Notice of Pre-AIA  or AIA  Status
The present application, filed on or after June 10, 2020, is being examined under the first inventor to file provisions of the AIA .

Continued Examination Under 37 CFR 1.114
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection.  Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114.  Applicant's submission filed on 07/05/2022 has been entered.
Claims 1-3, 5-6, 8-12 and 14-16 are pending and are being considered.
Claims 1, 6, 8-9 and 12 have been amended.
Claim 7 have been canceled.
Specification
The title of the invention is not descriptive.  A new title is required that is clearly indicative of the invention to which the claims are directed. 
The following title is suggested: A METHOD OF ESTABLSIHING SECURE COMMUNICATION BETWEEN PLURLAITY OF ENTITIES WITHIN A COMMUNICATION NETWORK. 

Response to 103 
Applicants argument filed on 05/31/2022 have been fully considered and are partially persuasive and are moot in view of new grounds of rejection.
In response to applicant’s argument on page 9 of remarks that there is no teaching, suggestion, or motivation to combine the references, the examiner recognizes that obviousness may be established by combining or modifying the teachings of the prior art to produce the claimed invention where there is some teaching, suggestion, or motivation to do so found either in the references themselves or in the knowledge generally available to one of ordinary skill in the art.  See In re Fine, 837 F.2d 1071, 5 USPQ2d 1596 (Fed. Cir. 1988), In re Jones, 958 F.2d 347, 21 USPQ2d 1941 (Fed. Cir. 1992), and KSR International Co. v. Teleflex, Inc., 550 U.S. 398, 82 USPQ2d 1385 (2007).  In this case, Mansour teaches plurality of entities i.e. first and second computers in communication with managing entity backend server in order to securely exchange communication between each entity based on encrypted request and response packet. Le Saint teaches Managing entity i.e. server computes in instance case for generating two different keys i.e. session keys based on different parameters and then perform secure communication between client and server. Similarly, newly cited reference Eric is also directed towards secure communication with in a network by performing encryption/decryption based on keys. Hence the above references taken as whole are directed towards solving the problem of securing communication within a network and would have been obvious for person of ordinary skills in the art to combine the teaching of all the above references to come to the result of securing communication.  See the rejection below more detail of establishing obviousness. 

Examiners Remarks
	The examiner finds too many inconsistencies within the claim language which makes the inventive concepts unclear. The examiner has highlighted these inconsistencies below in claim objections and suggested amendments where appropriate to overcome the inconsistencies and clarify the inventive concept. For examination purpose the claims are broadly interpreted in view of spec.
Claim Objections
Claims 1,3, 5, 9, 12 and 16 objected to because of the following informalities: 
Claim 1 line 3-6 recites “each first entity” should read as “each first entity of one or more first entities”
Claim 1 line 4 recites “a key generation parameter” should read as “the key generation parameter” to be consistence with key generation parameter recited in line 3.
Claim limitation 1 and 2 recites 
“transmitting, by each first entity, to a managing entity, a key generation parameter specific to each first entity for obtaining a key KB 1; 
transmitting, by each first entity, to a managing entity, a key generation parameter specific to each first entity in order to obtain a key KS 1”
can be simplified to recites “transmitting, by each first entity, to a managing entity, a key generation parameter specific to each first entity for obtaining a key KB 1 and key KS1; 

