DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

	Claims 1-20 as submitted on 5/5/22 were considered.  Claims 3 and 17 were amended and necessitated new rejections made below.

Response to Arguments
Applicant's arguments filed 5/5/22 have been fully considered but they are not persuasive. 
Regarding the arguments presented in the remarks filed on 5/5/22, the arguments are not persuasive because they all appear to be directed towards features which are not claimed or seem to be based on the opinion of counsel without evidence.  Features that are not claimed are irrelevant with respect to whether the unclaimed features are different from the art of record or not, because although the claims are interpreted in light of the specification, limitations from the specification are not read into the claims.  See In re Van Geuns, 988 F.2d 1181, 26 USPQ2d 1057 (Fed. Cir. 1993).  As to any arguments which relied upon the opinion of counsel, it is noted that the arguments of counsel cannot take the place of evidence in the record. In re Schulze, 346 F.2d 600, 602, 145 USPQ 716, 718 (CCPA 1965); In re Geisler, 116 F.3d 1465, 43 USPQ2d 1362 (Fed. Cir. 1997).


Claim Rejections - 35 USC § 102
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –

(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale, or otherwise available to the public before the effective filing date of the claimed invention.


Claim(s) 1-12, 15, and 17-20 is/are rejected under 35 U.S.C. 102(a)(1) as being anticipated by Harrison et al (GB 2467975).
Note that the Harrison reference was submitted by applicant with the IDS on 6/15/20.

Claim 1:
	Harrison discloses:
(i) either:
	transmitting a starting point of a one time pad; or receiving a starting point of a one time pad (paragraphs 12-13, 16, and 19-20; These limitations can refer to either the one time pad being previsioned or use of a head index to align the OTP’s one two different apparatuses.  The head index is a pointer or index to the head of a OTP); and 
(ii) forming a key from a plurality of bits from the one time pad (paragraphs 16 and 20; “…using the existing OTP data for the encrypting key…);
(iii) using the key to generate an authentication code (paragraph 18-20, 23, and 28; Sending, to a complementary apparatus, a data block from the top of the OTP and the head index, which are used by the complementary apparatus to search for a matching data block in its own OTP.  If found, then the complementary apparatus knows who it is communicating with.  Authentication can also be done by using the OTP in an authentication protocol where the OTP is used to generate hashes, where matching hashes used in a challenge-response authentication protocol authenticates two parties to each other).
(iv) receiving an authentication code (paragraph 18-20, 23, and 28).
(v) performing the authentication by comparing the generated authentication code with the received authentication code (paragraph 18-20, 23, and 28).
(vi) repeating steps (i) to (v) a plurality of times using a different plurality of bits from the one time pad (paragraphs 17-18 and 21; Each block of a one time pad is only used once and then discarded.  The next time the OTP is used, a next/different set of data block is used).

Claim 2:
	Harrison discloses:
 (i) either:
	transmitting a starting point of a one time pad; or receiving a starting point of a one time pad (paragraphs 12-13, 16, and 19-20; These limitations can refer to either the one time pad being previsioned or use of a head index to align the OTP’s one two different apparatuses.  The head index is a pointer or index to the head of a OTP); and 
(ii) forming a key from a plurality of bits from the one time pad (paragraphs 16 and 20; “…using the existing OTP data for the encrypting key…);
(iii) using the key to generate an authentication code (paragraph 18-20, 23, and 28; Sending, to a complementary apparatus, a data block from the top of the OTP and the head index, which are used by the complementary apparatus to search for a matching data block in its own OTP.  If found, then the complementary apparatus knows who it is communicating with.  Authentication can also be done by using the OTP in an authentication protocol where the OTP is used to generate hashes, where matching hashes used in a challenge-response authentication protocol authenticates two parties to each other).
(iv) transmitting authentication code (paragraph 18-20, 23, and 28).
(v) repeating steps (i) to (iv) a plurality of times using a different plurality of bits from the one time pad (paragraphs 17-18 and 21; Each block of a one time pad is only used once and then discarded.  The next time the OTP is used, a next/different set of data block is used).
Claims 3 and 17:
	Harrison further discloses in which the authentication code is generated by: using the key in a predetermined hash (paragraphs 21-25; OTP is used in any number of known/predetermined hash functions to form authentication codes).

Claims 4 and 18:
	Harrison further discloses including the step of recording a current start point in the one time pad, from which the plurality of bits is retrieved, and then updating the current start point to be the bit next following the retrieved bits in the one time pad (paragraphs 17, and 19-21; Head index is moved to the next data block in the OTP after the latest data block is used and discarded).

Claim 5:
	Harrison further discloses including the steps of, subsequent to generating the authentication code, forming an encryption key from a plurality of bits, different from those used to form the authentication code, from the one time pad and using the encryption key to encrypt a message (paragraphs 16-17 and 20; Each OTP data block is used one time and can be used either as an authentication code or encryption key).

Claim 6:
	Harrison further discloses in which the authentication code is transmitted in plaintext (paragraph 42).

Claims 7 and 19:
	Harrison further discloses in which the bits used to form the key are deleted automatically from the one time pad (paragraphs 17 and 21; Whenever data from the OTP is used, that used data is then discarded/deleted).

