DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application is being examined under the pre-AIA  first to invent provisions. 
This amendment is in response to claims filed on 6/13/2022.  Claims 1-3, and 5-26 are pending.  This office action is Final.

                                                        Response to Amendment
Applicant's arguments filed 6/13/2022 have been fully considered but they are not persuasive. 
Applicant argues: On page 8, “the office action does not explain why it would have been obvious to use the entirety of Yang’s customer information i.e. the whole message as input to a key generation process, such as the key generation process in Yao”.  Also, states on page 11 of the Applicant’s argument the essentially the same argument.  
Examiner’s response:  Again, the Examiner points out in the non-final rejection mailed on 3/15/2022, the Examiner stated Yang did not explicitly disclose using a key generation method that is at least collision resistant with respect to messages input to the key generation method”. Thus, Examiner stated that Yao disclosed the limitation above, and the motivation is to utilize a keyed hash function accepting a data string and original key as inputs to generate a new unique key in defending against replay attacks (Yao: para. 0002, 0131).
Applicant argues: On pages 8-11 of the Applicant’s arguments, that the prior art of Yang does not disclose a whole first message, and just part of the message which is the customer information”.
Examiner’s response: Yang discloses the first customer information #61 comprises the first customer ID 61a, thus Yan specifically discloses when the first customer information #61 is certified, the first customer information #61 includes a first customer ID 61a is transmitted to a MAC generation unit #65 (Yang: para. 0030, See Fig. 6).  Thus, the Examiner asserts the first customer information #61 includes the first customer ID 61a, which is the whole message.  Thus, the Applicant’s argument is moot.
Applicant argues: On page 10, “Yao’s key generation process includes challenge information, received from another node, existing key information, and random number information”.  Further, the Applicant states that “Yang’s procedure uses customer information, and Yao’s procedure is to generate a shared key for use by two devices transmitting encrypted information to one another”.  
Examiner’s response:  In response to applicant's arguments against the references individually, one cannot show nonobviousness by attacking references individually where the rejections are based on combinations of references.  See In re Keller, 642 F.2d 413, 208 USPQ 871 (CCPA 1981); In re Merck & Co., 800 F.2d 1091, 231 USPQ 375 (Fed. Cir. 1986).
The rejection is based on a combination of Yao with Yang.  The Applicant states that nowhere in Yao does it state the “key generated is used to generate a MAC from the same data used to generate the key”.   
On page 3 of the non-final rejection mailed on 3/15/2022, on page 3 it states that “Yao discloses a key generation method that is at least collision-resistant with respect to messages input to the key generation method”.  Yao was not used to reject “the MAC based on the generated key and the whole first message”.  Thus, the Applicant’s argument is moot.
Yang discloses on page 3 of the non-final rejection, “a MAC generator circuit configured to produce the message authentication code based on the generated key and the whole first message” (Yang: para. 0030, Figs. 6-7, the MAC generation unit 65 generates a first MAC 67 based on the root key and the first customer information).  


Claim Rejections - 35 USC § 103
The following is a quotation of pre-AIA  35 U.S.C. 103(a) which forms the basis for all obviousness rejections set forth in this Office action:
(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in section 102, if the differences between the subject matter sought to be patented and the prior art are such that the subject matter as a whole would have been obvious at the time the invention was made to a person having ordinary skill in the art to which said subject matter pertains. Patentability shall not be negatived by the manner in which the invention was made.


