DETAILED ACTION
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
This office action is in response to communication filed on March 23, 2022.
Status of claims within the present application:
Claims 1 – 8 are pending.
Claims 1 – 3, and 6 – 8 are amended. 
Response to Amendment
Applicant’s amendment upon claim 6 has fixed the claim objection presented in the previous office action. Therefore, the claim objection upon claim 6 is withdrawn.
Applicant’s amendment upon claim 8 has fixed the 35 USC 101 rejection, in which the claimed invention is directed to non-statutory subject matter, presented in the previous office action. Therefore, the claim rejection upon claim 8 is withdrawn.
Applicant’s arguments, see page [16 – 17] of Applicant’s remarks, filed on March 23, 2022, with respect to Claims 1 – 5 and 7 – 8 that were rejected under 35 U.S.C. 103 as being unpatentable over US 20130232344 A1 to Johnson et al., (hereinafter, “Johnson”) in view of US 20160065362 A1 to Choyi et al., (hereinafter, “Choyi”), have been considered but are moot because the new ground of rejection does not rely on any of the same interpretations of the same references applied in the prior rejection of record for any teaching or matter specifically challenged in the argument. Therefore, applicant is directed to the response below:
With respect to independent claim 1 and 7 – 8, Applicant argued that Johnson does not teach “generating, by the first process, a group key 5usable for decrypting a data unit retrieved from a shared access memory (SAM)”. Examiner noted that Johnson discloses “enable the multiple secure enclave packages within the same platform or system to create a common key between them, thereby enabling a plurality of packages within the same system or platform to work seamlessly and securely together. In one embodiment, it also enables system managers to group or configure packages together into a secure bundle. In one embodiment, a secure multi-package key is created by providing package-specific key information to each package from a trusted source and enabling them to negotiate and securely store a common multi-package key” [para. 248]. This mapping shows the common key that would be used between the same platform or system thus would indicate the trustworthiness and validate them working securely which is group key presented in the claim. Applicant also argued that Choyi does not teach “wherein the first process obtains each nonce by, at least, applying a platform-provided revealing function to data received from a respective process”. Examiner noted that Choyi does discloses “the first nonce may be referred to as a first intermediate key. The first UE 904 may encrypt the first nonce with a public key of the second UE 906 (denoted Pu.sub.UE2) or the public identity of the second UE 906. At 918, a message with the encrypted first nonce is sent to the second UE 906 from the first UE 904. At 920, upon receiving the message from the first UE 904, the second UE 906 decrypts the first nonce in accordance with the illustrated embodiment. The second UE 906 may decrypt the first nonce and other keying material using its private key” [para. 63]. This mapping shows decrypt an encrypted message that contains both the nonce and other keying materials which would be used by the second UE. Choyi’s First UE does encrypt the message to provide a secure communication between the two UE. Therefore, the rejection still stands.
Information Disclosure Statement
The information disclosure statement (IDS) submitted on November 23, 2021 was filed after the mailing date of the non-final rejection on September 23, 2021.  The submission is in compliance with the provisions of 37 CFR 1.97.  Accordingly, the information disclosure statement is being considered by the examiner.
Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

The factual inquiries for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or non-obviousness.
Claims 1 – 5 and 7 – 8 are rejected under 35 U.S.C. 103 as being unpatentable over US 20130232344 A1 to Johnson et al., (hereinafter, “Johnson”) in view of US 20160065362 A1 to Choyi et al., (hereinafter, “Choyi”).
