DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
This initial written action is responding to the communication dated on 03/09/2021.
Claims 1-20 are submitted for examination.
Claims 1-20 are pending.
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  

Priority
This application filed on March 09, 2021 does not claim any priority.

Claim Rejections - 35 USC § 102
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –

(a)(2) the claimed invention was described in a patent issued under section 151, or in an application for patent published or deemed published under section 122(b), in which the patent or application, as the case may be, names another inventor and was effectively filed before the effective filing date of the claimed invention.

Claims 1, 3, 9 and 15 are rejected under 35 U.S.C. 102(a)(2) as being anticipated by Desai et al. (US PGPUB. # US 2018/0114226, hereinafter “Desai”).

Referring to Claims 1, 9 and 15:
Regarding Claim 1, Desai teaches,
A method comprising: 
receiving, at a computing system, a request to perform an operation; (Fig. 7(710), ¶51, “At 710, a request to complete a transaction may be received by a payment provider”, i.e. a request is received to complete a transaction indicates that the request is to perform an operation).
transmitting, by the computing system, a nonce to a memory device; (Fig. 7(730), ¶51, “The nonce may be sent to the device at 730”, ¶35, “A device of the user can refer to an electronic device such as a tablet, smartphone, laptop, and/or a desktop computer”, Fig. 11, ¶29, ¶62, “a memory 27 (typically RAM, but which may also include read-only memory (“ROM”), flash RAM, or the like)”, i.e. a nonce is transmitted to a device)
receiving, by the computing system, a second nonce from the memory device; (Fig. 7(740), ¶52, “The user's device may send the encrypted nonce to the payment provider, which receives the encrypted nonce at 740”, i.e. a computing device receives a second nonce)
verifying, by the computing system, the second nonce using a stored public key; (Fig. 7(750, 760), ¶53, “may utilize the public key stored in the non-transitory memory to decrypt the encrypted nonce at 750. At 760, the decrypted nonce may be compared to the nonce the payment provider originally sent at 730”, i.e. second nonce is verified using a stored public key)
and 
executing, by the computing system, the operation upon successfully verifying the second nonce. (Fig. 7(770), ¶53, “If a match is determined to exist, then the payment provider may complete the transaction at 770 as described previously”, i.e. an operation is executed based on successful verification of the second nonce).

Regarding Claim 9, it is a device claim of above method Claim 1, therefore Claim 8 is rejected with the same rationale as applied against Claim 1 above.
In addition Desai teaches, a processor and a storage medium (Fig. 11).

Regarding Claim 15, it is a non-transitory  computer-readable storage medium claim of above method Claim 1, therefore Claim 16 is rejected with the same rationale as applied against Claim 1 above.
In addition Desai teaches, non-transitory computer-readable medium. (¶5, ¶14, ¶16).

Regarding Claim 3, rejection of Claim 1 is included and Desai teaches,
The method of claim 1, wherein verifying the second nonce using a stored public key comprises decrypting the second nonce using the stored public key, the stored public key used by the memory device to generate the second nonce. (Fig. 7(750), ¶53, “may utilize the public key stored in the non-transitory memory to decrypt the encrypted nonce at 750. At 760, the decrypted nonce may be compared to the nonce the payment provider originally sent at 730”, i.e. second nonce is generated by decrypting the second encrypted nonce with a stored public key).

Claim Rejections - 35 USC § 103

The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.


Claims 2, 10 and 16 are rejected under 35 U.S.C. 103 as being unpatentable over Desai et al. (US PGPUB. # US 2018/0114226, hereinafter “Desai”), and further in view of Scott Best (WIPO PGPUB. # WO 2020/033428, hereinafter “Best”).

Referring to Claims 2, 10 and 16:
Regarding Claim 2, rejection of Claim 1 is included and Desai does not teach explicitly
The method of claim 1, wherein transmitting the nonce comprises transmitting the nonce over a memory bus.
However, Best teaches,
The method of claim 1, wherein transmitting the nonce comprises transmitting the nonce over a memory bus. (¶13, “a random value (i.e. , a “number used once” value, also known as a “nonce” value in cryptographic parlance) may be provided with the different portions of the memory.sup.7 address and the data that is returned via the memory bus may be encoded based on the random value”, i.e. nonce is transmitted over a memory bus).
As per KSR vs Teleflex, combining prior art elements according to known methods (device, product) to yield predictable results may be used to create a prima facie case of obviousness.
It would have been obvious to one of ordinary skill in the art before the effective filing date to have combined the teachings of Best with the invention of Desai.
Desai teaches, allowing a transaction when a nonce is verified utilizing a public key of a device. Best teaches, transmitting a nonce over a memory bus. Therefore, it would have been obvious to have transmitting a nonce over a memory bus of Best with allowing a transaction when a nonce is verified utilizing a public key of a device of Desai as the protection of the memory bus may prevent or substantially delay the attacker from compromising the memory bus and retrieving the secret data stored at the memory. KSR Int’l v. Teleflex Inc., 127 S. Ct. 1727, 1740-41, 82 USPQ2d 1385, 1396 (2007). 