Claims 1-2, 12, 15-17, and 20 are rejected under pre-AIA  35 U.S.C. 103(a) as being unpatentable over Yang et al (2009/0193261) in view of Yao (2011/0066856).
As per claim 1, Yang discloses an apparatus for producing a message authentication code based on a first message and an original key, comprising:
a key generator circuit configured to produce a generated key based on the original key and the whole first message (Yang: par. 0030; Figs. 6-7; operation unit 64 acquires the first customer ID from the register 62, and a HU key to generate a root key); and 
a message authentication code (MAC) generator circuit configured to produce the message authentication code based on the generated key and the whole first message (Yang: pars. 0030; Figs. 6-7; the MAC generation unit 65 generates a first MAC 67 based on the root key and the first customer information 61 [including customer ID]). 
Yang does not explicitly disclose using a key generation method that is at least collision-resistant with respect to messages input to the key generation method.
However, analogous art of Yao discloses a key generation method that is at least collision-resistant with respect to messages input to the key generation method (Yao: para. 0131, “data string [i.e., message] is operated on by a keyed hash function [collision resistance is a property of a keyed hash function] that is keyed by the key information;” “the output of the keyed hash function is used as the new key;” [the new key is generated using a keyed hash function (i.e., collision-resistant) accepting messages as an input]).  
Therefore, it would have been obvious to a person of ordinary skill in the art before the invention was made to combine the teachings of Yao with the system/method of Yang to include a key generation method that is at least collision-resistant with respect to messages input to the key generation method.  One would have been motivated to utilize a keyed hash function accepting data string and original key as inputs to generate a new unique shared key in defending against replay attacks (Yao: pars. 0002 and 0131). 
As per claim 2, Yang and Yao disclose the apparatus according to claim 1.
Yang further discloses wherein the key generator circuit is configured to produce the generated key by using a cryptographic encryption algorithm (Yang: par. 0030; Figs. 5-6; generated key is the root key).
As per claim 12, Yang and Yao the apparatus according to claim 1.
Yang further discloses wherein the message authentication code generator circuit is configured to perform a hash calculation for the first message to produce the message authentication code (Yang: par. 0032; Figs. 6-7; hashing the customer information to produce a MAC).
As per claim 15, Yang discloses an apparatus for checking correctness and authenticity of a first message, comprising:
a key generator circuit configured to produce a generated key based on the original key and the whole first message (Yang: par. 0030; Figs. 6-7; operation unit 64 acquires the first customer ID from the register 62, and a HU key to generate a root key);
a message authentication code (MAC) generator circuit configured to produce the message authentication code based on the generated key and the whole first message (Yang: pars. 0030; Figs. 6-7; the MAC generation unit 65 generates a first MAC 67 based on the root key and the first customer information 61 [including customer ID]); and 
a comparison circuit (Yang: Figs. 5 and 7; MAC comparator 79) configured to check the message authentication code and a received message authentication code for a match in order to check correctness and authenticity of the message (Yang: pars. 0028-0029 and 0031; Figs. 5 and 7; MAC comparator 79 authenticates a flash program of the external flash memory 71 by determining whether the generated third MAC 75 is the same as the second MAC 73 stored in the external flash memory 71), and an apparatus for checking correctness and authenticity of a whole first message (Yang: pars. 0028-0029 and 0031; Figs. 5 and 7; step S514; determining whether the generated third MAC 75 is the same as the second MAC 73 stored in the external flash memory 71).

Yang does not explicitly disclose using a key generation method that is at least collision-resistant with respect to messages input to the key generation method.
However, analogous art of Yao discloses a key generation method that is at least collision-resistant with respect to messages input to the key generation method (Yao: para. 0131, “data string [i.e., message] is operated on by a keyed hash function [collision resistance is a property of a keyed hash function] that is keyed by the key information;” “the output of the keyed hash function is used as the new key;” [the new key is generated using a keyed hash function (i.e., collision-resistant) accepting messages as an input]).  
Therefore, it would have been obvious to a person of ordinary skill in the art before the invention was made to combine the teachings of Yao with the system/method of Yang to include a key generation method that is at least collision-resistant with respect to messages input to the key generation method. One would have been motivated to utilize a keyed hash function accepting data string and original key as inputs to generate a new unique shared key in defending against replay attacks (Yao: pars. 0002 and 0131). 
As per claim 16, Yang discloses a method for producing a message authentication code based on a first message and an original key, the method comprising: 
producing a generated key based on the original key and the whole first message (Yang: pars. 0030-0032; Figs. 6-7; root key based on the HU key and the first message/first customer information/customer ID); and  
producing the message authentication code (MAC) based on the generated key and the whole first message (Yang:  pars. 0030-0032; Figs. 6-7; MAC #67 based on root key and the first customer information/customer ID).

Yang does not explicitly disclose using a key generation method that is at least collision-resistant with respect to messages input to the key generation method.
However, analogous art of Yao discloses a key generation method that is at least collision-resistant with respect to messages input to the key generation method (Yao: para. 0131, “data string [i.e., message] is operated on by a keyed hash function [collision resistance is a property of a keyed hash function] that is keyed by the key information;” “the output of the keyed hash function is used as the new key;” [the new key is generated using a keyed hash function (i.e., collision-resistant) accepting messages as an input]).  
Therefore, it would have been obvious to a person of ordinary skill in the art before the invention was made to combine the teachings of Yao with the system/method of Yang to include a key generation method that is at least collision-resistant with respect to messages input to the key generation method. One would have been motivated to utilize a keyed hash function accepting data string and original key as inputs to generate a new unique shared key in defending against replay attacks (Yao: pars. 0002 and 0131). 
As per claim 17, Yang and Yao discloses the method according to claim 16, Yang further discloses wherein the generated key is produced by using a cryptographic encryption algorithm (Yang: par. 0030; Fig. 6; operation unit 64 generates root key based on customer ID and HU key).