Claim 1 line 13 recites “a key generation function” should read as “the key generation function” to be consistence with key generation function recited in line 9 because it seems like the same key generation function is used for generating both keys KB1 and KS1.
Claim 1 line 16-18 recites “wherein a request for obtaining the key KS 1 and a response to said request are encrypted using the key KB 1 memorised by each first entity and regenerated by the managing entity using the second secret held by the managing entity, said key generation parameter specific to each first entity and said key generation function” There are few issues with above limitation.
1. 	its not clear who is sending the request for obtaining the key KS1. It seems like the request for obtaining the first key is sent by an entity other than first entity, since the first entity already have both keys KS1 and KB1.Furthermore if the request is submitted by an entity other than the first entity, then the other should have the KB! for encrypting the request. Therefore, the claim needs to have a step in which KB1 is transmitted to the other entity so that it can obtain KS1 by sending an encrypted request using KB1.
2.	the term “memorised” should be changed to “stored or storing”
3.	the term “regenerated by the managing entity…..” the examiner suggest to clarify which key is regenerated by managing entity KB1 or KS1. Furthermore “regenerating” step should be a separate limitation because its an active step performed by managing entity and is not linked with previous limitation of encrypted request and response for KS1. the limitation should read as 
“regenerating by the managing entity key KB1 (or KS1 ) using the second secret held by the managing entity, said key generation parameter specific to each first entity and said key generation function”
claim 1 line 20-22 recites “generating, by each first entity, a derived key DKS1, said derived key DKS1 being generated with a derivation function and using the key KS 1 and at least one derivation parameter” should read as “generating, by each first entity, a derived key DKS1, wherein said derived key DKS1 is 
claim 1 line 23 recites “said derivation parameter” should read as “said at least one derivation parameter” to be consistence with previous limitation
Claim 1 line 25-26 recites “generating the key KS1, by the second entity, to obtain the derived key DKS1, using the derivation parameter and the derivation function” should read as “generating, by the second entity the key KS1, at least one derivation parameter and the derivation function” to be consistence with previous limitation. Furthermore the key KS1 has been already generated by the managing entity and transmitted to the first entity, if the same key KS1 is generated by the second entity then the limitation should read as “regenerating the key KS1……”
Claim 1 line 2 recites “key generation parameter” and line 22 “at least one derivation parameter” the examiner suggests to clarify if the derivation parameter and generation parameter are same. 
Claim 1 line 9 recites “key generation function” and line 22 recites “a derivation function” the examiner suggest to clarify if generation function and derivation function correspond to same purpose.
Claim 1 last 5 limitation recites “-” before each limitation. The examiner suggests to delete “-” before each limitation as the steps in the claim can be organized without “-”
claim 1 line 27-28 recites “encrypting by the first entity” should read as “encrypting by each first entity of one or more first entities” as previously recited. Similar remarks for other such limitation in the claim.
claim 1 4th last limitation recites “aggregating in a message” and 7th last limitation recites “aggregating…..to a message” the examiner suggest to clarify if the message recited in both limitation is same message. If both the messages are different than the 4th last limitation should read as “aggregating in a second message” 
Claim 3 recites “memorizing” should read as “storing”
Claim 5 recites “said derivation parameter” should read as “said at least one derivation parameter” as recited in claim 1.
Claim 5 recites “said first entity” should read as “said each first entity of one or more entities” as previously recited in claim 1.
Claim 8 recites “at the same time” should read as “at [[the]] same time”. Furthermore, the examiner suggests to clarify when does authentication of each first entity is performed because the transmission of key generation parameter is dependent on an authentication request.
Claim 9 recites “the transmission of a public key” should read as “[[the]] transmission of a public key”
Claim 9 recites “memorised” should read as “stored”
Claim 9 recites “said first entity” should read as “said each first entity”
Claim 9 last 2 lines recites “the key KB 1 thus being encrypted using said public key, by the managing entity, prior to the transmission thereof to said first entity” should read as “encrypting by the managing entity the key KB1 before transmitting to each first entity of one or more first entities”
Claim 10 and 11 recites “first entity” should read as “each first entity” as previously recites in the claim 1.
Claim 12 line 2-4 recites “said first and second entities” should read as “said at least one first entity” and “said at least one second entity” as previously recited on line 1-2 of the claim. 
Claim 12 line 5 recites “comprises” should read as “comprises:”
Claim 12 line 7 and 9-10 recites “each first entity” line 1-2 recites “at least one first entity”, should read as “the at least one first entity” the examiner suggests to be consistence with terms used in the claim. 
Claim 12 line 9-10 recites “a key generation parameter” and line 7 recites “a key generation parameter” line 9-10 should read as “the key generation parameter” to maintain consistence.
Claim 12 line 11 recites “memorizes” should read as “stores”
Claim 12 line 13 recites “the first entity” should read as “the at least one first entity” as previously recited in the claim.
Claim 12 line 15 recites “each first entity” should read as “the at least one first entity”
Claim 12 the limitation on line 16-17 “a program for transmitting aggregated encrypted data…..for …..DKS1” should be before the limitation of “a program for generating a derived key DKS1…..” on line 14-15 because the data is transmitted first to generated the derived key DSK1 not vice versa. 
Claim 12 line 18 recites “each second entity” should read as “the at least one second entity” as previously recited in the claim.
Claim 12 line 20 recites” the first entity” and “the second entity” should read as “the at least one first entity” and “the at least one second entity” as previously recited in the claim.
Claim 12 recites “regenerating the key KS1” and “regenerating the key DKS1” the examiner suggests to clarify which entity performs the above regenerating steps and the need of performing it.  
Claim 14-16 recites “the system according to claim 12” should read as “the secure system according to claim 12” because claim 12 is directed towards secure system.
Claim 16 recites “each first and second entity” should read as “the at least one first and second entity” as previously recited in claim 12.
CLAIM INTERPRETATION

The following is a quotation of 35 U.S.C. 112(f):
(f) Element in Claim for a Combination. – An element in a claim for a combination may be expressed as a means or step for performing a specified function without the recital of structure, material, or acts in support thereof, and such claim shall be construed to cover the corresponding structure, material, or acts described in the specification and equivalents thereof. 

The following is a quotation of pre-AIA  35 U.S.C. 112, sixth paragraph:
An element in a claim for a combination may be expressed as a means or step for performing a specified function without the recital of structure, material, or acts in support thereof, and such claim shall be construed to cover the corresponding structure, material, or acts described in the specification and equivalents thereof.

The claims in this application are given their broadest reasonable interpretation using the plain meaning of the claim language in light of the specification as it would be understood by one of ordinary skill in the art.  The broadest reasonable interpretation of a claim element (also commonly referred to as a claim limitation) is limited by the description in the specification when 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, is invoked. 

As explained in MPEP § 2181, subsection I, claim limitations that meet the following three-prong test will be interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph:
(A)	the claim limitation uses the term “means” or “step” or a term used as a substitute for “means” that is a generic placeholder (also called a nonce term or a non-structural term having no specific structural meaning) for performing the claimed function; 
(B)	the term “means” or “step” or the generic placeholder is modified by functional language, typically, but not always linked by the transition word “for” (e.g., “means for”) or another linking word or phrase, such as “configured to” or “so that”; and 
(C)	the term “means” or “step” or the generic placeholder is not modified by sufficient structure, material, or acts for performing the claimed function. 