Regarding Claim 10, rejection of Claim 9 is included and Claim 10 is rejected with the same rationale as applied against Claim 2 above.

Regarding Claim 16, rejection of Claim 15 is included and Claim 16 is rejected with the same rationale as applied against Claim 2 above.

Claims 4, 11 and 17 are rejected under 35 U.S.C. 103 as being unpatentable over Desai et al. (US PGPUB. # US 2018/0114226, hereinafter “Desai”), and further in view of Cho et al. (US PGPUB. # US 2017/0338961, hereinafter “Cho”).

Regarding Claim 4, rejection of Claim 1 is included and Desai does not teach explicitly,
The method of claim 1, wherein verifying the second nonce using a stored public key comprises verifying a digital signature associated with the second nonce, the digital signature generated by the memory device using a private key corresponding to the public key.
However, Cho teaches,
The method of claim 1, wherein verifying the second nonce using a stored public key comprises verifying a digital signature associated with the second nonce, (¶10, Fig. 9, ¶94, “The gateway generates a random number in order to verify whether the controller is genuine”, ¶96, “The gateway verifies the signature”) the digital signature generated by the memory device using a private key corresponding to the public key. (Fig. 9, ¶95, “the controller attaches an electronic signature to the random number included in the message using a private key”).
As per KSR vs Teleflex, combining prior art elements according to known methods (device, product) to yield predictable results may be used to create a prima facie case of obviousness.
It would have been obvious to one of ordinary skill in the art before the effective filing date to have combined the teachings of Cho with the invention of Desai.
Desai teaches, allowing a transaction when a nonce is verified utilizing a public key of a device. Cho teaches, attaching an electronic signature, signed with a private key along with a random number for verification and authentication. Therefore, it would have been obvious to have attaching an electronic signature, signed with a private key along with a random number for verification and authentication of Cho with allowing a transaction when a nonce is verified utilizing a public key of a device of Desai to determine authenticity of the device and providing security prior to allowing a transaction by the device. KSR Int’l v. Teleflex Inc., 127 S. Ct. 1727, 1740-41, 82 USPQ2d 1385, 1396 (2007). 

Referring to Claims 11 and 17:
Regarding Claim 11, rejection of Claim 9 is included and Desai does not teach explicitly
The device of claim 9, the program logic further comprising logic, executed by the processor, for signing the nonce prior to issuing the request to the memory device.
However, Cho teaches,
The device of claim 9, the program logic further comprising logic, executed by the processor, for signing the nonce prior to issuing the request to the memory device. (¶10, Fig. 9, ¶94, “sends the random number to the controller through a Challenge for PKCS message (S910)”, ¶95, “Upon reception of the Challenge for PKCS message, the controller attaches an electronic signature to the random number included in the message”, i.e. a challenge message is sent to sign the nonce).
As per KSR vs Teleflex, combining prior art elements according to known methods (device, product) to yield predictable results may be used to create a prima facie case of obviousness.
It would have been obvious to one of ordinary skill in the art before the effective filing date to have combined the teachings of Cho with the invention of Desai.
Desai teaches, allowing a transaction when a nonce is verified utilizing a public key of a device. Cho teaches, attaching an electronic signature, signed with a private key along with a random number for verification and authentication. Therefore, it would have been obvious to have attaching an electronic signature, signed with a private key along with a random number for verification and authentication of Cho with allowing a transaction when a nonce is verified utilizing a public key of a device to determine authenticity of the device and providing security prior to allowing a transaction by the device. KSR Int’l v. Teleflex Inc., 127 S. Ct. 1727, 1740-41, 82 USPQ2d 1385, 1396 (2007). 

Regarding Claim 17, rejection of Claim 15 is included and Claim 17 is rejected with the same rationale as applied against Claim 7 above.

