service via Open ID Connect protocol communications, and asserting his/her identity over the Internet to the single IDP service to initiate a device identity provider application (dID app) (such as for example, a PrivaKey™ device identity and authentication application) residing on a registered device of the Internet user”).
It would have been obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention to modify/combine the teachings of the modified Oberheide to include authenticating an internal user ID to provide access to a plurality of specific services as taught by Ross for the benefit of cost-effective, secure, computer-implemented systems and methods to resolve technical challenges and vulnerabilities unique to, and specifically arising in, Internet-centric authentication of Internet users accessing relying party services over the Internet (Ross, [0009]).

As per claim 29, claim 27 is incorporated and the modified Oberheide discloses: a non-transitory computer-readable medium storing a program that, when executed by a computer, performs the information communication method according to claim 27 (Oberheide, [0129] and [0139], machine-readable storage medium).

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. Refer to PTO-892, Notice of References Cited for a listing of analogous art.
Mononen et al. (US 20050287990 A1) teaches a user device authenticating a service identifier using a public key ([0044]).

Any inquiry concerning this communication or earlier communications from the examiner should be directed to ALEXANDER R LAPIAN whose telephone number is (571)272-7552.  The examiner can normally be reached on M-F 9:30-6:00 PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Kristine Kincaid can be reached on 571-272-4063.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.


ALEXANDER R. LAPIAN
Examiner
Art Unit 2437



/ALEXANDER R LAPIAN/Examiner, Art Unit 2437  

 /ALI S ABYANEH/ Primary Examiner, Art Unit 2437