Use of the word “means” (or “step”) in a claim with functional language creates a rebuttable presumption that the claim limitation is to be treated in accordance with 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph. The presumption that the claim limitation is interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, is rebutted when the claim limitation recites sufficient structure, material, or acts to entirely perform the recited function. 

Absence of the word “means” (or “step”) in a claim creates a rebuttable presumption that the claim limitation is not to be treated in accordance with 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph. The presumption that the claim limitation is not interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, is rebutted when the claim limitation recites function without reciting sufficient structure, material or acts to entirely perform the recited function. 
Claim limitations in this application that use the word “means” (or “step”) are being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, except as otherwise indicated in an Office action. Conversely, claim limitations in this application that do not use the word “means” (or “step”) are not being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, except as otherwise indicated in an Office action.

This application includes one or more claim limitations that do not use the word “means,” but are nonetheless being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, because the claim limitation(s) uses a generic placeholder that is coupled with functional language without reciting sufficient structure to perform the recited function and the generic placeholder is not preceded by a structural modifier.  Such claim limitation(s) is/are: A secure systemin claim 12.

Claim limitation(s) “A secure system” of claims 12 gives their broadest reasonable interpretation of the claim elements with a limited description in the specification. The examiner notes that A system comprises first and second entity having a memory module as hardware structure and the entities are smartphone, table computer etc. See spec [page 8 line 5-20]. Accordingly claims 12 invoke 35 U.S.C. 112 (f) or sixth paragraph, but the corresponding structure is described.

Because these claim limitation(s) are being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, they are being interpreted to cover the corresponding structure described in the specification as performing the claimed function, and equivalents thereof.

If applicant does not intend to have this/these limitation(s) interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, applicant may:  (1) amend the claim limitation(s) to avoid it/them being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph (e.g., by reciting sufficient structure to perform the claimed function); or (2) present a sufficient showing that the claim limitation(s) recite(s) sufficient structure to perform the claimed function so as to avoid it/them being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph.


Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.


The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.


Claim 11 recites the limitation " ……an expiry date of the key generated by the first entity”.  There is insufficient antecedent basis for this limitation in the claim. its not clear which key is generated by the first entity and has an expiry date. Furthermore, its not clear if “the key” refers to derived key DKS1 generated by the first entity in claim 1. Appropriate correction is required.
Claim 14 recites “the initialization of the known secret of each second entity”. There is insufficient antecedent basis for this limitation in the claim.

                                               Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The factual inquiries for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.

The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1-3, 5-6, and 8-10 are rejected under 35 U.S.C. 103 as being unpatentable over Mansour et al (hereinafter Mansour) (US 20170149740) in view of Le Saint et al (hereinafter Le Saint) (US 20180375663) in view of Le Saint et al (hereinafter Eric) (US 20120144193) and further in view of LIU et al (hereinafter LIU) (US 20160127331).