Regarding claim 1, Johnson teaches a method of authenticating one or more peer processes by a first process executing on a processing and memory circuitry (PMC) providing a protected container infrastructure, wherein each of the first process and the peer processes execute in a respective protected container, and each of the respective containers is comprised in a first container group of the protected container infrastructure, [Johnson, para. 35 discloses microprocessor 100 having one or more processor cores 105 and 110, each having associated therewith a local cache 107 and 113, respectively. Also illustrated in FIG. 1 is a shared cache memory 115 which may store versions of at least some of the information stored in each of the local caches 107 and 113. In some embodiments, microprocessor 100 may also include other logic not shown in FIG. 1, such as an integrated memory controller, integrated graphics controller, as well as other logic to perform other functions within a computer system, such as I/O control. In one embodiment, each microprocessor in a multi-processor system or each processor core in a multi-core processor may include or otherwise be associated with logic 119 to enable secure enclave techniques, in accordance with at least one embodiment. The logic may include circuits, software (embodied in a tangible medium) or both to enable more efficient resource allocation among a plurality of cores or processors than in some prior art implementations.] the method comprising: generating, by the first process, a group key 5usable for decrypting a data unit retrieved from a shared access memory (SAM), [Johnson, para. 248 discloses enable the multiple secure enclave packages within the same platform or system to create a common key between them, thereby enabling a plurality of packages within the same system or platform to work seamlessly and securely together. In one embodiment, it also enables system managers to group or configure packages together into a secure bundle. In one embodiment, a secure multi-package key is created by providing package-specific key information to each package from a trusted source and enabling them to negotiate and securely store a common multi-package key]10, but Johnson does not teach wherein the generating utilizes, at least, a nonce provided by each of the one or more processes, and wherein the first process obtains each nonce by, at least, applying a platform-provided revealing function to data received from a respective process, and wherein the platform-provided revealing function decrypts the respective data in accordance with an unsealing decryption key, wherein data indicative of the unsealing decryption key is maintained in the PMC, and wherein the PMC is configured to provide the data indicative of the unsealing decryption key only to a process executing in a container comprised in the first container group; and b) successfully decrypting, by the first process, using the generated group key, an encrypted data unit written by a process of the one or more peer processes to the SAM, thereby verifying that of each of the peer processes is executing in a container of the first container group.
However, Choyi does teach wherein the generating utilizes, at least, a nonce provided by each of the one or more processes, [Choyi, para. 45 discloses the PSSF 202 generates a nonce. Further, the PSSF 202 may derive a first intermediate key that is equal to a function of the nonce and the first key KeNB1. The first intermediate key may also be derived based on the nonce and a derivative of the first key KeNB1. The derivative of the first key may be referred to as a first derivative key KeNB1+. In some cases, the first derivative key KeNB1+ may be used at least primarily, for instance exclusively, for ProSe services. For convenience, the first intermediate key is referred to as “X” and the function that generates X may be represented by f (Nonce, KeNB1) or f(Nonce, KeNB1+).] and wherein the first process obtains each nonce by, at least, applying a platform-provided revealing function to data received from a respective process, and wherein the platform-provided revealing function decrypts the respective data in accordance with an unsealing decryption key, [Choyi, para. 63 discloses  The first nonce may be referred to as a first intermediate key. The first UE 904 may encrypt the first nonce with a public key of the second UE 906 (denoted Pu.sub.UE2) or the public identity of the second UE 906. At 918, a message with the encrypted first nonce is sent to the second UE 906 from the first UE 904. At 920, upon receiving the message from the first UE 904, the second UE 906 decrypts the first nonce in accordance with the illustrated embodiment. The second UE 906 may decrypt the first nonce and other keying material using its private key] wherein data indicative of the unsealing decryption key is maintained in the PMC, and wherein the PMC is configured to provide the data indicative of the unsealing decryption key only to a process executing in a container comprised in the first container group; [Choyi, para. 63 discloses At 922, a message with the encrypted first nonce is sent to the first UE 904 from the second UE 906. The second UE 906 may optionally include the first nonce (Nonce.sub.UE1) within the encrypted message content that is sent at 922. At 924, in accordance with the illustrated embodiment, the first UE 904 decrypts the nonces, which may be also be referred to generally as keying material. The first UE 904 may then derive ProSe session keys, which may also be referred to as third keys or common shared keys. For example, the common shared key may be derived by using a HMAC-SHA-256 function on the public identities of the first and second UEs 904 and 906, and the first and second nonces. Alternatively, the key(s) derived may be bound to a channel. For example, the keys may be a TLS master secret if the keys are bound to a TLS channel or to an EAP channel. Thus, the common shared key (ProSe session key) may be derived by using a HMAC-SHA-256 function on the public identities of the first and second UEs 904 and 906, the first and second nonces, and a channel ID.] and b) successfully decrypting, by the first process, using the generated group key, an encrypted data unit written by a process of the one or more peer processes to the SAM, thereby verifying that of each of the peer processes is executing in a container of the first container group. [Choyi, para. 53 discloses Further, each UE 704 and 706 may encrypt its respective beacon with its private key, and the other UE, which can be referred to as a peer UE, can decrypt the beacon information using the advertising UE's public key to authenticate the advertising UE. Thus, the first UE 704 may encrypt its beacon with a private key, and the second UE 706 may decrypt the beacon using the public key of the first UE 702. The second UE 706 may then authenticate the first UE 704 using the private key of the first UE 704. In some cases, when a UE detects that it has found one of the UEs for which it was looking, the UE may send an indication to the eNB 702. The eNB 702 may configure the UE with next hop parameters (e.g., Next Chaining Hop Counter (NCC), Next-Hop (NH)) to derive a shared secret using parameters. Parameters that are used to derive the shared secret may include, for example, a peer UE's public key, the UE's own private key, the NCC, the NH, or the like. Thus, key distribution to peer UEs by the eNB 702 may be substantially symmetric.]
