DETAILED ACTION
This office action is in response to applicant’s claim amendments/arguments filed June 23, 2022. Claims 8-13 were withdrawn. Claims 1-7 and 14-20 are pending.
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Response to Arguments
Independent claims 1, 5, 14 have been amended to incorporate new limitations as the device channel information identifying the first device channel. Applicant’s amendment necessitated the new ground(s) of rejection. Hence, Applicant’s arguments have been considered but are moot in view of the new ground(s) of rejection. US 6,741,870 B1 (Holmstrom et al.)  is being introduced to address the newly added limitations. Holmstrom taught, “For secure operation: When two devices "initiate" communications with each other, they exchange unique communication channel IDs. If contact is lost, the devices attempt to re-establish communications. During this process, the communication channels are requested to authenticate the other party.” Col. 2, lines 26-35. Holmstrom’s communication channel ID for authentication corresponds to claimed device channel information identifying the first device channel.
Examiner’s Notes: To expedite the prosecution, examiner contacted the attorney of record, Attorney Evan F. Liebovitz to incorporate the allowable subject matter into the independent claims. However, Mr. Liebovitz didn’t agree and requested for an office action.
Applicant’s amendment to claims 14-15 is sufficient to overcome 35 USC § 112 (f) rejection set forth in previous office action. The examiner hereby withdraws 35 USC § 112 (f) rejection claims 14 and 15. However, a new 35 USC § 101 ground of rejection is made in this office action based on the applicant’s claim amendment. 

Claim Rejections - 35 USC § 101
35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.

Claims 14-20 are rejected under 35 U.S.C. 101 because the claimed invention is directed to non-statutory subject matter. The claims do not fall within at least one of the four categories of patent eligible subject matter because independent Claim 14 recites “A first device” but fails to positively recite any structural components, hardware features, or functional elements that are configured to perform. MPEP 2106.03 (I) dictates the Four Categories of Statutory Subject Matter where a machine (also known as a “device”) must be a “concrete thing, consisting of parts, or of certain devices and combination of devices.” Digitech Image Techs. v. Electronics for Imaging, 758 F.3d 1344, 1348, 111 USPQ2d 1717, 1719 (Fed. Cir. 2014). This category “includes every mechanical device or combination of mechanical powers and devices to perform some function and produce a certain effect or result.” Nuijten, 500 F.3d at 1355, 84 USPQ2d at 1501 (quoting Corning v. Burden, 56 U.S. 252, 267, 14 L. Ed. 683, 690 (1854)). As the courts’ definitions of machines, manufactures and compositions of matter indicate, a product must have a physical or tangible form in order to fall within one of these statutory categories. Digitech Image Techs. v. Electronics for Imaging, 758 F.3d 1344, 1348, 111 USPQ2d at 1719 (“For all categories except process claims, the eligible subject matter must exist in some physical or tangible form.”). Claim recites “one processor” but processor can be interpreted as software only under broadest reasonable interpretation. Therefore, claim 14 fails to provide the functional elements (hardware/machine components) necessary for “a device” to perform such functions and fails to fall into one of the four categories of statutory subject matter. 
Dependent Claim 15-20, which depends upon the device as claimed in claim 14, fails to positively recite any structural components, hardware features, or functional elements that would qualify as statutory subject matter. Therefore, claims 14-20 are also rejected under 35 U.S.C. 101 because the claimed invention is directed to non-statutory subject matter.