Regarding claim 1 Mansour teaches A secure communication method between at least one first entity and at least one second entity with a communication link in at least one network comprising: (Mansour on [0010] teaches method for securing communications between a first computer and a second computer over a communications network);
generating, by each first entity, a derived key DKS1, said derived key DKS1 being generated with a derivation function and using the key KS 1 and at least one derivation parameter (Mansour on [0011, 0100-0101 and claim 3] teaches first computer (i.e. first entity) generating symmetric key (i.e. derived key DKS1) by symmetric encryption algorithms such as AES-256 and 3DES (i.e. derivation function), shared secret (i.e. key KS1) and variable datum (i.e. derivation parameter), wherein shared secret may be a key and variable datum may be a nonce or seed [0025-0026]);
aggregating, by each first entity, said derivation parameter to a message intended for the second entity (Mansour Fig 5 block 420G and text on [0122 and 0131] teaches first computer (i.e. first entity) generate a request data packet (i.e. message intended for second entity, since the request data packet is transmitted to second computer) containing nonce 320G (i.e. random number as derivation parameter));
2 4877-1248-5916.v1PABST, et al. - 16/771,524 Attorney Docket: 022044-0513560encrypting, by the first entity, using a symmetric encryption algorithm, a content using the derived key DKS1 specific to the first entity (Mansour on [0010] teaches first computer (i.e. first entity) may be an authorization entity computer (i.e. first entity) for encrypting data packet with symmetric key (i.e. DKS1). See on [0114] teaches the first computer may encrypt data block 340 using symmetric key (DKS1). See on [0144] taches the symmetric key derived by the first computer (i.e. specific to first entity). See on [0169] teaches the symmetric key may be derived by taking the Entity ID OR'ed with SequenceNo and taking the result XOR'ed with the value stored in the cache (i.e. key for specific entity));
aggregating, in a message by the first entity, the encrypted content with the key generation parameter specific to the first entity (Mansour on [0124 and 0131] teaches first computer (i.e. first entity) generate a request data packet having the data block 340 (i.e. encrypted data content) and device ID 320B (i.e. key generation parameter), wherein data block 340 is encrypted with symmetric key);
and decrypting, by the second entity, the encrypted content of the message received, using the derived key DKS1 (Mansour on [0010] teaches extracting, by the second computer, the symmetric key from the control block and decrypting, by the second computer, the encrypted data block with the extracted symmetric key. See on [0138 and 0147] teaches the second computer may then decrypt the encrypted data block 340 with the extracted symmetric key 320E. The second computer may decrypt data block 340 based on the algorithm indicated in symmetric algorithm type 320H).
Although Mansour teaches determining derived key using private key and the request and response data in an encrypted format communicated between first and second computer, but fails to explicitly teach transmitting, by each first entity, to a managing entity, a key generation parameter specific to each first entity for obtaining a key KB1,  transmitting, by each first entity, to a managing entity, a key generation parameter specific to each first entity in order to obtain a key KS1, generating by the managing entity one or more keys KS1 specific to one or more first entities, using a first secret, said key generation parameter and a key generation function, wherein said first secret is held by the managing entity, generating by the managing entity one or more keys KB 1 specific to one or more first entities, using a second secret, said key generation parameter specific to each first entity and a key generation function, wherein said second secret is held by the managing entity, supplying, by the managing entity, each key KS 1 to each first entity, supplying, by the managing entity, each key KB 1 to each first entity,  erasing, in a memory of said managing entity, each key KB1, wherein a request for obtaining the key KS1 and a response to said request are encrypted using the key KB 1 memorised by each first entity and regenerated by the managing entity using the second secret held by the managing entity, said key generation parameter specific to each first entity and said key generation function, generating the key KS1, by the second entity, to obtain the derived key DKS1, using the derivation parameter and the derivation function, and determining, by the second entity, said derived key DKS 1 specific to the first entity using said key generation parameter specific to the first entity, the first secret known by the second entity and the key generating function, however Le Saint from analogous art teaches 
transmitting, by each first entity, to a managing entity, a key generation parameter specific to each first entity for obtaining a key KB1 (Le Saint on [0209] teaches the client computer (i.e. first entity) transmits encrypted client data that can be used to identify and track client by authorized entity (client identifier i.e. key generation parameter specific to the client to derive first and second session key equivalent to KS1 and KB1 in view of [0213 and 0224]));
 transmitting, by each first entity, to a managing entity, a key generation parameter specific to each first entity in order to obtain a key KS1 (Le Saint on [0209] teaches the client computer (i.e. first entity) transmits encrypted client data that can be used to identify and track client (client identifier i.e. key generation parameter specific to the client to derive first and second session key equivalent to KS1 and KB1 in view of [0213 and 0224]));
generating by the managing entity one or more keys KS1 specific to one or more first entities, using a first secret, said key generation parameter and a key generation function, [[wherein said first secret is held by the managing entity]] (Le Saint on [0213] teaches the server computer (i.e. managing entity) can determine the first session key (i.e. one or more keys KS1) using a key derivation function (“KDF”) based on the first intermediate shared secret (i.e. first secret), the server identifier (“ID_s”), and the client identifier (i.e. key generation parameter));
 generating by the managing entity one or more keys KB 1 specific to one or more first entities, using a second secret, said key generation parameter specific to each first entity and a key generation function, [[wherein said second secret is held by the managing entity]] (Le Saint on [0224] teaches the server computer can determine a second session key (i.e. one or more keys KB1) using a key derivation function (i.e. key generation function) based on the second intermediate shared secret (i.e. second secret), the server identifier for this communication session, and the client identifier (i.e. key generation parameter) for this session);
 erasing, in a memory of said managing entity, each key KB1 (Le Saint on [0226] teaches the server computer can zeroize (i.e. erase) the second session key);
[[wherein a request for obtaining the key KS1 and a response to said request are encrypted using]] the key KB 1 memorised by each first entity and regenerated by the managing entity using the second secret held by the managing entity, said key generation parameter specific to each first entity and said key generation function (Le Saint on [0224] teaches the server computer can determine a second session key (i.e. Broadly interpreted as  one or more keys KB1’s are regenerated by the managing entity because the client generates the session key and the same session keys are regenerated by the server. See the objection above to clarify the limitation) using a key derivation function (i.e. key generation function) based on the second intermediate shared secret (i.e. second secret), the server identifier for this communication session, and the client identifier (i.e. key generation parameter) for this session. See on [0055 and 0058] teaches the client computer generates the first session key using a key derivation function based on the shared secret, an identifier of the server computer. The server computer 280 may also may determine the same first session key (i.e. regenerating the key) determined by the client computer 240 using a key derivation function based on the shared secret, an identifier of the server computer 280, and an identifier of the communication session).
Thus, it would have been obvious to one ordinary skill in the art before the effective filing date to implement the teaching of Le Saint into the teaching of Mansour by generating first and second session key based on key generation function, key generation parameter and shared secret and erasing the generated session key from the memory after performing operation based on the generated session keys. One would be motivated to do so in order to perform secure authentication based on session keys generated based on the client identifier in order to perform secure communication between different entities (Le Saint on [0001]).