Therefore, it would have been obvious to one of ordinary skill within the art before the effective filling date to combine Choyi’s system with Johnson’s system, with a motivation to create ProSe application-layer security associations, which can then be used to protect application layer communications between two peers, such as the first and second UE 704 and 706 for example, or between members within a group. Thus, application layer communications can be confidential and can be integrity protected. [Choyi, para. 50]

Regarding claim 2, modified Johnson teaches the method of claim 1, but Johnson does not teach wherein step a) is further performed by each of the one or more peer processes. 
However, Choyi does teach wherein step a) is further performed by each of the one or more peer processes. [Choyi, para. 45 discloses the PSSF 202 generates a nonce. Further, the PSSF 202 may derive a first intermediate key that is equal to a function of the nonce and the first key KeNB1. The first intermediate key may also be derived based on the nonce and a derivative of the first key KeNB1. The derivative of the first key may be referred to as a first derivative key KeNB1+. In some cases, the first derivative key KeNB1+ may be used at least primarily, for instance exclusively, for ProSe services. For convenience, the first intermediate key is referred to as “X” and the function that generates X may be represented by f (Nonce, KeNB1) or f (Nonce, KeNB1+). The function that generates X may be a HMAC-SHA-256 function, for example. Similarly, at 714, the PSSF 202 may derive a second intermediate key that is equal to a function of the nonce and the second key KeNB2. The second intermediate key may also be derived based on the nonce and a derivative of the second key KeNB2. The derivative of the second key may be referred to as a second derivative key KeNB2+. In some cases, the second derivative key KeNB2+ may be used at least primarily, for instance exclusively, for ProSe services. For convenience, the second intermediate key is referred to as “Y” and the function that generates Y may be represented by f (Nonce, KeNB2) or f(Nonce, KeNB2+). In accordance with the illustrated embodiment, at 716, the PSSF 202 sends (transmits) the nonce and second intermediate key Y to the first UE 704. The second intermediate key Y may be encrypted using X, and thus the encrypted value of Y may be represented by “{Y}x”. At 718, in accordance with the illustrated embodiment, the PSSF 202 sends (transmits) the nonce and the second intermediate key X to the second UE 706. The second intermediate key X may be encrypted using Y, and thus the encrypted value of X may be represented by {Y}x. At 720, the first UE 704 derives X from the function of the nonce and the first key, and further decrypts Y using X. The first UE 704 may generate a third key (KeNB)PrAS that is equal to a function of the first intermediate key X and second intermediate key Y, and thus can be referred to as f(X, Y). (Examiner note that the first intermediate key which is the first nonce from a first UE and the second intermediate key which is the second nonce from a second UE. Both are used to create a third key that is used by both the first UE and second UE.)]
Therefore, it would have been obvious to one of ordinary skill within the art before the effective filling date to combine Choyi’s system with Johnson’s system, with a motivation to create ProSe application-layer security associations, which can then be used to protect application layer communications between two peers, such as the first and second UE 704 and 706 for example, or between members within a group. Thus, application layer communications can be confidential and can be integrity protected. [Choyi, para. 50]

 Regarding claim 3, modified Johnson teaches the method of claim 2, but Johnson does not teach wherein the generating a group key is in accordance with a method comprising: generating a nonce; creating encrypted, integrity-protected data in accordance with the nonce and the platform-provided hiding function; storing the encrypted, integrity-protected data to a location in a shared access memory;WO 2019/186554PCT/IL2019/05035121 retrieving, at least, nonces stored by each of the at least two processes excepting itself, wherein the nonces are retrieved in accordance with data read from locations in shared access memory and the platform-provided revealing function; and generating a group key, in accordance with a key generation function and at least the 5retrieved nonces and the nonce generated by the first process.  
