Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Claims Status
This office action is in response to communication filed on 09/30/2021; the provisional application filed on 01/01/2015 is considered.
Claims 2-21 are pending and rejected; claims 2, 9 and 16 are independent claims.

Information Disclosure Statement
The information disclosure statement (IDS) submitted on 06/21/2021 is in compliance with the provisions of 37 CFR 1.97.  Accordingly, the information disclosure statement is being considered by the examiner.
Double Patenting
The nonstatutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper timewise extension of the “right to exclude” granted by a patent and to prevent possible harassment by multiple assignees. A nonstatutory double patenting rejection is appropriate where the conflicting claims are not identical, but at least one examined application claim is not patentably distinct from the reference claim(s) because the examined application claim is either anticipated by, or would have been obvious over, the reference claim(s). See, e.g., In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969).
A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) or 1.321(d) may be used to overcome an actual or provisional rejection based on nonstatutory double patenting provided the reference application or patent either is shown to be commonly owned with the examined application, or claims an invention made as a result of activities undertaken within the scope of a joint research agreement. See MPEP § 717.02 for applications subject to examination under the first inventor to file provisions of the AIA  as explained in MPEP § 2159. See MPEP § 2146 et seq. for applications not subject to examination under the first inventor to file provisions of the AIA . A terminal disclaimer must be signed in compliance with 37 CFR 1.321(b). 
The USPTO Internet website contains terminal disclaimer forms which may be used. Please visit www.uspto.gov/patent/patents-forms. The filing date of the application in which the form is filed determines what form (e.g., PTO/SB/25, PTO/SB/26, PTO/AIA /25, or PTO/AIA /26) should be used. A web-based eTerminal Disclaimer may be filled out completely online using web-screens. An eTerminal Disclaimer that meets all requirements is auto-processed and approved immediately upon submission. For more information about eTerminal Disclaimers, refer to www.uspto.gov/patents/process/file/efs/guidance/eTD-info-I.jsp.
Claims 2-21 are rejected on the ground of nonstatutory double patenting over claims 1-19 of U.S. Patent No. 11,042,488 B2 since the claims, if allowed, would improperly extend the “right to exclude” already granted in the patent.
The subject matter claimed in the instant application is fully disclosed in the patent and is covered by the patent since the patent and the application are claiming common subject matter, as follows: see independent claim comparison in the table below.
Patent No.: 11,042,488 B2
Instant application
1. A method comprising: storing a base key at a device, wherein the base key is private to the device;
 receiving a message from a remote entity, the message including a signature of a root entity that is based on a root private key; 
verifying the signature of the root entity from the message with a root public key that corresponds to the root private key; 
responsive to verifying the signature of the root entity from the message, receiving, at the device, a public key of the remote entity that is included in the message, wherein the public key is an asymmetric key; 
generating, by a processing device of the device, a derived key using a one way function having the base key as a first input and a second input that is based on the public key of the remote entity that is included in the message; and 
encrypting the derived key by using the same public key that is used to generate the derived k
2. A method comprising: 
receiving, by a device from a remote entity, a root signed block including a delegate public key, wherein the delegate public key is signed by a root private key; 
retrieving a root public key that corresponds to the root private key; 
verifying the root signed block with the root public key to retrieve the delegate public key; 
generating, by the device, an encrypted derived key based on a combination of the delegate public key and a symmetric base key stored at the device; and 
transmitting the encrypted derived key to the remote entity.



Furthermore, there is no apparent reason why applicant was prevented from presenting claims corresponding to those of the instant application during prosecution of the application which matured into a patent. See In re Schneller, 397 F.2d 350, 158 USPQ 210 (CCPA 1968). See also MPEP § 804.


Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 2, 4-5 and 7-8 are rejected under 35 U.S.C. 103 as being unpatentable over Pang et al. US Pub. No.: 2017/0099137 A1 (hereinafter Pang1), in view of Pang et al. US Pub. No.: 2017/0026174 A1 (hereinafter Pang2).