Claims 5, 8, 12 and 18 are rejected under 35 U.S.C. 103 as being unpatentable over Desai et al. (US PGPUB. # US 2018/0114226, hereinafter “Desai”), and further in view of Collier et al. (US PGPUB. # US 2017/0288867, hereinafter “Collier”).

Regarding Claim 5, rejection of Claim 1 is included and Desai does not teach explicitly,
The method of claim 1, further comprising disallowing, by the computing system, the operation upon unsuccessfully verifying the second nonce.
However, Collier teaches,
The method of claim 1, further comprising disallowing, by the computing system, the operation upon unsuccessfully verifying the second nonce. (Fig. 7(712, 714), ¶47, “The diagnostic authentication program 128 then uses (at block 712) the generated nonce 135 to verify that the decrypted signed nonce contains the original nonce 135 to authenticate that the requesting system 100 is authorized to use diagnostic interface 122”, ¶48, “If (at block 714) the signed nonce is not verified, then control proceeds 704 to deny the request to unlock and access the diagnostic interface 122”, i.e. the operation is denied when the verification of decrypted nonce failed).
As per KSR vs Teleflex, combining prior art elements according to known methods (device, product) to yield predictable results may be used to create a prima facie case of obviousness.
It would have been obvious to one of ordinary skill in the art before the effective filing date to have combined the teachings of Collier with the invention of Desai.
Desai teaches, allowing a transaction when a nonce is verified utilizing a public key of a device. Collier teaches, denying to perform an operation when verifying of decrypted nonce fails. Therefore, it would have been obvious to have denying to perform an operation when verifying of decrypted nonce fails of Collier with allowing a transaction when a nonce is verified utilizing a public key of a device to determine authenticity of the device and providing an access to only authenticated device to perform a transaction. KSR Int’l v. Teleflex Inc., 127 S. Ct. 1727, 1740-41, 82 USPQ2d 1385, 1396 (2007). 

Regarding Claim 12, rejection of Claim 9 is included and Claim 12 is rejected with the same rationale as applied against Claim 5 above.

Regarding Claim 18, rejection of Claim 15 is included and Claim 18 is rejected with the same rationale as applied against Claim 5 above.

Regarding Claim 8, rejection of Claim 1 is included and Desai does not teach explicitly,
The method of claim 1, wherein transmitting the nonce to the memory device comprises transmitting the nonce to a Flash storage device.
However, Collier teaches,
The method of claim 1, wherein transmitting the nonce to the memory device comprises transmitting the nonce to a Flash storage device. (Fig. 1(102), ¶29, “The storage device 102 may comprise a solid state drive (SSD), flash drive, etc.”).
As per KSR vs Teleflex, combining prior art elements according to known methods (device, product) to yield predictable results may be used to create a prima facie case of obviousness.
It would have been obvious to one of ordinary skill in the art before the effective filing date to have combined the teachings of Collier with the invention of Desai.
Desai teaches, allowing a transaction when a nonce is verified utilizing a public key of a device. Collier teaches, denying to perform an operation when verifying of decrypted nonce fails. Therefore, it would have been obvious to have denying to perform an operation when verifying of decrypted nonce fails of Collier with allowing a transaction when a nonce is verified utilizing a public key of a device to determine authenticity of the device and providing an access to only authenticated device to perform a transaction. KSR Int’l v. Teleflex Inc., 127 S. Ct. 1727, 1740-41, 82 USPQ2d 1385, 1396 (2007). 

Claims 6-7, 13-14 and 19-20 are rejected under 35 U.S.C. 103 as being unpatentable over Desai et al. (US PGPUB. # US 2018/0114226, hereinafter “Desai”), and further in view of Nguyen-Huu et al. (US PGPUB. # US 2010/0023757, hereinafter “Nguyen-Huu”).