However, Choyi does teach wherein the generating a group key is in accordance with a method comprising: generating a nonce; [Choyi, para. 45 discloses the PSSF 202 generates a nonce] creating encrypted, integrity-protected data in accordance with the nonce and the platform-provided hiding function; [Choyi, para. 38 discloses keys may also be derived (generated), and the derived keys may be used to encrypt and integrity-protect user data communications. By way of example, a public safety worker may want communications to be encrypted and messages to be authenticated to ensure that P2P communications are only received and processed by intended personnel] storing the encrypted, integrity-protected data to a location in a shared access memory;WO 2019/186554PCT/IL2019/05035121 [Choyi, para. 85 discloses Users/UEs may maintain and store a list of user identities 1102 that have been communicated for discovery purposes. For example, the list of identities 1102 that are maintained by a user may imply that the users whose identities have been listed are providing a discovery authorization to the particular user that maintains the list. When a user receives a discovery message, it may use its list of identities 1102. The user may run each one of the identities from the list of identities 1102 through a hashing algorithm 1104 to compute a hashed value of the identity. Still referring to FIG. 11A, at 1106, the computed hashed value of the identity may be compared to the hashed identity that was received in the discovery message. If there is a match, the user/UE may process the discovery message. If there is not match, the UE may retrieve another identity from the list of identities 1102 until there are not more identities to retrieve, or until there is a match. Para. 88 discloses a UE may store a list of identities and shared secrets 1102a. Thus, an identity and a shared secret may be provided to the hashing algorithm, as described with reference to FIG. 11A.] retrieving, at least, nonces stored by each of the at least two processes excepting itself, wherein the nonces are retrieved in accordance with data read from locations in shared access memory and the platform-provided revealing function; [Choyi, para. 45 discloses the PSSF 202 generates a nonce. Further, the PSSF 202 may derive a first intermediate key that is equal to a function of the nonce and the first key KeNB1. The first intermediate key may also be derived based on the nonce and a derivative of the first key KeNB1. The derivative of the first key may be referred to as a first derivative key KeNB1+. In some cases, the first derivative key KeNB1+ may be used at least primarily, for instance exclusively, for ProSe services. For convenience, the first intermediate key is referred to as “X” and the function that generates X may be represented by f (Nonce, KeNB1) or f(Nonce, KeNB1+). The function that generates X may be a HMAC-SHA-256 function, for example. Similarly, at 714, the PSSF 202 may derive a second intermediate key that is equal to a function of the nonce and the second key KeNB2. The second intermediate key may also be derived based on the nonce and a derivative of the second key KeNB2. The derivative of the second key may be referred to as a second derivative key KeNB2+. In some cases, the second derivative key KeNB2+ may be used at least primarily, for instance exclusively, for ProSe services. For convenience, the second intermediate key is referred to as “Y” and the function that generates Y may be represented by f (Nonce, KeNB2) or f(Nonce, KeNB2+). In accordance with the illustrated embodiment, at 716, the PSSF 202 sends (transmits) the nonce and second intermediate key Y to the first UE 704. The second intermediate key Y may be encrypted using X, and thus the encrypted value of Y may be represented by “{Y}x”. At 718, in accordance with the illustrated embodiment, the PSSF 202 sends (transmits) the nonce and the second intermediate key X to the second UE 706. The second intermediate key X may be encrypted using Y, and thus the encrypted value of X may be represented by {Y}x. At 720, the first UE 704 derives X from the function of the nonce and the first key, and further decrypts Y using X. The first UE 704 may generate a third key (KeNB)PrAS that is equal to a function of the first intermediate key X and second intermediate key Y, and thus can be referred to as f(X, Y). (Examiner note that the first intermediate key which is the first nonce from a first UE and the second intermediate key which is the second nonce from a second UE. Both are used to create a third key that is used by both the first UE and second UE.)] and generating a group key, in accordance with a key generation function and at least the 5retrieved nonces and the nonce generated by the first process. [Choyi, para. 46 discloses the second UE 706 derives Y from the function of the nonce and the second key, and further decrypts X using Y. In accordance with the illustrated embodiment, the second UE 704 also generates the third key (KeNB).sub.PrAS that is equal to a function of the first intermediate key X and the second intermediate key Y. The third key (KeNB).sub.PrAS may form the root-key for ProSe communications, and thus the third key can also be referred to as a common shared key for securing proximity communications between the first UE 704 and the second UE 706.]
