DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
This written action is responding to the application filed on  dated January 27, 2021.
In the filed application dated on January 27, 2021, Claims 1-18 have been submitted.
Claims 1-18 are allowed.
Priority
This application filed on January 27, 2021 claims priority of provisional application 62/966,930 filed on January 28, 2020 and continued in part parent application 16/818,807 filed on March 13 2020 which claims priority of provisional application 62/817,966 filed on March 13, 2019.
Information Disclosure Statement
The following Information Disclosure Statements in the instant application submitted in compliance with the provisions of 37 CFR 1.97, and thus, have been fully considered:
IDS filed on 25 March 2021.
IDS filed on 24 November 2021.

EXAMINER’S AMENDMENT
An examiner’s amendment to the record appears below.  Should the changes and/or additions be unacceptable to Applicant, an amendment may filed as provided by 37 CFR 1.312.  To ensure consideration of such an amendment, it MUST be submitted no later than the payment of issue fee.
Authorization for this examiner’s amendment was given in a telephone interview with Mr. Michael J. Curley of registration number 63,251, on August 23, 2022.  During the telephone interview, Mr. Curley has agreed and authorized the examiner to further amend Claims 1-18 on the filed application dated on January 27, 2021.

Claims
Replacing Claims 1-18 of the filed application dated on January 27, 2021with the following:
Claims:
1.    A system, comprising:
a processor, and memory coupled to the processor, the memory storing:
device data representing measured device characteristics of physical-unclonable-function (“PUF”) arrays having pluralities of PUF devices, each PUF array belonging to one of a plurality of computing devices, wherein each computing device of the plurality of computing device is part of a network of computing devices; and
executable instructions that, when executed by the processor, cause the processor to: 
transmit a processing instruction to a remote device, the processing instruction causing 
determine expected measurement values of characteristics of the set of PUF devices measured by the remote device by using the processing instruction to identify and retrieve a subset of the device data stored in the memory and associated with the set of PUF devices measured by the remote device; 
derive a set of encryption keys from the expected measurement values; and
communicate with the remote device by performing a cryptographic operation secured by the set of encryption keys that includes: 
segmenting a first datastream into a first plurality of datastream fragments;
segmenting a first data stream fragment of the first plurality of datastream fragments into a first numeric value and a second numeric value;
identifying, using the first numeric value, a first encryption key of the set of encryption keys; and
applying a one-way cryptographic function to the first encryption key a first number of times determined by the second numeric value to generate a transformed fragment having a value that depends on the values of the first numeric value and the second numeric value from the first data stream fragment and a value of the first encryption key.

2.	The system of claim 1, wherein the instructions, when executed by the processor to perform the cryptographic operation, cause the processor to:
receive, as a second data stream, a ciphertext generated by the remote device;
extract a second data stream fragment from the second data stream; and
for a second encryption key in the set of encryption keys:
repeatedly apply the one-way cryptographic function to the second data stream fragment a second number of times to produce an intermediate result that is equivalent to a result of repeatedly applying the one-way cryptographic function to the second encryption key the second number of times;
output, as a decrypted value of the second data stream fragment an output value including the second number of times the one-way cryptographic function was repeatedly applied to the second data stream fragment and a third numeric value associated with the second encryption key.
3.	The system of claim 1, wherein the instructions, when executed by the processor to perform the cryptographic operation, cause the processor to:
identify, using the first numeric value, the first encryption key of the set of encryption keys by using the first numeric value as an index value in accessing an encryption key array that includes the set of encryption keys; and
determining the first number of times by subtracting the second numeric value from a predetermined number.
4.	The system of claim 1, wherein the instructions, when executed by the processor to issue the processing instruction to the remote device, cause the processor to:
transmit error correction information to the remote device that enables the remote device to correct erratic measurements of the set of PUF devices determined using the processing instruction.

5.	The system of claim 4, wherein the memory stores further instructions that, when executed by the processor cause the processor to receive information from the remote device associated with measurements of the characteristics of the set of PUF devices determined using the processing instruction to:
determine that actual measurement values of characteristics of the set of PUF devices determined using the processing instruction and measured by the remote device in response to the processing instruction differ from stored measurement values of the characteristics of the set of PUF devices determined using the processing instruction in the device data stored in the memory; and
apply an error-correction algorithm to stored measurement values of the characteristics of the set of PUF devices determined using the processing instruction in the device data stored in the memory to produce the expected measurement values used to generate the one or more encryption keys.

6.	The system of claim 1, wherein the one-way cryptographic function includes at least one of a SHA-1, SHA-2, SHA-3, SHA-224, SHA-256, SHA-384, SHA-512, MD5, MD6, and SWIFT function.