The combination of Mansour and Le saint fails to explicitly teach supplying, by the managing entity, each key KS 1 to each first entity, supplying, by the managing entity, each key KB 1 to each first entity, generating the key KS1, by the second entity, to obtain the derived key DKS1, using the derivation parameter and the derivation function and determining, by the second entity, said derived key DKS 1 specific to the first entity using said key generation parameter specific to the first entity, the first secret known by the second entity and the key generating function, however Eric from analogous art teaches wherein said first and second secret is held by the managing entity (Eric on [0049 and 0076] teaches second computer storing shared secret for initializing).
generating the key KS1, by the second entity, to obtain the derived key DKS1, using the derivation parameter and the derivation function (Eric on [0060 and 0070] teaches SAM host (i.e. second entity) generates ephemeral public key (i.e. KS1) to derive session key (i.e. DKS1) using key derivation function and OTID identifier);
determining, by the second entity, said derived key DKS 1 specific to the first entity using said key generation parameter specific to the first entity, the first secret known by the second entity and the key generating function (Eric on [0070] teaches SAM host (i.e. second entity) determines session keys (i.e. derived key DSK1) by applying key derivation function KDF (i.e. key generation function) using shared secret Z, ephemeral public key (Q.sub.eh i.e. KS1) client OTID (i.e. key generation parameter)).
Thus, it would have been obvious to one ordinary skill in the art before the effective filing date to implement the teaching of Eric into the combined teaching of Mansour and Le Saint by determining by the second computer a key in received packet based on key generation parameter and shared secret to perform secure communication. One would be motivated to do so in order to perform secure authentication of the requesting device based on session keys generated in order to perform secure communication between different entities (Eric on [0010-0012]).

	Although the combination of Mansour, Le Saint and Eric teaches generating first and second session key (i.e. key KS1 and KB1) and transmitting the requested key in an encrypted packet, but fails to explicitly teach supplying, by the managing entity, each key KS 1 to each first entity, supplying, by the managing entity, each key KB 1 to each first entity, wherein a request for obtaining the key KS1 and a response to said request are encrypted using]] the key KB1, however LIU from analogous art teaches supplying, by the managing entity, each key KS 1 to each first entity (LIU on [0075] teaches the server sends encrypted first session key to the peripheral device);
 supplying, by the managing entity, each key KB 1 to each first entity (LIU on [0083] teaches in response to the session request, the server generates a second session key different from the first session key. The server (i.e. managing entity) then sends the second session key to the peripheral device (i.e. first entity));
wherein a request for obtaining the key KS1 and a response to said request are encrypted using]] the key KB1memorised by each first entity (LIU on [0080] teaches the server receives first communication (i.e. response ) that is sent from the peripheral device via the control device and encrypted with the first session key by the peripheral device. See on [0089] teaches the server receives a key updating request that is encrypted with the first session key and sent from the peripheral device via the control device, the key request including an updated encryption key corresponding to the predetermined device ID, and the key updating request is accompanied by the predetermined device ID of the peripheral device);
 sending, by the first entity, the message directly to the second entity (LIU Fig 1 and text on [0033] teaches the peripheral device (i.e. first entity direct communication with second entity) encrypts communication data by using the second key to obtain encrypted communication data, and transmits the encrypted communication data to the client (i.e. second entity)).

Thus, it would have been obvious to one ordinary skill in the art before the effective filing date to implement the teaching of LIU into the combined teaching of Mansour, Le Saint and Eric by sending the first and second session keys to the requesting device based on encrypted request. One would be motivated to do so in order to establish encrypted communication between plurality of devices in a network to securely transmit private data between each other (LIU on [0004-0006]). 

Regarding claim 2 the combination of Mansour, Le Saint, Eric and LIU teaches all the limitations of claim 1 above, Mansour further teaches further comprising a step of sending a response to the message, encrypted by the symmetric encryption algorithm using the first key KS1 and/or an additional step of erasing the key KS1 in a memory of the second entity (Mansour on [0139-0141] teaches the second computer may then generate a response data packet 400 to return to the first computer. The second computer may include in response data packet 400 the leader block 410 comprising entity name 410A, zone 4108, and control block encryption type 410C. The entity name 410A and zone 410B in leader block 410 may be echoed from those in leader block 310 of request data packet 300. The second computer may also encrypt control block 420 using encryption key 450. In some cases, the second computer may derive encryption key 450 by computing Hash(Symmetric Key.parallel.Entity Name.parallel.Zone), where the symmetric key is symmetric key 320E received in request data packet 300. The second computer may include information indicating the symmetric encryption type utilized to encrypt control block 420 in control block encryption type 410C. See on [0100-0102] teaches request and response packet including symmetric algorithm).
Regarding claim 3 the combination of Mansour, Le Saint, Eric and LIU teaches all the limitations of claim 1 above, Eric further teaches further comprising a prior step of initializing each second entity comprising a memorizing of said first secret (Eric on [0049 and 0076] teaches second computer storing shared secret for initializing).
Thus, it would have been obvious to one ordinary skill in the art before the effective filing date to implement the teaching of Eric into the combined teaching of Mansour and Le Saint by storing the shared secret in second entity. One would be motivated to do so in order to perform secure authentication of the requesting device based on session keys generated in order to perform secure communication between different entities (Eric on [0010-0012]).