Therefore, it would have been obvious to one of ordinary skill within the art before the effective filling date to combine Choyi’s system with Johnson’s system, with a motivation to create ProSe application-layer security associations, which can then be used to protect application layer communications between two peers, such as the first and second UE 704 and 706 for example, or between members within a group. Thus, application layer communications can be confidential and can be integrity protected. [Choyi, para. 50]

As per claim 4, modified Johnson teaches the method of claim 3, wherein the key generation function is a cryptographic hash function. [Johnson, para. 281 discloses the crypto algorithm used to encrypt these keys is 10 rounds of 128 bit AES-ECB decrypt. The key generation server will apply AES-ECB encrypt to each key to generate a cipher text key that will be burned in fuses.] 

As per claim 5, modified Johnson teaches the method of claim 3, wherein the key generation function is a sampling function. [Johnson, para. 246 discloses an encryption algorithm or program 1773 may then be used to generate a set of secure key information 1773 for all member packages within the system or platform. In one embodiment, the platform-level key is generated using hardware logic which may generate the platform-level key in response to software commands or electrical signals. In one embodiment, the platform level key is to be generated according to prior art encryption algorithms.]

Regarding claim 7, Johnson teaches a processing and memory circuitry (PMC) providing a protected container infrastructure, configured to execute a first process and one or more peer processes, wherein each of the first process and the peer processes execute in a respective protected container, and each of the respective containers is comprised in a first container group of the protected container infrastructure, [Johnson, para. 35 discloses microprocessor 100 having one or more processor cores 105 and 110, each having associated therewith a local cache 107 and 113, respectively. Also illustrated in FIG. 1 is a shared cache memory 115 which may store versions of at least some of the information stored in each of the local caches 107 and 113. In some embodiments, microprocessor 100 may also include other logic not shown in FIG. 1, such as an integrated memory controller, integrated graphics controller, as well as other logic to perform other functions within a computer system, such as I/O control. In one embodiment, each microprocessor in a multi-processor system or each processor core in a multi-core processor may include or otherwise be associated with logic 119 to enable secure enclave techniques, in accordance with at least one embodiment. The logic may include circuits, software (embodied in a tangible medium) or both to enable more efficient resource allocation among a plurality of cores or processors than in some prior art implementations] the first process configured to: a) generate a group key usable 15for decrypting a data unit retried from a shared access memory (SAM), [Johnson, para. 248 discloses enable the multiple secure enclave packages within the same platform or system to create a common key between them, thereby enabling a plurality of packages within the same system or platform to work seamlessly and securely together. In one embodiment, it also enables system managers to group or configure packages together into a secure bundle. In one embodiment, a secure multi-package key is created by providing package-specific key information to each package from a trusted source and enabling them to negotiate and securely store a common multi-package key]20, but Johnson does not teach wherein the generating utilizes, at least, a nonce provided by each of the one or more processes, and wherein the first process obtains each nonce by, at least, applying a platform-provided revealing function to data received from a respective peer process, wherein the platform-provided revealing function decrypts the respective data in accordance with an unsealing decryption key, wherein data indicative of the unsealing decryption key is maintained in the PMC, and wherein the PMC is configured to provide the data indicative of the unsealing decryption key only to a process executing in a container comprised in the first container group; and b) successfully decrypting, by the first process, using the generated group key, an encrypted data unit written to the shared access memory (SAM) by a process of the one or more peer processes, thereby verifying that each of the peer processes is executing in a container of the first container group.