7.	A system, comprising:
a processor, and memory coupled to the processor, the memory storing:
device data representing measured device characteristics of at least one physical-unclonable-function (“PUF”) device; and
executable instructions that, when executed by the processor, cause the processor to: 
derive a set of encryption keys from the measured device characteristics of the at least one PUF device; and
communicate with a remote device by performing a cryptographic operation secured by the set of encryption keys that includes: 
segmenting a first data stream into a first plurality of data stream fragments;
segmenting a first data stream fragment of the first plurality of data stream fragments into a first numeric value and a second numeric value;
identifying, using the first numeric value, a first encryption key of the set of encryption keys; and
applying a one-way cryptographic function to the first encryption key a first number of times determined by the second numeric value to generate a transformed fragment having a value that depends on the values of the first numeric value and the second numeric value from the first data stream fragment and a value of the first encryption key.

8.	The system of claim 7, wherein the instructions, when executed by the processor to perform the cryptographic operation, cause the processor to:
receive, as a second data stream, a ciphertext generated by the remote device;
extract a second data stream fragment from the second data stream; and
for a second encryption key in the set of encryption keys:
repeatedly apply the one-way cryptographic function to the second data stream fragment a second number of times to produce an intermediate result that is equivalent to a result of repeatedly applying the one-way cryptographic function to the second encryption key the second number of times;
output, as a decrypted value of the second data stream fragment an output value including the second number of times the one-way cryptographic function was repeatedly applied to the second data stream fragment and a third numeric value associated with the second encryption key.

9.	The system of claim 7, wherein the instructions, when executed by the processor to perform the cryptographic operation, cause the processor to:
identify, using the first numeric value, the first encryption key of the set of encryption keys by using the first numeric value as an index value in accessing an encryption key array that includes the set of encryption keys; and
determining the first number of times by subtracting the second numeric value from a predetermined number.
10.	The system of claim 7, wherein the instructions, when executed by the processor cause the processor to:
issue a processing instruction to the remote device; and
transmit error correction information to the remote device that enables the remote device to correct erratic measurements of a set of PUF devices determined using the processing instruction.
11.	The system of claim 10, wherein the memory stores further instructions that, when executed by the processor cause the processor to receive information from the remote device associated with measurements of the characteristics of the set of PUF devices determined using the processing instruction to:
determine that actual measurement values of characteristics of the set of PUF devices determined using the processing instruction and measured by the remote device in response to the processing instruction differ from stored measurement values of the characteristics of the set of PUF devices determined using the processing instruction in the device data stored in the memory; and
apply an error-correction algorithm to stored measurement values of the characteristics of the set of PUF devices determined using the processing instruction in the device data stored in the memory to produce the expected measurement values used to generate the one or more encryption keys.

12.	The system of claim 7, wherein the one-way cryptographic function includes at least one of a SHA-1, SHA-2, SHA-3, SHA-224, SHA-256, SHA-384, SHA-512, MD5, MD6, and SWIFT function.

13.	A method, comprising:
deriving a set of encryption keys from measured device characteristics of at least one PUF device; and
communicating with a remote device by performing a cryptographic operation secured by the set of encryption keys that includes: 
segmenting a first data stream into a first plurality of data stream fragments;
segmenting a first data stream fragment of the first plurality of data stream fragments into a first numeric value and a second numeric value;
identifying, using the first numeric value, a first encryption key of the set of encryption keys; and
applying a one-way cryptographic function to the first encryption key a first number of times determined by the second numeric value to generate a transformed fragment having a value that depends on the values of the first numeric value and the second numeric value from the first data stream fragment and a value of the first encryption key.

14.	The method of claim 13, further comprising:
receiving, as a second data stream, a ciphertext generated by the remote device;
extracting a second data stream fragment from the second data stream; and
for a second encryption key in the set of encryption keys:
repeatedly applying the one-way cryptographic function to the second data stream fragment a second number of times to produce an intermediate result that is equivalent to a result of repeatedly applying the one-way cryptographic function to the second encryption key the second number of times; and
outputting, as a decrypted value of the second data stream fragment an output value including the second number of times the one-way cryptographic function was repeatedly applied to the second data stream fragment and a third numeric value associated with the second encryption key.

15.	The method of claim 13, further comprising:
identifying, using the first numeric value, the first encryption key of the set of encryption keys by using the first numeric value as an index value in accessing an encryption key array that includes the set of encryption keys; and
determining the first number of times by subtracting the second numeric value from a predetermined number.