As per claim 20, Yang and Yao discloses the method according to claim 16, Yang further discloses comprising checking the message authentication code and a received message authentication code for a match in order to check correctness and authenticity of the whole first message (Yang: pars. 0028-0029 and 0031; Figs. 5 and 7; step S514; determining whether the generated third MAC 75 is the same as the second MAC 73 stored in the external flash memory 71).
Claims 3, 7-8, and 18 are rejected under pre-AIA  35 U.S.C. 103(a) as being unpatentable over Yang et al (US 2009/0193261) in view of Yao (2011/0066856) and further in view Brown et al (US 2005/0254658).
As per claim 3, Yang and Yao discloses the apparatus according to claim 1.
Yang and Yao disclose generating key based on input message as recited above, but do not explicitly disclose wherein the key generator circuit is configured to produce the generated key by a hash calculation for the whole first message.
However, analogous art of Brown discloses a system wherein the key generator is configured to produce the generated key by a hash calculation for the whole first message (Brown: pars. 0010-0012; the session key/generated key is generated based on a hash of the message/first message).
Therefore, it would have been obvious to a person of ordinary skill in the art before the invention was made to combine the teachings of Brown with the system/method of Yang and Yao to include a system wherein the key generator is configured to produce the generated key by a 


hash calculation for the first message. One would have been motivated to generating a unique key based on entire input message using a key hash function (Brown: par. 0011).   
As per claim 7, Yang and Yao discloses the apparatus according to claim 1.
Yang and Yao do not explicitly disclose wherein the key generator circuit is configured to use AES encryption for producing the generated key.
However, analogous art of Brown discloses a system wherein the key generator circuit is configured to use AES encryption for producing the generated key (Brown: para. 0039; AES is used to generate key/session key). 
Therefore, it would have been obvious to a person of ordinary skill in the art before the invention was made to combine the teachings of Brown with the system/method of Yang and Yao to include a system wherein the key generator circuit is configured to use AES encryption for producing the generated key. One would have been motivated to include a system wherein the key generator circuit is configured to use AES encryption for producing the generated key, because the hash algorithm utilizing conventional AES encryption algorithm (Brown: par. 0039).  
As per claim 8, Yang and Yao discloses the apparatus according to claim 1.
Yang and Yao do not explicitly disclose wherein the key generator circuit is configured to apply AES.sub.k(H(M)), where M denotes the whole first message, H(M) denotes the hash calculation of the whole first message M, k denotes the original key and AES.sub.k denotes an AES encryption using the original key k.
However, analogous art of Brown discloses a system wherein the key generator is configured to apply AES.sub.k(H(M)), where M denotes the first message, H(M) denotes the hash 

calculation of the first message M, k denotes the original key and AES.sub.k denotes an AES encryption using the original key k (Brown: pars. 0034 and 0037; AES to encrypt the message m, the hash of a message m will be represented by H(m)). 
Therefore, it would have been obvious to a person of ordinary skill in the art before the invention was made to combine the teachings of Brown with the system/method of Yang and Yao to include a system wherein the key generator is configured to apply AES.sub.k(H(M)), where M denotes the first message, H(M) denotes the hash calculation of the first message M, k denotes the original key and AES.sub.k denotes an AES encryption using the original key k. One would have been motivated to use the key that is generated based on the hash of the message which can be represented as H(M), hashing the message to generate the key insures that the key is unique utilizing conventional AES cryptography algorithm (Brown: pars. 0034-0035, 0037).   
As per claim 18, Yang and Yao discloses the method according to claim 16.
Yang and Yao do not explicitly disclose wherein the generated key is produced by a hash calculation for the whole first message.
However, analogous art of Brown discloses a system wherein the generated key is produced by a hash calculation for the first message (Brown: pars. 0034 and 0037; AES to encrypt the message m, the hash of a message m will be represented by H(m)). 
Therefore, it would have been obvious to a person of ordinary skill in the art before the invention was made to combine the teachings of Brown with the system/method of Yang and Yao to include a system wherein the generated key is produced by a hash calculation for the first message.  One would have been motivated to generating a unique key based on entire input message using a key hash function (Brown: par. 0011). 
Claim 5 is rejected under pre-AIA  35 U.S.C. 103 (a) as being anticipated by Yang et al (2009/0193261) in view of Yao (2011/0066856) and further in view Neumann et al. (US 2010/0158246).  
As per claim 5, Yang and Yao disclose the apparatus according to claim 1. 
Yang and Yao do not explicitly disclose entropy of the generated key is not lower than the entropy of the original key.
However, analogous art of Neumann discloses a system wherein entropy of the generated key is not lower than the entropy of the original key (Neumann: pars. 0028 and 0040, entropy of the generated key (i.e. session key) is higher entropy than the seed (i.e. original key)).
Therefore, it would have been obvious to a person of ordinary skill in the art before the invention was made to combine the teachings of Neumann with the system/method of Yang and Yao to include entropy of the generated key is not lower than the entropy of the original key. One would have been motivated to generate a session key with high entropy to secure to secure messaging (Neumann: par. 0028). 