Regarding claim 5 the combination of Mansour, Le Saint, Eric and LIU teaches all the limitations of claim 1 above, Mansour further teaches wherein said derivation parameter comprises at least one random key generated by said first entity (Mansour on [026] teaches a variable datum i.e. derivation parameter is random value).
Regarding claim 6 the combination of Mansour, Le Saint, Eric and LIU teaches all the limitations of claim 1 above, Mansour further teaches wherein transmitting the key generation parameter for the key KS1 and of supplying said key KS1 are carried out by sending a request for obtaining the key and a response to said request (Mansour Fig 3-4 and text on [0140-0142] teaches first computer sends request data packet containing keys parameters shared secret random value etc. and the second computer receives the request data packet and generated a respond data packet 400);
 wherein each first entity is in a communication link with the managing entity in said network (Mansour on [0058] teaches an authorization entity web application server 112 (i.e. managing entity) in communication with an authorization entity backend server 114 and a service provider computer 116. The authorization entity backend server 114 and service provider computer 116 may be in communication with a processor server computer 118. The processor server computer 118 may provide tokenization services and may also be known as a token service computer or token service provider computer).
Regarding claim 8 the combination of Mansour, Le Saint, Eric and LIU teaches all the limitations of claim 1 above, Le Saint further teaches wherein the transmission by each first entity, to the managing entity, of the key generation parameter specific to each first entity for obtaining the third key is carried out at the same time as an authentication of each first entity with the managing entity (Le Saint on [0209-0212] teaches the client computer can transmit the encrypted client data (i.e. having client identifier used by the server to compute session key ) and blinded client public key (i.e. authentication request because server performs authentication based on the blinded public key) same time  to the server computer (i.e. managing entity)).
Thus, it would have been obvious to one ordinary skill in the art before the effective filing date to implement the teaching of Le Saint into the teaching of Mansour by sending the key generation parameter along with authentication request to the managing entity. One would be motivated to do so in order to perform secure authentication based on session keys generated based on the client identifier in order to perform secure communication between different entities (Le Saint on [0001]).

Regarding claim 9 the combination of Mansour, Le Saint, Eric and LIU teaches all the limitations of claim 1 above, Mansour further teaches said public key and the corresponding private key being memorized by said first entity (Mansour on [0152] teaches one storing a particular private key corresponding to a particular public key);
 Le Saint teaches wherein the transmission by each first entity, to the managing entity, of the key generation parameter specific to each first entity for obtaining the key KB1 is carried out jointly with the transmission of a public key (Le Saint on [0209-0212] teaches the client computer can transmit the encrypted client data (i.e. having client identifier used by the server to compute session key ) and blinded client public key same time  to the server computer (i.e. managing entity)).
Thus, it would have been obvious to one ordinary skill in the art before the effective filing date to implement the teaching of Le Saint into the teaching of Mansour by sending the key generation parameter for generating key jointly with public key. One would be motivated to do so in order to perform secure authentication based on session keys generated based on the client identifier in order to perform secure communication between different entities (Le Saint on [0001]).

The combination Mansour, Le Saint, Eric and the cited portion LIU fails to explicitly teach the third key thus being encrypted using said public key, by the managing entity, prior to the transmission thereof to said first entity, however LIU on different portion teaches the third key thus being encrypted using said public key, by the managing entity, prior to the transmission thereof to said first entity (LIU on [0028-0029 and 0051] teaches encrypting the second key using the first key. See also on [0084] teaches encrypting first and second session key using the pre-stored key).
Thus, it would have been obvious to one ordinary skill in the art before the effective filing date to implement the teaching of LIU cited on different portion into the combined teaching of Mansour, Le Saint and Eric by sending the first and second session keys to the requesting device based on encrypted request and encrypting the first and second session key. One would be motivated to do so in order to establish encrypted communication between plurality of devices in a network to securely transmit private data between each other (LIU on [0004-0006]). 

Regarding claim 10 the combination of Mansour, Le Saint, Eric and LIU teaches all the limitations of claim 1 above, Mansour further teaches wherein said at least one key generation parameter specific to the first entity comprises at least one identifier of said first entity (Mansour Fig 4 block 320 and text on [0023] teaches a request data packet 300 (i.e. message) with at least on entity device ID (i.e. key generation parameter)).
Regarding claim 11 the combination of Mansour, Le Saint, Eric and LIU teaches all the limitations of claim 10 above, LIU teaches wherein said at least one key generation parameter specific to the first entity further comprises an expiry date of the key generated by the first entity (LIU on [0029 and 0069] teaches key valid for certain period of time and expires when session ends).
Thus, it would have been obvious to one ordinary skill in the art before the effective filing date to implement the teaching of LIU into the combined teaching of Mansour, Le Saint and Eric by having a key which expires after certain period of time. One would be motivated to do so in order to establish encrypted communication between plurality of devices in a network to securely transmit private data between each other based on dynamic key which is only valid for specific session (LIU on [0004-0006]). 


Claims 12 and 14-16 are rejected under 35 U.S.C. 103 as being unpatentable over Mansour et al (hereinafter Mansour) (US 20170149740) in view of Le Saint et al (hereinafter Le Saint) (US 20180375663) and further in view of Buckley et al (hereinafter Buckley) (US 20130182843).