Referring to Claims 6, 13 and 19:
Regarding Claim 6, rejection of Claim 1 is included and Desai does not teach explicitly
The method of claim 1, further comprising entering, by the computing system, a factory reset mode in response to determining that one or more of a failed decryption of missing device condition has occurred.
However, Nguyen-Huu teaches,
The method of claim 1, further comprising entering, by the computing system, a factory reset mode in response to determining that one or more of a failed decryption of missing device condition has occurred. (¶48, “Once a failed authentication message is received the user must restart the enrollment process to receive a signed public key certificate”, i.e. examiner submits that failed authentication is considered as failed decryption and restart enrollment is considered as reset mode).
As per KSR vs Teleflex, combining prior art elements according to known methods (device, product) to yield predictable results may be used to create a prima facie case of obviousness.
It would have been obvious to one of ordinary skill in the art before the effective filing date to have combined the teachings of Nguyen-Huu with the invention of Desai.
Desai teaches, allowing a transaction when a nonce is verified utilizing a public key of a device. Nguyen-Huu teaches, a user has to reenroll (reset mode) when an authentication fails. Therefore, it would have been obvious to have a user has to reenroll (reset mode) when an authentication fails Nguyen-Huu with allowing a transaction when a nonce is verified utilizing a public key of a device of Desai to avoid a malicious entity performing a transaction. KSR Int’l v. Teleflex Inc., 127 S. Ct. 1727, 1740-41, 82 USPQ2d 1385, 1396 (2007). 

Regarding Claim 13, rejection of Claim 9 is included and Claim 13 is rejected with the same rationale as applied against Claim 6 above.

Regarding Claim 19, rejection of Claim 15 is included and Claim 19 is rejected with the same rationale as applied against Claim 6 above.

Referring to Claims 7, 14 and 20:
Regarding Claim 7, rejection of Claim 6 is included and for the same motivation Desai does not teach explicitly
The method of claim 6, further comprising connecting, by the computing system, to a key management server and downloading a second public key.
However, Nguyen-Huu teaches,
The method of claim 6, further comprising connecting, by the computing system, to a key management server and downloading a second public key. (¶72, “Once the required information is entered, a new link is provided that, when clicked, downloads the private key(s) and the corresponding non-member public key certificate(s) to the non-member end entity 108 associated with the recipient”, ¶73, “corresponding non-member public key certificate(s) by downloading and installing the certificate manager module 120”, i.e. a non-member public key certificate is considered as a second public key which is downloaded).

Regarding Claim 14, rejection of Claim 13 is included and Claim 14 is rejected with the same rationale as applied against Claim 7 above.

Regarding Claim 20, rejection of Claim 19 is included and Claim 20 is rejected with the same rationale as applied against Claim 7 above.

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.  Refer to PTO-892, Notice of References Cited for a listing of analogous art.
	Potter et al. (US # 2022/0131839) discloses, a system includes a first controller configured to generate a network key and transform the network key and a second controller configured to obtain the transformed network key and form a network with the first controller, each of the first controller and the second controller being configured to generate a same symmetric key using the network key and values from the other of the first controller and second controller.
	Kasso et al. (US # 2022/0052849) discloses, techniques for using signed nonces to secure cloud shells are provided. The techniques include receiving, by a session manager service, a request to connect a user device to a secure connection to a secure shell instance. The session manager service may authorize the user device to access the secure shell instance and may configure the secure shell instance, being described by a shell identifier of the secure shell instance. The techniques also include generating, by the session manager service, a nonce token and providing the shell identifier, and a router address of the secure shell router to the user device. The techniques also include generating, by the session manager service, a signed nonce token using the nonce token; and providing the signed nonce token and the shell identifier to a user device.
	Takemori et al. (US # 2019/0068381) discloses, a communication system is provided, including a plurality of terminal devices and a root certification authority. Each of the plurality of terminal devices includes a certification authority key generation unit, a certification authority public key certificate acquisition unit that acquires a certification authority public key certificate, a certification authority key storage unit, a transmission unit, and a verification unit that verifies the certification authority public key certificate with a root certification authority public key certificate, and verifies a user in a case where the verification succeeds. The root certification authority includes a root certification authority key storage unit, a communication unit, and a certification authority public key certificate generation unit that generates the certification authority public key certificate by encrypting the certification authority public key with the root certification authority secret key. The communication unit transmits the certification authority public key certificate to a terminal device.
Yloenen Tatu J (WO # 2013/093209) discloses, means for managing automated access to computers, e.g., using SSH user keys and other kinds of trust relationships. Certain embodiments also provide for managing certificates, Kerberos credentials, and cryptographic keys. Certain embodiments provide for remediating legacy SSH key problems and for automating configuration of SSH keys, as well as for continuous monitoring.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to DARSHAN I DHRUV whose telephone number is (571)272-4316. The examiner can normally be reached M-F 9:00 AM-5:00 PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Yin-Chen Shaw can be reached on 571-272-8878. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/DARSHAN I DHRUV/          Primary Examiner, Art Unit 2498