Claims 13-14, and 19 are rejected under pre-AIA  35 U.S.C. 103(a) as being anticipated by Yang et al (2009/0193261) in view of Yao (2011/0066856) and further in view Sherkin et al (2008/0114983).
As per claim 13, Yang and Yao disclose the apparatus according to claim 12.


Yang and Yao do not explicitly disclose wherein the message authentication code generator circuit is configured to use a first XOR operation to logically combine the generated key with a first constant, and use a second XOR operation to logically combine the generated key with a second constant.
However, analogous art of Sherkin discloses a system wherein the message authentication code generator is configured to use a first XOR operation to logically combine the generated key with a first constant, and use a second XOR operation to logically combine the generated key with a second constant (Sherkin: pars. 0018-0019; HMAC/message authentication code generator configured to use a XOR that is represented as .sym./first XOR operation logically combined with the generated key/K with a first constant/opad, and a second XOR/.sym. to logically combine with the generated key/K with a second constant/ipad).
Therefore, it would have been obvious to a person of ordinary skill in the art before the invention was made to combine the teachings of Sherkin with the system/method of Yang and Yao to include a system wherein the message authentication code generator is configured to use a first XOR operation to logically combine the generated key with a first constant, and use a second XOR operation to logically combine the generated key with a second constant. One would have been motivated, because the hash value is large enough so that a random value will not be valid (Sherkin: para. 0017-0018).
As per claim 14, Yang, Yao and Sherkin disclose the apparatus according to claim 13.   Sherkin further discloses wherein the message authentication code generator circuit is configured to apply HMAC.sub.k'(M)=H((k'.sym.opad).parallel.H((k'.sym.ipad).parallel.M)) in order to calculate the message authentication code, where M is the whole first message, k' is the generated key, .sym. is an XOR operation, .parallel. is a concatenation and H is a hash operation (Sherkin: see 0018-0019). 
The motivation is the same that of claim 13 above.

As per claim 19, Yang and Yao discloses the method according to claim 16.
            Yang and Yao do not explicitly disclose wherein the message authentication code is calculated by applying AC.sub.k'(M)=H((k'.sym.opad).parallel.H((k'.sym.ipad).parallel.M)), where M is the whole first message, k' is the generated key, .sym. is an XOR operation, .parallel. is a concatenation and H is a hash operation. 
            However, analogous art of Sherkin discloses a system wherein the message authentication code is calculated by applying HMAC.sub.k'(M) = H((k'.sym.opad).parallel.H((k'.sym.ipad).parallel.M)),  where M is the whole first message, k' is the generated key, .sym. is an XOR operation, .parallel. is a concatenation and H is a hash operation (Sherkin: pars. 0018-0019).
	Therefore, it would have been obvious to a person of ordinary skill in the art before the invention was made to combine the teachings of Sherkin with the system/method of Yang and Yao to include a system wherein the message authentication code is calculated by applying HMAC.sub.k'(M)=H((k'.sym.opad).parallel.H((k'.sym.ipad).parallel.M)), where M is the whole first message, k' is the generated key, .sym. is an XOR operation, .parallel. is a concatenation and H is a hash operation. 	One would have motivated to use a MAC that is well-known in the art that includes two inputs using the HMAC algorithm that is well-known algorithm that enables a hash to be produced without knowledge of the secret key (Sherkin: para. 0017-0018).

Claim 9 is rejected under pre-AIA  35 U.S.C. 103(a) as being unpatentable over Yang et al (2009/0193261) in view of Yao (2011/0066856) and further in view of Okeya (2007/0245147).
 	   As per claim 9, Yang and Yao discloses the apparatus according to claim 1.
Yang and Yao do not explicitly disclose wherein the key generator circuit is configured to protect against side channel attacks during the production of the generated key.
However, analogous art of Okeya discloses a system wherein the key generator is configured to protect against side channel attacks during the production of the generated key (Okeya: pars. 0009 0073, and 0077, key generator (i.e. block cipher) against side channel attacks).
Therefore, it would have been obvious to a person of ordinary skill in the art before the invention was made to combine the teachings of Okeya with the system/method of Yang and Yao to include the key generator circuit is configured to protect against side channel attacks during the production of the generated key. One would have been motivated, because the values into the exclusive-OR during the process are concealed and disturbed by using the disturbance information (R), and the side channel attack is invalidated (Okeya: see 0079).