Regarding claim 12 Mansour teaches A secure system for exchanging data between at least one first entity and at least one second entity with a communication link in at least one network (Mansour on [0010] teaches system for securing communications between a first computer and a second computer over a communications network);
 said first and second entities each comprising a calculation module, a memory module and a network communication interface, the secure system comprising said first and second entities and a managing entity, wherein said managing entity comprises (Mansour on [0014] teaches computer (i.e. first and second computer) having memory (i.e. memorizing) for storing instruction (i.e. Program). See on [0064] teaches network interface (e.g., by an external communication interface). See on [0135] teaches the first computer may send, over a communications network, request data packet 300 to the second computer. See Fig 2 teaches first and second computer in communication with backend server 114 (i.e. managing entity). See on [0111] teaches hash algorithm 320I may indicate the hash algorithm utilized for signature calculation (i.e. calculation module));
a program for generating a derived key DKS 1 from a derivation parameter specific to each first entity and the key KS1 (Mansour on [0011, 0100-0101 and claim 3] teaches first computer (i.e. first entity) generating symmetric key (i.e. derived key DKS1) by symmetric encryption algorithms such as AES-256 and 3DES (i.e. derivation function), shared secret (i.e. key KS1) and variable datum (i.e. derivation parameter), wherein shared secret may be a key and variable datum may be a nonce or seed [0025-0026]); 
a program for transmitting aggregated encrypted data with at least a parameter specific to the first entity allowing for a generation of the derived key DKS1 (Mansour Fig 3-4 and text on [0080-0085 and 0095-0097] teaches request and response packet containing the encrypted data along with specific parameter such as type of algorithm, nonce entity identifier for generating symmetric key. See on [0011, 0100-0101 and claim 3] teaches first computer (i.e. first entity) generating symmetric key (i.e. derived key DKS1) by symmetric encryption algorithms such as AES-256 and 3DES (i.e. derivation function), shared secret (i.e. key KS1) and variable datum (i.e. derivation parameter), wherein shared secret may be a key and variable datum may be a nonce or seed [0025-0026]); 
and a program for encrypting and decrypting data using said derived key DKS 1 and a symmetric encryption algorithm (Mansour on [0014] teaches computer (i.e. first and second computer) having memory (i.e. memorizing)  for storing instruction (i.e. Program). See on [0010] teaches first computer may be an authorization entity computer (i.e. first entity) for encrypting data packet with symmetric key and decrypting, by the second computer, the encrypted data block with the extracted symmetric key. See on [0011] teaches the symmetric key may be a first symmetric key. See on [0133] teaches the first computer may encrypt data block 340 using symmetric key).
	Mansour fails to teach 4877-1248-5916.v1PABST, et al. - 16/771,524 Attorney Docket: 022044-0513560and wherein the memory module of each first entity memorizes: a program for transmitting aggregated encrypted data with at least a parameter specific to the first entity allowing for a generation of the key KS1, and wherein the memory module of each second entity memorizes: a program for regenerating the key KS1 using said key generation parameter specific to the first entity and the second secret known by the second entity, wherein the first secret is held by the managing entity, wherein the second secret is held by the managing entity, a program for regenerating the key DKS 1 using said key derivation parameter specific to the first entity and the key KS1, however Le Saint form analogous art teaches a program for generating a key KS1 from a key generation parameter specific to each first entity and a first secret, [[wherein the first secret is held by the managing entity]] (Le Saint on [0213] teaches the server computer (i.e. managing entity) can determine the first session key (i.e. one or more keys KS1) using a key derivation function (“KDF”) based on the first intermediate shared secret (i.e. first secret), the server identifier (“ID_s”), and the client identifier (i.e. key generation parameter));
a program for generating a key KB 1 from a key generation parameter specific to each first entity and a second secret, [[wherein the second secret is held by the managing entity]] (Le Saint on [0224] teaches the server computer can determine a second session key (i.e. one or more keys KB1) using a key derivation function (i.e. key generation function) based on the second intermediate shared secret (i.e. second secret), the server identifier for this communication session, and the client identifier (i.e. key generation parameter) for this session);
 4 4877-1248-5916.v1PABST, et al. - 16/771,524Attorney Docket: 022044-0513560and wherein the memory module of each first entity memorizes: a program for transmitting aggregated encrypted data with at least a parameter specific to the first entity allowing for a generation of the key KS1 (Le Saint on [0209] teaches the client computer (i.e. first entity) transmits encrypted client data that can be used to identify and track client by authorized entity (client identifier i.e. key generation parameter specific to the client to derive first and second session key equivalent to KS1 and KB1 in view of [0213 and 0224]));
 and wherein the memory module of each second entity memorizes: a program for regenerating the key KS1 using said key generation parameter specific to the first entity and the second secret known by the second entity (Le Saint on [0224] teaches the server computer can determine a second session key (i.e. keys KS1 are regenerated by the managing entity because the client generates the session key and the same session keys are regenerated by the server) using a key derivation function (i.e. key generation function) based on the second intermediate shared secret (i.e. second secret), the server identifier for this communication session, and the client identifier (i.e. key generation parameter) for this session. See on [0055 and 0058] teaches the client computer generates the first session key using a key derivation function based on the shared secret, an identifier of the server computer. The server computer 280 may also may determine the same first session key (i.e. regenerating the key) determined by the client computer 240 using a key derivation function based on the shared secret, an identifier of the server computer 280, and an identifier of the communication session).
Thus, it would have been obvious to one ordinary skill in the art before the effective filing date to implement the teaching of Le Saint into the teaching of Mansour by generating first and second session key based on key generation function, key generation parameter and shared secret and regenerating the key by second entity using the same secret. One would be motivated to do so in order to perform secure authentication based on session keys generated based on the client identifier in order to perform secure communication between different entities (Le Saint on [0001]).