However, Choyi does teach wherein the generating utilizes, at least, a nonce provided by each of the one or more processes, [Choyi, para. 45 discloses the PSSF 202 generates a nonce. Further, the PSSF 202 may derive a first intermediate key that is equal to a function of the nonce and the first key KeNB1. The first intermediate key may also be derived based on the nonce and a derivative of the first key KeNB1. The derivative of the first key may be referred to as a first derivative key KeNB1+. In some cases, the first derivative key KeNB1+ may be used at least primarily, for instance exclusively, for ProSe services. For convenience, the first intermediate key is referred to as “X” and the function that generates X may be represented by f (Nonce, KeNB1) or f(Nonce, KeNB1+).] and wherein the first process obtains each nonce by, at least, applying a platform-provided revealing function to data received from a respective peer process, wherein the platform-provided revealing function decrypts the respective data in accordance with an unsealing decryption key, [Choyi, para. 63 discloses  The first nonce may be referred to as a first intermediate key. The first UE 904 may encrypt the first nonce with a public key of the second UE 906 (denoted Pu.sub.UE2) or the public identity of the second UE 906. At 918, a message with the encrypted first nonce is sent to the second UE 906 from the first UE 904. At 920, upon receiving the message from the first UE 904, the second UE 906 decrypts the first nonce in accordance with the illustrated embodiment. The second UE 906 may decrypt the first nonce and other keying material using its private key] wherein data indicative of the unsealing decryption key is maintained in the PMC, and wherein the PMC is configured to provide the data indicative of the unsealing decryption key only to a process executing in a container comprised in the first container group; [Choyi, para. 63 discloses At 922, a message with the encrypted first nonce is sent to the first UE 904 from the second UE 906. The second UE 906 may optionally include the first nonce (Nonce.sub.UE1) within the encrypted message content that is sent at 922. At 924, in accordance with the illustrated embodiment, the first UE 904 decrypts the nonces, which may be also be referred to generally as keying material. The first UE 904 may then derive ProSe session keys, which may also be referred to as third keys or common shared keys. For example, the common shared key may be derived by using a HMAC-SHA-256 function on the public identities of the first and second UEs 904 and 906, and the first and second nonces. Alternatively, the key(s) derived may be bound to a channel. For example, the keys may be a TLS master secret if the keys are bound to a TLS channel or to an EAP channel. Thus, the common shared key (ProSe session key) may be derived by using a HMAC-SHA-256 function on the public identities of the first and second UEs 904 and 906, the first and second nonces, and a channel ID.] and b) successfully decrypting, by the first process, using the generated group key, an encrypted data unit written to the shared access memory (SAM) by a process of the one or more peer processes, thereby verifying that each of the peer processes is executing in a container of the first container group. [Choyi, para. 53 discloses Further, each UE 704 and 706 may encrypt its respective beacon with its private key, and the other UE, which can be referred to as a peer UE, can decrypt the beacon information using the advertising UE's public key to authenticate the advertising UE. Thus, the first UE 704 may encrypt its beacon with a private key, and the second UE 706 may decrypt the beacon using the public key of the first UE 702. The second UE 706 may then authenticate the first UE 704 using the private key of the first UE 704. In some cases, when a UE detects that it has found one of the UEs for which it was looking, the UE may send an indication to the eNB 702. The eNB 702 may configure the UE with next hop parameters (e.g., Next Chaining Hop Counter (NCC), Next-Hop (NH)) to derive a shared secret using parameters. Parameters that are used to derive the shared secret may include, for example, a peer UE's public key, the UE's own private key, the NCC, the NH, or the like. Thus, key distribution to peer UEs by the eNB 702 may be substantially symmetric.]
Therefore, it would have been obvious to one of ordinary skill within the art before the effective filling date to combine Choyi’s system with Johnson’s system, with a motivation to create ProSe application-layer security associations, which can then be used to protect application layer communications between two peers, such as the first and second UE 704 and 706 for example, or between members within a group. Thus, application layer communications can be confidential and can be integrity protected. [Choyi, para. 50]

Regarding claim 8, Johnson teaches a computer program product comprising a non- transitory computer readable storage medium containing program instructions, which programs instructions when read by processing and memory circuitry (PMC), causes the PMC to perform a method of authenticating one or more peer processes comprised in a first container group within a protected container infrastructure, the method being performed by a first process executing in a protected container of the first container group, [Johnson, para. 38 discloses one or more aspects of at least one embodiment may be implemented by representative data stored on a machine-readable medium which represents various logic within the processor, which when read by a machine causes the machine to fabricate logic to perform the techniques described herein. Such representations, known as "IP cores" may be stored on a tangible, machine readable medium ("tape") and supplied to various customers or manufacturing facilities to load into the fabrication machines that actually make the logic or processor. para. 35 discloses microprocessor 100 having one or more processor cores 105 and 110, each having associated therewith a local cache 107 and 113, respectively. Also illustrated in FIG. 1 is a shared cache memory 115 which may store versions of at least some of the information stored in each of the local caches 107 and 113. In some embodiments, microprocessor 100 may also include other logic not shown in FIG. 1, such as an integrated memory controller, integrated graphics controller, as well as other logic to perform other functions within a computer