16.	The method of claim 13, further comprising:
transmitting error correction information to the remote device that enables the remote device to correct erratic measurements of a set of PUF devices determined using a processing instruction.
17.	The method of claim 16, further comprising:
receiving information from the remote device associated with measurements of the characteristics of the set of PUF devices determined using the processing instruction to:
determining that actual measurement values of characteristics of the set of PUF devices determined using the processing instruction and measured by the remote device in response to the processing instruction differ from stored measurement values of the characteristics of the set of PUF devices determined using the processing instruction in device data stored in a memory; and
applying an error-correction algorithm to stored measurement values of the characteristics of the set of PUF devices determined using the processing instruction in the device data stored in the memory to produce the expected measurement values used to generate the one or more encryption keys.

18.	The method of claim 13, wherein the one-way cryptographic function includes at least one of a SHA-1, SHA-2, SHA-3, SHA-224, SHA-256, SHA-384, SHA-512, MD5, MD6, and SWIFT function.
Allowable Subject Matter
Claims 1-18 are allowed.
Examiner’s Statement of Reasons for Allowance
The following is an examiner’s statement of reasons for allowance:
Independent claim 1 is allowable based on the amendment presented in the filed application dated on January 27, 2021 and the examiner’s amendment dated on August 24, 2022.
Specifically, the independent claim 1 now recites limitations as follows:
“A system, comprising:
a processor, and memory coupled to the processor, the memory storing:
device data representing measured device characteristics of physical-unclonable-function (“PUF”) arrays having pluralities of PUF devices, each PUF array belonging to one of a plurality of computing devices, wherein each computing device of the plurality of computing device is part of a network of computing devices; and
executable instructions that, when executed by the processor, cause the processor to: 
transmit a processing instruction to a remote device, the processing instruction causing the remote device to determine a set of PUF devices belonging to the PUF array of the remote device and measure characteristics of those PUF devices;
determine expected measurement values of characteristics of the set of PUF devices measured by the remote device by using the processing instruction to identify and retrieve a subset of the device data stored in the memory and associated with the set of PUF devices measured by the remote device; 
derive a set of encryption keys from the expected measurement values; and
communicate with the remote device by performing a cryptographic operation secured by the set of encryption keys that includes: 
segmenting a first datastream into a first plurality of datastream fragments;
segmenting a first data stream fragment of the first plurality of datastream fragments into a first numeric value and a second numeric value;
identifying, using the first numeric value, a first encryption key of the set of encryption keys; and
applying a one-way cryptographic function to the first encryption key a first number of times determined by the second numeric value to generate a transformed fragment having a value that depends on the values of the first numeric value and the second numeric value from the first data stream fragment and a value of the first encryption key”.
The reference by Shih-Lien Linus Lu (US PGPUB. # US 2020/0052912) discloses, a method to secure software update information for authorized entities. In one embodiment, a device for receiving secured software update information from a server, the device includes: a physical unclonable function (PUF) information generator, comprising a PUF cell array, configured to generate PUF information, wherein the PUF information comprises at least one PUF response output, wherein the at least one PUF response output is used to encrypt the software update information on the server so as to generate encrypted software update information; a first encrypter, configured to encrypt the PUF information from the PUF information generator using one of at least one public key from the server so as to generate encrypted PUF information; and a second encrypter, configured to decrypt the encrypted software update information using one of the at least one PUF response output so as to obtain the software update information. (Abstract). Particular Lu teaches, PUF Cell array in a server and a client device having a PUF array. The PUF information, including the PUF response R and the helper data H are generated from the PUF generator 108 and the helper data generator 106 of the device 102 respectively. Specifically, a first device 102A generates first PUF information (R1||H1). (Fig. 5, ¶51). The method 500 continues to operation 514 in which encrypted software update information E(R, SW) and a corresponding challenge C are transmitted to the corresponding device 102. In certain embodiments, when the server 104 selects a response R from a plurality of responses of a device 102 for encryption of the software update information, the server 104 also transmits the corresponding challenge C back to the device 102 together with the encrypted software update information E(R, SW).||.C. Specifically, the device 102A receives the encrypted software information E(R1,SW1).parallel.C1 and the device 102B receives the encrypted software information E(R2, SW2).parallel.C2 from the server 104. (Fig. 5(514), ¶58). The method 500 continues with operation 516, in which a response R is obtained according to the received corresponding challenge C from the server 104 by the device 102. In some embodiments, a PUF generator 200 of a device 102 can generate a plurality of PUF response outputs corresponding to a plurality of challenge inputs. The challenge C corresponding to the PUF response used for encrypting the software update information is then transmitted back to the device 102 from the server 104. The challenge C is further used by the device 102 to obtain the corresponding response R, which is then used to decrypt the encrypted software update information SW. (Fig. 5(516A), ¶59). 