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

The factual inquiries for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or non-obviousness.
This application currently names joint inventors. In considering patentability of the claims the examiner presumes that the subject matter of the various claims was commonly owned as of the effective filing date of the claimed invention(s) absent any evidence to the contrary.  Applicant is advised of the obligation under 37 CFR 1.56 to point out the inventor and effective filing dates of each claim that was not commonly owned as of the effective filing date of the later invention in order for the examiner to consider the applicability of 35 U.S.C. 102(b)(2)(C) for any potential 35 U.S.C. 102(a)(2) prior art against the later invention.
Claims 1, 5, 14, 16, and 18-19 are rejected under 35 U.S.C. 103 as being unpatentable over US 2018/0227293 A1 to UHR et al. (“UHR”) in view of EP 3413507 A1 to Roennow et al. (“Roennow”) and in further view of US 6,741,870 B1 to Holmstrom et al. (“Holmstrom”).
Regarding claim 1, UHR taught a device authentication method comprising (Para. 0032. a blockchain-based-certificate authentication system): generating, by a first device (Para. 0022. a blockchain-based-certificate issuance request server), authentication request information; generating, by the first device, an authentication request transaction including a public key of the first device and a first hash value of the authentication request information; sending the authentication request transaction to a first device channel, the first device channel being established on a distributed ledger;(Para. 0022, generate a public key record-specific transaction generation request signal, and transmit the generated public-key-record-specific transaction generation request signal….a blockchain-based-certificate issuance request server configured to receive the certificate-specific public key and the blockchain-based-certificate-issuance-specific personal information from the user terminal, hash and process the blockchain-based-certificate-issuance-specific personal information to generate user identification hash information,) and 
receiving, by the first device, an authentication response message returned by the second device (Para. 0022. a blockchain-based-certificate management server.), the authentication response message indicating whether authentication of the first device succeeds (Para. 0022. generate user verification-specific transaction information including the generated user verification hash information and user verification-specific transaction ID information used as a key value to search for the user verification-specific transaction information, transmit and record the user verification-specific transaction information).
UHR did not but the analogous art Roennow taught generating, by the first device, an authentication request message including the authentication request information and device channel information of the first device channel, producing a digital signature of the authentication request message using a private key of the first device, and sending the digital signature to a second device; (Para.0006,0009. Generating a certification identifier (i.e. authentication request information), generating a hash of at least a portion of the document (i.e. device channel information), generating a signed transaction comprising the certification identifier, the hash of the document and settings for reproducing hash (i.e. device channel info), the transaction being signed by a cryptographic key (i.e. producing digital signature), and providing the signed transaction to distributed ledger).
Therefore, it would have been obvious to one having ordinary skill in the art before the applicant(s) invention was filed to modify the invention of UHR by including the idea of  generating, by the first device, an authentication request message that includes the authentication request information and device channel information of the first device channel, producing a digital signature of the authentication request message using a private key of the first device, and sending the digital signature to a second device as taught by Roennow in order to verify the authenticity (Roennow, Para, 0001).
UHR-Roennow did not teach the device channel information identifying the first device channel. However, the analogous art Holmstrom taught the device channel information identifying the first device channel (For secure operation: When two devices "initiate" communications with each other, they exchange unique communication channel IDs. If contact is lost, the devices attempt to re-establish communications. During this process, the communication channels are requested to authenticate the other party.” Holmstrom’s communication channel ID for authentication corresponds to claimed device channel information identifying the first device channel. Col. 2, lines 26-35)
Therefore, it would have been obvious to one having ordinary skill in the art before the applicant(s) invention was filed to modify the combined invention of UHR and Roennow by including the idea of the device channel information identifying the first device channel as taught by Holmstrom in order to reinitiate the communication based on communication channel ID if the ongoing communications between two such devices are interrupted inadvertently (Holmstorm, Col. 2, lines 20-25).
Claims 5 and 14 recites similar limitations to claim 1, mutatis mutandis, the subject matter of claim 14, which is therefore, also considered to be taught by UHR-Roennow combination as above.
Regarding claim 16, UHR further taught the device authentication method as claimed in claim 1, wherein the first device is a node in the distributed ledger (UHR, Para.0078. Blockchain node).
Claims 18 and 19 recites similar limitations to claim 1, mutatis mutandis, the subject matter of claim 16, which are therefore, also considered to be taught by UHR-Roennow combination as above.
 