Although the combination of Mansour and Le Saint teaches first and second computer generating keys based on shared secret (i.e. Le Saint) and symmetric key is determined by the second entity for decryption (i.e. taught by Mansour), but fails to explicitly teach storing the first and second secret and regenerating the DSK1 based on derivation parameter and the key SK1, however Buckley teaches wherein the first secret is held by the managing entity, wherein the second secret is held by the managing entity (Buckley on [0035-0037] teaches each entity assigned with unique secret stored in a secure database);
a program for regenerating the key DKS 1 using said key derivation parameter specific to the first entity and the key KS1 (Buckley on [0019-0020] teaches the key management service KMS including stored instruction for regenerating traffic encryption key (TEK) key using CS identifier (i.e. key derivation parameter), nonce value and TGK key (i.e. key KS1)).

Thus, it would have been obvious to one ordinary skill in the art before the effective filing date to implement the teaching of Buckley into the combined teaching of Mansour and Le Saint by storing the shared secret of each entities and regenerating the decryption key for decrypting the packet. One would be motivated to do so in order to provide secure communication between different entities based on discarding the keys used in encryption and re-generating the same key based on the same parameter when its requited (Buckley on [0003-0005]).

Regarding claim 14 the combination of Mansour, Le Saint and Buckley teaches all the limitations of claim 12 above, Le Saint further teaches wherein the managing entity comprising a program for initializing each second entity comprising the initialization of the first known secret of each second entity (Le Saint on [0044] teaches the client computer 140 can transmit a request message to the server  to initiate the establishment of secure communication.  The client computer 140 may encrypt the identification data of the response message using the shared secret (i.e. initialization of shared secret) to obtain encrypted identification data).
Thus, it would have been obvious to one ordinary skill in the art before the effective filing date to implement the teaching of Le Saint into the teaching of Mansour by initializing the shared secret to initialize the one or more entities requesting communication. One would be motivated to do so in order to perform secure authentication based on session keys generated based on the client identifier in order to perform secure communication between different entities (Le Saint on [0001]).
Regarding claim 15 the combination of Mansour Le Saint and Buckley teaches all the limitations of claim 14 above, Le Saint further teaches further comprising a plurality of second entities organized into at least one batch, in such a way as to access the same resource by the same batch of second entities that share the same secret (Le Saint on [0029] teaches the first and second computer share the same shared secret. The first computer and the second computer may both use the shared secret to generate a session key. See on [0040 and 0065] teaches the first and the second computer generate and share the same secret for generating session key (i.e. to access same resource) for encrypting communication. See on [0044-0045] teaches the client computer encrypts identification data using shared secret and the server computer decrypts the identification data using the shared secret (i.e. having access to same resource using same shared secret)).
Thus, it would have been obvious to one ordinary skill in the art before the effective filing date to implement the teaching of Le Saint into the teaching of Mansour by using the same shared secret to access resource within communication network. One would be motivated to do so in order to perform secure authentication based on shared secret between different entities communicating in a network in order to perform secure communication between different entities (Le Saint on [0001]).

Regarding claim 16 the combination of Mansour Le Saint and Buckley teaches all the limitations of claim 12 above, Mansour further teaches wherein each first and second entity comprises a key derivation program according to at least one derivation parameter (Mansour Fig 4-5 block 320i, 320j, 420i and 420j teaches HMAC hash algorithm (i.e. key derivation program) and key value (i.e. parameter)).
Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. 
Conway et al (US 20190089529) is directed towards A cybersecurity system can be used to perform cryptographic operations such an encryption, decryption, hashing, calculating message authentication codes and for validating any of the above. A chip set of a computing device can be used to obtain and store cryptographic keys in a secure memory space that is encrypted and managed by the chip set. This secure memory space may be accessed by a processor of the chip set to perform functionality of a protected application such that content (e.g., cryptographic keys) and functionality of the application is inaccessible to other systems, devices, or applications. By utilizing the protected content, the chip set may perform secure cryptographic operations traditionally performed by hardware security modules in a more cost effective, scalable, and efficient manner.
DIMITRAKOS et al (US 20170288871) is directed towards a security system to provide access by a requester to an encrypted data object stored in an object store, the requester being authenticated by the object store, the method comprising: receiving, from the object store: the encrypted object having associated an object identifier; and an identifier of the requester; deriving a first cryptographic key to decrypt the object; deriving a second cryptographic key; re-encrypting the object based on the second key and communicating the re-encrypted object to the requester; wherein each of the first and second keys are based on the object identifier, the requester identifier and a secret key portion generated by the security system, the secret key portion being different for each of the first and second keys.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to MOEEN KHAN whose telephone number is (571)272-3522.  The examiner can normally be reached on 7AM-5PM EST M-TH Alternate Fridays.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Shewaye Gelagay can be reached on (571)272-4219.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.






/MOEEN KHAN/               Examiner, Art Unit 2436