The reference by Mlodrag Potkinjak (US PGPUB. # US 2010/0322428) discloses, a source computer can encrypt a message using a simulation of a hardware cryptographic unit. The encrypted message can then be sent to a destination computer. The destination computer can then use the hardware cryptographic unit to decrypt the message. The source computer can use a simulation of the hardware cryptographic unit to transform an input value into a simulation output. The simulation output can be transmitted from the source computer to the destination computer where all possible input values can be rapidly run through the hardware cryptographic unit until the output of the hardware cryptographic unit matches the simulated output. The input value that generated the matching output is now a shared secret between the source computer and destination computer without ever having been transmitted in the clear over the communication channel. (Abstract). Process 500 begins at operation 510, where an input value may be selected from a large input value pool 405 by a source computer 410. The selection may be made randomly, pseudo-randomly, or in any other fashion. Once shared to the destination computer 420, the randomly selected input value 425 may be considered a shared secret key between the source computer 410 and the destination computer 420. Continuing to operation 520, parameterized characteristics for simulating the HPPUF 150 may be received at the source computer 410 from the destination computer 420. The HPPUF 150 associated with the parameterized characteristics may be contained within the hardware cryptographic unit 110 associated with the destination computer 110. Continuing to operation 530, the public parameterized characteristics that were received in operation 520 may be used by the source computer 410 to simulate the hardware cryptographic unit 110 located at the destination computer 420. The simulation of the hardware cryptographic unit 110 may be used to generate a simulated output 435 for the randomly selected input value 425 as selected in operation 510. Continuing to operation 540, the simulated output 435 may be transmitted from the source computer 410 to the destination computer 420. Continuing to operation 550, the source computer 410 can XOR the selected input value 425 with a plaintext message 440 to generate a ciphertext 445. Continuing to operation 560, the ciphertext 445 may be transmitted from the source computer 410 to the destination computer 420. (Fig. 6, ¶55-¶57). Process 600 begins at operation 610, where a hardware cryptographic unit 110 comprising a hardware public physically unclonable function may be manufactured. Continuing to operation 620, unique characteristics may be parameterized for the hardware cryptographic unit 110. Continuing to operation 630, the unique characteristics parameterized in operation 620 may be transmitted to the source computer 410. Continuing to operation 640, the destination computer 420 may receive a simulated output from the source computer 410. Continuing to operation 650, a ciphertext, or encrypted message, may be received from the source computer 410 by the destination computer 420. Continuing to operation 660, all values from the pool of input values 405 may be run through the hardware cryptographic unit 110 to find the particular input value that generates the simulated output 435 received from the source computer 410 in operation 640. Identifying the randomly selected input value 425 from the pool of input values 405 that generates the received simulated output 435 can supply the destination computer 420 with the value of the randomly selected input value 425 previously only known to the source computer 410. This value is now a shared secret between the source computer 410 and the destination computer 420. Continuing to operation 670, the input value determined in operation 660 may be used by the destination computer 420 to decrypt the ciphertext 445 received in operation 650. The input value determined in operation 660 may be XORed with the received ciphertext 445 that was received in operation 650 to produce the recovered plain text 465. (Fig. 7, ¶56-¶61).
The reference by Srinivasan Rangaraj (US PGPUB. # US 2019/0182236) discloses, a method including: receiving by a client N public encryption keys over a network from a server, wherein N is an integer greater than 1; generating N session keys in response to receiving the N public encryption keys; encrypting each of the N session keys with a respective one of the N public encryption keys; subsequent to encrypting each of the N session keys, sending the N session keys encrypted over the network to the server; encrypting, with a first one of the N session keys, a first portion of a payload associated with a first message; encrypting, with a second one of the N session keys, a second portion of the payload associated with the first message; and sending the first message, comprising the payload encrypted, to the server from the client. (Abstract). At action 510, the encryption application encrypts a first portion of a payload with a first one of the N session keys. The encryption application also encrypts a second portion of the payload with a second one of the N session keys. As noted above, N may be any integer greater than one. So for instance, in an example in which N equals 4, there would be four portions of the payload, and each of the portions would be encrypted using a respective one of the four session keys. Similarly, in an example in which N equals 8, there would be eight portions of the payload, and each of the portions would be encrypted using a respective one of the eight session keys. (Fig. 5(510), ¶70). At action 560, the encryption application 136 decrypts and reassembles the payload to generate clear text. For instance, the encryption application 136 may decrypt a first portion of the payload using a first one of the N session keys and decrypt a second portion of the payload using a second one of the N session keys. As noted above, N may be any appropriate integer greater than 1. So in an example in which N equals 3, action 560 may also include decrypting a third portion of the payload using a third one of the N session keys. Action 560 may also include using knowledge about the particular payload division to appropriately decrypt and reassemble the payload. (Fig. 6(560), ¶77).