Allowable Subject Matter
Claims 2-4, 6, 15, 17, and 20 would be allowable if rewritten to overcome the rejection(s) under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), 2nd paragraph, set forth in this Office action and to include all of the limitations of the base claim and any intervening claims. Dependent claim 7 would also be allowable due to its dependency on allowable claims 6.
The following is a statement of reasons for the indication of allowable subject matter: 
The examiner notes that the prior arts do not provide sufficient motivation to be combined and to be modified in such a way as to render obvious the following claimed feature within the context of the claimed invention as a whole without the usage of impermissible hindsight reasoning.
Claim 2. The device authentication method as claimed in claim 1, wherein the authentication request transaction further includes a first timestamp indicating when the authentication request transaction is generated, wherein the authentication request information includes a random number and device identification information of the first device, and wherein the device identification information includes at least one of a device ID, a MAC address, an IP address, a device brand, and a device type.
Claim 3. The device authentication method as claimed in claim 1, wherein the device channel information includes a blockchain account address of the first device, and a hash value of a last transaction on the first device channel, when the distributed ledger is a blockchain, and wherein the device channel information includes an ID of a MAM (Masked Authenticated Message) channel, and an address of a first transaction on the MAM channel, when the distributed ledger is an IOTA.
Claim 4. The device authentication method as claimed in claim 1, further comprising: updating, by the first device, the public key and the private key of the first device; generating, by the first device, a key revocation transaction that includes the updated public key; and sending, by the first device, the key revocation transaction to the first device channel, and updating the public key of the first device.
Claim 6. The device authentication method as claimed in claim 5, wherein performing the authentication test on the first device based on at least the first hash value includes calculating a third hash value of the authentication request information included in the authentication request message, and obtaining an authentication result indicating whether a hash value authentication succeeds, based on whether the third hash value is consistent with the first hash value, and wherein obtaining the authentication result includes obtaining the authentication result indicating that the authentication of the first device succeeds, when the hash value authentication succeeds.
Claim 15. The first device as claimed in claim 14, further comprising: a key updating unit configured to update the public key and the private key of the first device; and a third transaction generating unit configured to generate a key revocation transaction that includes the updated public key, send the key revocation transaction to the first device channel, and update the public key of the first device. Claims 17 and 20 recite similar limitation.
Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.
1. Brogan, James, Immanuel Baskaran, and Navin Ramachandran. "Authenticating health activity data using distributed ledger technologies." Computational and structural biotechnology journal 16 (2018): 257-266.
MAM enables three modes of privacy that control visibility and access to channels: public, private, and restricted. In each mode, the MAM channel's ID is the address of the transaction on the tangle. This allows a simple query of the tangle to return a MAM transaction. However, the key used to decode the payload contained within the MAM transaction need not be equal to the MAM channel ID. Another useful property of MAM is transaction linking. When a user decodes a payload, they receive the message and the channel key for the next payload. As we will see below, this feature comes in handy for public and private modes. In the case of public mode, the transaction address is both the channel ID and channel key. Page. 260.
2. Karapanos, Nikolaos, and Srdjan Capkun. "On the Effective Prevention of {TLS}{Man-in-the-Middle} Attacks in Web Applications." 23rd USENIX security symposium (USENIX security 14). 2014.
We show that strong client authentication, such as Channel ID-based authentication, can be combined with the concept of server invariance, a weaker and easier to achieve property than server authentication, in order to protect against the considered attacks. We specifically leverage Channel ID-based authentication in combination with server invariance to create a novel mechanism that we call SISCA: Server Invariance with Strong Client Authentication. SISCA resists user impersonation via TLS MITM attacks, regardless of how the attacker is able to successfully achieve server impersonation. We analyze our proposal and show how it can be integrated in today’s web infrastructure. Abstract.
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to SHAWNCHOY RAHMAN whose telephone number is (571)270-7471. The examiner can normally be reached Monday - Friday 8:30A-5P ET.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Taghi T Arani can be reached on 5712723787. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/Shawnchoy Rahman/Primary Examiner, Art Unit 2438