Claims 10-11 are rejected under pre-AIA  35 U.S.C. 103(a) as being unpatentable over Yang et al (2009/0193261), in view of Yao (2011/0066856) and in view of Okeya (2007/024517), and further in view of Benteo (2010/0262840).
As per claim 10, Yang, Yao, and Okeya disclose the apparatus according to claim 9.

Yang further discloses produce the generated key based on the original key and the message as disclose above (Yang: par. 0030; Figs. 6-7; operation unit 64 acquires the first customer ID from the register 62, and a HU key to generate a root key, customer ID (i.e. message);  
Yang, Yao, and Okeya do not explicitly disclose wherein the key generator is configured to perform a masking operation for the whole first message in order to obtain a masked message, and produce the generated key based on the original key and the masked message.
However, analogous art of Benteo discloses wherein the key generator is configured to perform a masking operation for the whole first message in order to obtain a masked message, and produce the generated key based on the original key and the masked message (Benteo: pars. 0009, 0059, and 0091; generated key/K2 based on the original key/K and the masked message/M).
Therefore, it would have been obvious to a person of ordinary skill in the art before the invention was made to combine the teachings of Benteo with Yang, Yao, and Okeya to include the key generator is configured to perform a masking operation for the whole first message in order to obtain a masked message, and produce the generated key based on the original key and the masked message. One would have been motivated combat attacks thereby masking the messages to prevent side channel and differential analysis attacks (Benteo: para. 0009).
As per claim 11, Yang, Yao, Okeya, and Benteo disclose the apparatus according to claim 10.
Benteo further discloses wherein the masking operation comprises XORing, of the whole first message with a bit string (Benteo: par. 0058-0060).
The motivation is the same that of claim 10 above.

Claims 21-26 are rejected under pre-AIA  35 U.S.C. 103(a) as being unpatentable over Yang et al (2009/0193261) in view of Yao (2011/0066856) and further in view of Vauclair (2009/0222667).

     	As per claim 21, Yang and Yao disclose the apparatus of claim 1.
     	Yang and Yao disclose generating key using keyed hash function receiving first message as an input (i.e., collision free; that means different inputs resulting different outputs); However, Yang and Yao do not explicitly state that the key generation method is such that it is not possible to generate the same generated key for two different possible first messages.
    	However, analogous art of Vauclair discloses wherein the key generation method is such that it is not possible to generate the same generated key for two different possible first messages (Vauclair: para. 00159-0160, 0195, different messages X, X’, different keys h, and K).
  	Therefore, it would have been obvious to a person of ordinary skill in the art before the invention was made to combine the teachings of Vauclair with the system/method of Yang and Yao to include the key generation method is such that it is not possible to generate the same generated key for two different possible first messages. One would have been motivated, because having two distinct inputs will not produce the same output, this is collision resistant and an efficient security measure to prevent to the key from leaking (Vauclair: par. 0159).

As per claim 22, Yang and Yao discloses the apparatus of claim 1.
Yang and Yao disclose generating key using keyed hash function receiving first message as an input (i.e., collision free; that means different inputs resulting different outputs); However, 
Yang and Yao do not explicitly state that the key generation method is such that it is not possible to generate the same generated key for two different possible first messages, with an unknown original key.
However, analogous art of Vauclair discloses the key generation method is such that it is not possible to generate the same generated key for two different possible first messages, with an unknown original key (Vauclair: para. 00159-0160, 0195, different messages X, X’, different keys h, and K).  Therefore, it would have been obvious to a person of ordinary skill in the art before the invention was made to combine the teachings of Vauclair with the system/method of Yang and Yao to include the key generation method is such that it is not possible to generate the same generated key for two different possible first messages, with an unknown original key.  One would have been motivated, because that having two distinct inputs will not produce the same output, this is collision resistant and an efficient security measure to prevent to the key from leaking (Vauclair: par. 0159).

As per claims 23-24, and 25-26 are rejected under similar scope as claims 21-22 respectively.





Claim Objections
Claim 6 is objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims.

Conclusion
THIS ACTION IS MADE FINAL.  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to JENISE E JACKSON whose telephone number is (571)272-3791.  The examiner can normally be reached on M-F 8:00am-4:30pm.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Luu T Pham can be reached on (571)270-5002.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.


9/22/2022
/J.E.J/Examiner, Art Unit 2439    



/LUU T PHAM/Supervisory Patent Examiner, Art Unit 2439