Hugesh et al.  (US PGPUB. # US 2013/0083926) discloses, the quantum key management innovations combine quantum key distribution and a quantum identification protocol with a Merkle signature scheme (using Winternitz one-time digital signatures or other one-time digital signatures, and Merkle hash trees) to constitute a cryptography system. More generally, the quantum key management innovations combine quantum key distribution and a quantum identification protocol with a hash-based signature scheme. This provides a secure way to identify, authenticate, verify, and exchange secret cryptographic keys. Features of the quantum key management innovations further include secure enrollment of users with a registration authority, as well as credential checking and revocation with a certificate authority, where the registration authority and/or certificate authority can be part of the same system as a trusted authority for quantum key distribution. (Abstract).
Adham et al. (US PGPUB. # US 2019/0165956) discloses, generating a security key for an integrated circuit device include generating a plurality of key bits with a physically unclonable function (PUF) generator. Unstable bits of the plurality of key bits are identified, and a security key is generated based on the plurality of key bits, wherein the security key excludes the identified unstable bits. (Abstract).
Park et al. (US PGPUB. # US 2018/0337793) discloses, a physical unclonable function (PUF) circuit and a PUF system including the same are provided. The PUF circuit includes a plurality of PUF cells each configured to generate an output voltage by dividing a power voltage, a reference voltage generator configured to generate a first reference voltage by dividing the power voltage, and a comparing unit configured to sequentially compare the output voltages of the plurality of PUF cells with the first reference voltage to output data values of the plurality of PUF cells. (Abstract).
MAI et al. (US PGPUB. # US 2017/0180140) discloses, a method includes obtaining, by a response generator circuit, reliability information for each bit of an array of bits provided by a physical unclonable function (PUF) circuit; receiving, from the PUF circuit during run time, an array of values for the array of bits; selecting a plurality of values from the array of values received from the PUF circuit in accordance with the reliability information; and generating, by the response generator circuit, a PUF response from the selected plurality of values. (Abstract).
Teuwen et al. (US PGPUB. # US 2012/0131340) discloses, a method that includes a physically-unclonable function (PUF) device that receives a communication that includes a first challenge value, a second challenge value and a remote message authenticity value. The method includes the generation of additional challenge-response pairs in a secure manner. The additional challenge-response pairs are securely communicated between the PUF device and an authenticating server or other device for subsequent use in authentication. (Abstract).
However, each of the cited references or reference from the updated search, at least, fails to teach or suggest the limitations regarding “…derive a set of encryption keys from the measured device characteristics of the at least one PUF device; and communicate with a remote device by performing a cryptographic operation secured by the set of encryption keys that includes: segmenting a first data stream into a first plurality of data stream fragments; segmenting a first data stream fragment of the first plurality of data stream fragments into a first numeric value and a second numeric value; identifying, using the first numeric value, a first encryption key of the set of encryption keys”, in combination with the rest of the limitations recited in the independent claim(s).

None of the previous cited prior art references or reference(s) from the updated search yield any specific references that would reasonably, either singularly or in combination with previous cited reference, result a reasonable and proper rejection for each of the cited feature limitations of the independent claim 1 under 35 U.S.C. 102 or 35 U.S.C. 103 with proper motivation.
Claims 7 is also a system claim of above system claim 1 and Claim 13 is a method claim of above system claim 1, and therefore, they are also allowed.
Claims 2-6 depend on the allowed claim 1, and therefore, they are also allowed.
Claims 8-12 depend on the allowed claim 8, and therefore, they are also allowed.
Claims 14-18 depend on the allowed claim 15, and therefore, they are also allowed.
Any comments considered necessary by applicant must be submitted no later than the payment of the issue fee and to avoid processing delays, should preferably accompany the issue fee.  Such submissions should be clearly labeled "Comments on Statement of Reasons for Allowance".

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to DARSHAN I DHRUV whose telephone number is (571)272-4316. The examiner can normally be reached M-F 9:00 AM-5:00 PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Yin-Chen Shaw can be reached on 571-272-8878. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/DARSHAN I DHRUV/Primary Examiner, Art Unit 2498