system, such as I/O control. In one embodiment, each microprocessor in a multi-processor system or each processor core in a multi-core processor may include or otherwise be associated with logic 119 to enable secure enclave techniques, in accordance with at least one embodiment. The logic may include circuits, software (embodied in a tangible medium) or both to enable more efficient resource allocation among a plurality of cores or processors than in some prior art implementations.] the method comprising: a) 5generating, by the first process, a group key usable for decrypting a data unit retrieved from a shared access memory (SAM), [Johnson, para. 248 discloses enable the multiple secure enclave packages within the same platform or system to create a common key between them, thereby enabling a plurality of packages within the same system or platform to work seamlessly and securely together. In one embodiment, it also enables system managers to group or configure packages together into a secure bundle. In one embodiment, a secure multi-package key is created by providing package-specific key information to each package from a trusted source and enabling them to negotiate and securely store a common multi-package key], but Johnson does not teach wherein the generating utilizes, at least, a nonce provided by each of the one or more peer processes, and wherein the first process obtains each nonce by, at least, applying a platform-provided revealing function to data received from a respective process, wherein the platform-provided revealing function decrypts the respective data in accordance with an unsealing decryption key, wherein data indicative of the unsealing decryption key is maintained in the PMC, and wherein the PMC is configured to provide the data indicative of the unsealing decryption key only to a process executing in a container comprised in the first container group; and b) successfully decrypting, by first process, using the generated group key, an encrypted data unit written to the SAM by a process of the one or more peer processes, thereby verifying that each of the peer processes is executing in a container of the first container group.
However, Choyi does teach wherein the generating utilizes, at least, a nonce provided by each of the one or more peer processes, [Choyi, para. 45 discloses the PSSF 202 generates a nonce. Further, the PSSF 202 may derive a first intermediate key that is equal to a function of the nonce and the first key KeNB1. The first intermediate key may also be derived based on the nonce and a derivative of the first key KeNB1. The derivative of the first key may be referred to as a first derivative key KeNB1+. In some cases, the first derivative key KeNB1+ may be used at least primarily, for instance exclusively, for ProSe services. For convenience, the first intermediate key is referred to as “X” and the function that generates X may be represented by f (Nonce, KeNB1) or f(Nonce, KeNB1+).] and wherein the first process obtains each nonce by, at least, applying a platform-provided revealing function to data received from a respective process, wherein the platform-provided revealing function decrypts the respective data in accordance with an unsealing decryption key, [Choyi, para. 63 discloses  The first nonce may be referred to as a first intermediate key. The first UE 904 may encrypt the first nonce with a public key of the second UE 906 (denoted Pu.sub.UE2) or the public identity of the second UE 906. At 918, a message with the encrypted first nonce is sent to the second UE 906 from the first UE 904. At 920, upon receiving the message from the first UE 904, the second UE 906 decrypts the first nonce in accordance with the illustrated embodiment. The second UE 906 may decrypt the first nonce and other keying material using its private key] wherein data indicative of the unsealing decryption key is maintained in the PMC, and wherein the PMC is configured to provide the data indicative of the unsealing decryption key only to a process executing in a container comprised in the first container group; [Choyi, para. 63 discloses At 922, a message with the encrypted first nonce is sent to the first UE 904 from the second UE 906. The second UE 906 may optionally include the first nonce (Nonce.sub.UE1) within the encrypted message content that is sent at 922. At 924, in accordance with the illustrated embodiment, the first UE 904 decrypts the nonces, which may be also be referred to generally as keying material. The first UE 904 may then derive ProSe session keys, which may also be referred to as third keys or common shared keys. For example, the common shared key may be derived by using a HMAC-SHA-256 function on the public identities of the first and second UEs 904 and 906, and the first and second nonces. Alternatively, the key(s) derived may be bound to a channel. For example, the keys may be a TLS master secret if the keys are bound to a TLS channel or to an EAP channel. Thus, the common shared key (ProSe session key) may be derived by using a HMAC-SHA-256 function on the public identities of the first and second UEs 904 and 906, the first and second nonces, and a channel ID.] and b) successfully decrypting, by first process, using the generated group key, an encrypted data unit written to the SAM by a process of the one or more peer processes, thereby verifying that each of the peer processes is executing in a container of the first container group. [Choyi, para. 53 discloses Further, each UE 704 and 706 may encrypt its respective beacon with its private key, and the other UE, which can be referred to as a peer UE, can decrypt the beacon information using the advertising UE's public key to authenticate the advertising UE. Thus, the first UE 704 may encrypt its beacon with a private key, and the second UE 706 may decrypt the beacon using the public key of the first UE 702. The second UE 706 may then authenticate the first UE 704 using the private key of the first UE 704. In some cases, when a UE detects that it has found one of the UEs for which it was looking, the UE may send an indication to the eNB 702. The eNB 702 may configure the UE with next hop parameters (e.g., Next Chaining Hop Counter (NCC), Next-Hop (NH)) to derive a shared secret using parameters. Parameters that are used to derive the shared secret may include, for example, a peer UE's public key, the UE's own private key, the NCC, the NH, or the like. Thus, key distribution to peer UEs by the eNB 702 may be substantially symmetric.]