Claims 8 and 20:
	Harrison further discloses in which different length keys are formed in different iterations of steps (1) to (iil) and the key length is transmitted, as part of or in addition to the authentication code (paragraphs 16, 18, 23-24, 31-38 and 42; A OTP apparatus may hold multiple one time pads, thus the size of a data block of each separate OTP may be of different size.  Note also that a OTP may be used in different hashing or encryption algorithms where the key of algorithm may be of different sizes from each other).

Claim 9:
	Harrison further discloses in which the plurality of bits used to form the key is retrieved from a contiguous portion of the one time pad (paragraphs 20-21).

Claim 10:
Harrison discloses:
(i) a memory including a one time pad comprising a series of bits (paragraph 10, 17, and 21; OTP memory 13 containing a OTP consisting of a series of n-bit data blocks).
(ii) circuitry (Figure 1) arranged to:
	(a) receive a starting point of a one time pad (paragraphs 12-13, 16, and 19-20; These limitations can refer to either the one time pad being previsioned or use of a head index to align the OTP’s one two different apparatuses.  The head index is a pointer or index to the head of a OTP); 
	(b) retrieve a plurality of bits from the one time pad, wherein the first of the plurality of bits is at the starting point of the one time pad (paragraphs 17 and 19-21; Head index points to the start of the OTP).
(c) form a key from a plurality of bits (paragraphs 16 and 20; “…using the existing OTP data for the encrypting key…);
(d) use the key to generate an authentication code (paragraph 18-20, 23, and 28; Sending, to a complementary apparatus, a data block from the top of the OTP and the head index, which are used by the complementary apparatus to search for a matching data block in its own OTP.  If found, then the complementary apparatus knows who it is communicating with.  Authentication can also be done by using the OTP in an authentication protocol where the OTP is used to generate hashes, where matching hashes used in a challenge-response authentication protocol authenticates two parties to each other).
(e) repeat steps (a) to (c) a plurality of times using a different plurality of bits (paragraphs 17-18 and 21; Each block of a one time pad is only used once and then discarded.  The next time the OTP is used, a next/different set of data block is used).

Claim 11:
	Harrison further discloses wherein the circuitry is arranged to transmit the authentication code (Fig 1; paragraph 18-20, 23, and 28).

Claim 12:
	Harrison further discloses wherein the circuitry is arranged to receive an authentication code and to perform an authentication by comparing the generated authentication code with the received authentication code (paragraphs 18 and 28-37; A OTP data block could be exchanged directly as an authentication code or it could be used in a challenge-response authentication scheme that utilizes the OTP data block in on or more hash functions).

Claim 15:
	Harrison further discloses wherein the starting point in the one-time pad and a key length are generated automatically when the device receives a query across a network connection (paragraph 8).


Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claim 13 is/are rejected under 35 U.S.C. 103 as being unpatentable over Harrison et al (GB 2467975).
Claim 13:
	As per claim 13, Harrison further discloses including a serial shifter, wherein: the one time pad is loaded into the serial shifter; the bits forming the key are shifted from the serial shifter (paragraphs 17 and 21).  
Harrison does not disclose the serial shifter is a serial shift register and the bits left vacant by the shifting are populated with zeros, ones or a random or pseudo-random sequence of zeros and ones.  However, official notice is taken that serial shift registers where the bits left vacant by the shifting are populated with zeros, ones or a random or pseudo-random sequence of zeros and ones were well known in the art before the effective filing date of applicant’s claimed invention.  It would have been obvious to one of ordinary skill in the art to modify Harrison’s invention to utilize a serial shift register where the bits left vacant by the shifting are populated with zeros, ones or a random or pseudo-random sequence of zeros and ones in place of the OTP shifter Harrison disclosed.  The rationale for why it would be obvious is that doing so is nothing more than simple substitution of one known element for another (i.e. one type of OTP for another) to achieve predictable results, see KSR Int'l Co. v. Teleflex, Inc., 550 U.S. 398 (2007).

Claim 14 is/are rejected under 35 U.S.C. 103 as being unpatentable over Harrison et al (GB 2467975) in view of Lam et al (WO 2010/128451).
Claim 14:
	Harrison further discloses including a display (paragraph 8).  Harrison does not disclose, but Lam discloses the display configured to present the authentication code to a user on a display (abstract).
	Before the effective filing date of applicant’s claimed invention, it would have been obvious to one of ordinary skill in the art to modify Harrison’s invention using the teachings of Lam discussed.  One skilled would have been motivated to do so as it would allow the user to manually enter an authentication code in a user authentication system where manual entry of an authentication code was required.

Claim 16 is/are rejected under 35 U.S.C. 103 as being unpatentable over Harrison et al (GB 2467975) in view of Bailey et al (US 8,312,519).
Claim 16:
	Harrison further discloses a mobile device comprising the remote authentication device (Fig 1 and paragraph 4).  Harrison does not disclose, but Bailey disclose the mobile device being a smart card (col 15, lines 22-27; Smart card having OTP function).
Before the effective filing date of applicant’s claimed invention, it would have been obvious to one of ordinary skill in the art to modify Harrison’s invention such that the mobile device was a smart card.  The rationale for why it would be obvious is that done so is nothing more than simple substitution of one known element for another (i.e. one type of mobile form for another) to achieve predictable results, see KSR Int'l Co. v. Teleflex, Inc., 550 U.S. 398 (2007).



Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to PONNOREAY PICH whose telephone number is (571)272-7962. The examiner can normally be reached M-F 9am-5pm EST.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Farid Homayounmehr can be reached on 571-272-3739. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/PONNOREAY PICH/Primary Examiner, Art Unit 2495