Pang1 teaches: 
As to claim 2, a method comprising:
 receiving, by a device from a remote entity, a root signed block including a delegate public key, wherein the delegate public key is signed by a root private key (see Pang1 ¶¶13 23 25 and 31, receiving the public key information of the second device that is encrypted by using the public key of the first device and sent by the second device, the first device further receives signature verification information sent by the second device, where the signature verification information is information obtained by the second device by performing asymmetric encryption on agreed information by using a private key of the second device, where the agreed information may be the public key information of the second device) ; 
retrieving a root public key that corresponds to the root private key (see Pang1 ¶30, sending, by the second device, the public key information of the second device to the first device, so that after the first device obtains the public key of the second device); 
verifying the root signed block with the root public key to retrieve the delegate public key (see Pang1 ¶31, the first device verifies the signature verification information by using the public key of the second device); 
Pang1 does not explicitly teach but the related art Pang2 teaches:
generating, by the device, an encrypted derived key based on a combination of the delegate public key and a symmetric base key stored at the device (see Pang2 ¶265, the second device generates a shared key by using a key-exchange private key of the second device and a second key-exchange public key obtained according to the second key-exchange public key information); and 
transmitting the encrypted derived key to the remote entity (see Pang ¶266, first device receives the encrypted first key-exchange public key of the second device that is sent by the second device).
Therefore, it would have been obvious to one with ordinary skill in the art before the effective filing date of the invention, to modify secure connection method for network device, related apparatus disclosed by Pang1 to include the method for establishing secure connection, as thought by Pang2, in order to generate a derived key as disclosed by the claimed invention. It would have been obvious to one of ordinary skill in the art to include generate a derived key to avoid the key distribution problem because secret keys are not shared between correspondents.
As to claim 4, the method of claim 2, wherein generating the encrypted derived key comprises: 
performing a hash function on the delegate public key to generate a hash value see Pang1 ¶172, partial truncation information of the public key, a hash value of the public key (a value obtained after the hash operation); and 
truncating the hash value to generate a truncated hash value (see Pang1 ¶172, partial truncation information of the public key, a hash value of the public key (a value obtained after the hash operation)); and 
performing a one way function between the symmetric base key and the truncated hash value to generate the encrypted derived key (see Pang1, derivative information (dynamic or static) of the public key such as a hash value obtained after an operation is performed on the public key with reference to other data).

As to claim 5, the method of claim 4, wherein the hash function is a Secure Hash Algorithm (SHA) (see Pang1, where the hash algorithm may be a secure hash algorithm-256 (SHA-256)) .


As to claim 7, the method of claim 2, wherein generating the encrypted derived key comprises performing a one way function with inputs being the symmetric base key and at least a portion of a hash value corresponding to the delegate public key (see Pang1 ¶199, the first device may specifically use the public key of the second device to perform an asymmetric operation on a hash operation value between the public key operation value of the second device and the random value n, to generate the first verification message).

As to claim 8,  (New) The method of claim 2, wherein generating the encrypted derived key comprises performing a one way function with inputs being the symmetric base key and the delegate public key without any hash function or truncation function being performed (see Pang2, the second verification information is a second encryption value obtained after second designated information is encrypted by using the generated shared key after the shared key is generated by the second device, or is a second hash value obtained after a hash operation is performed by using the generated shared key in combination with second designated information)

Claims 3 and 6 are rejected under 35 U.S.C. 103 as being unpatentable over Pang et al. US Pub. No.: 2017/0099137 A1, in view of Pang et al. US Pub. No.: 2017/0026174 A1 as applied above and further in view of Solow et al US Pub. No.: 2014/0195809 A1 (hereinafter Solow)

As to claim 3, the Combination of Pang1 and Pang2 does not but the related art Solow teaches: the method of claim 2, wherein the symmetric base key is stored in a one-time programmable (OTP) memory ( see Solow ¶43, key-share stored on OTP)
Therefore, it would have been obvious to one with ordinary skill in the art before the effective filing date of the invention, to modify secure connection method for network device, related apparatus disclosed by Pang1 and the method for establishing secure connection disclosed by Page2 to include the electronic content distribution based on secret sharing, as thought by Solow, in order to store the symmetric base key in on-time programmable memory. It would have been obvious to one of ordinary skill in the art to use techniques that are known in the art, so as to inhibit tampering with secret keys identifier.

As to claim 6, the Combination of Pang1 and Pang2 does not but the related art Solow teaches the method of claim 4, wherein the one way function is a key tree function (see Solow ¶12, distributing the key-shares includes generating a binary tree… which is derivable from the ancestor nodes by a predetermined one-way function) .
Therefore, it would have been obvious to one with ordinary skill in the art before the effective filing date of the invention, to modify secure connection method for network device, related apparatus disclosed by Pang1 and the method for establishing secure connection disclosed by Page2 to include the electronic content distribution based on secret sharing, as thought by Solow, in order to key tree function for one way function. It would have been obvious to one of ordinary skill in the art so that the key-shares are associated with respective ancestor nodes in the tree, and each client has a respective client key associated with a respective leaf of the tree.
As to independent claim 9, this claim directed to a system executing the method of claim 2; therefore it is rejected along similar rationale.
As to independent claim 16, this claim directed to a non-transitory computer readable medium including program code executing the method of claim 1; therefore it is rejected along similar rationale.
As to dependent claims 10-15 and 17-21, these claims contain substantially similar subject matter as claim 3-8; therefore they are rejected along the same rationale.

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to NEGA WOLDEMARIAM whose telephone number is (571)270-7478. The examiner can normally be reached Monday to Friday, 8am-5pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jeffrey Pwu can be reached on 5712726798. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/NEGA WOLDEMARIAM/             Examiner, Art Unit 2433                       

/JEFFREY C PWU/             Supervisory Patent Examiner, Art Unit 2433