Therefore, it would have been obvious to one of ordinary skill within the art before the effective filling date to combine Choyi’s system with Johnson’s system, with a motivation to create ProSe application-layer security associations, which can then be used to protect application layer communications between two peers, such as the first and second UE 704 and 706 for example, or between members within a group. Thus, application layer communications can be confidential and can be integrity protected. [Choyi, para. 50]

Claim 6 is rejected under 35 U.S.C. 103 as being unpatentable over US 20130232344 A1 to Johnson et al., (hereinafter, “Johnson”) in view of US 20160065362 A1 to Choyi et al., (hereinafter, “Choyi”) in further view of US 20170171169 A1 to Lee et al., (hereinafter, “Lee”).
Regarding claim 6, modified Johnson teaches the method of claim 2, but modified Johnson does not teach wherein the first process excludes 10nonces stored by a second process according to whether a frequency of group key rollovers initiated by the second process meets group key rollover threshold.
However, Lee does teach wherein the first process excludes 10nonces stored by a second process according to whether a frequency of group key rollovers initiated by the second process meets group key rollover threshold. [Lee, para. 48 discloses To prevent packet number re-use (and nonce re-use) with a particular group key, the device may be configured to determine whether an expiration condition associated with a group key (e.g., a temporal key) is satisfied based on a subset of bits of the TSF value or a packet number initialization value stored at the non-volatile memory. For example, in response to the device receiving a frame indicating the TSF value (or in response to the device generating the TSF value if the device is operating as an anchor master device), the device may compare a subset of bits of the TSF value to a threshold (e.g., an expiration threshold). The subset of bits includes the same number of bits as the packet number counter. If the subset of bits exceeds the threshold, the expiration condition is satisfied. For example, the device may compare the subset of bits to a particular value (e.g., the expiration threshold), such as a value that is one less than a value associated with the wrap-around condition or a different value that is less than the value associated with the wrap-around condition, and if the value exceeds the particular value, the expiration condition is satisfied. As another example, the device may detect that a value of a set of bits of the packet number initialization value is equal to or exceeds a particular value (e.g., the expiration threshold). The particular value may be a particular amount less than the value associated with the wrap-around condition. If the value of the set of bits is equal to or exceeds the particular value, the expiration condition is satisfied. In response to the expiration condition being satisfied, the device may perform one or more group key expiration actions to prevent nonce re-use with a particular group key. For example, the device may initiate generation of a second group key. As another example, the device may initiate a tear down operation for the data link group.]
Therefore, it would have been obvious to one of ordinary skill within the art before the effective filling date to combine Lee’s system with modified Johnson’s system, with a motivation to prevent nonce re-use in a data link group of a neighbor aware network (NAN) are disclosed. Devices of the data link group may be configured to determine or set packet numbers to particular values based on a packet number initialization scheme associated with the data link group. [Lee, para. 39]

Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to Phuc Pham whose telephone number is (571)272-8893.  The examiner can normally be reached on Monday - Thursday 7:30 AM - 4:30 PM; Friday 8:00 AM - 12:00 PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Kambiz Zand can be reached on (571)272-3811.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.






/P.P./Patent Examiner, Art Unit 2434                                                                                                                                                                                                        
                                                                                                                                                                                                 /DANT B SHAIFER HARRIMAN/Primary Examiner, Art Unit 2434