DETAILED ACTION
Examiner's Note:  The Examiner has pointed out particular references contained in the prior art of record within the body of this action for the convenience of the Applicant.  Although the specified citations are representative of the teachings in the art and are applied to the specific limitations within the individual claim, other passages and figures may apply.  Applicant, in preparing the response, should consider fully the entire reference as potentially teaching all or part of the claimed invention, as well as the context of the passage as taught by the prior art or disclosed by the Examiner.

****In the interests of moving prosecution forward in the application, the examiner suggests that applicant consider the feature in paragraph: 0003 lines 4 – 7 of the specification as filed. 

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Response to Arguments
Applicant’s remarks 09/15/2022 have been fully considered. 
Regarding claim[s] 1 – 3, 6, 7, 9, 10, 12, 13, 15 – 28 under the various obviousness rejections, applicant’s remarks are moot because the new ground of rejection does not rely on any reference applied in the prior rejection of record for any teaching or matter specifically challenged in the argument. Therefore, see the office action below. 
The examiner will respond to all other remarks that do not concern the prior art rejections, if any, in the office action below. 
Response to Amendment
Status of the instant application:
Claim[s] 1 – 3, 6, 7, 9, 10, 12, 13, 15 – 28 are pending in the instant application. 
Regarding claim[s] 1 – 3, 6, 7, 9, 10, 12, 13, 15 – 28 under the various obviousness rejections, applicant’s claim amendments have been considered, therefore, the rejections are withdrawn. However, there are new prior art rejections issued to address applicant’s newly added claim limitations in the office action below. 
Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459 (1966), that are applied for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or non-obviousness.
Claim[s] 1, 16, 21 – 23, 25, 26 is/are rejected under 35 U.S.C. 103 as being unpatentable over Appenzeller et al. [US PGPUB # 2006/0010324] in view of Rose [US PGPUB # 2003/0169882], further in view of Little et al. [US PAT # 8112794]
As per claim 1. Appenzeller does teach a method [paragraph: 0006, It is an object of the present invention to provide secure messaging systems that use symmetric keys to facilitate secure communications] comprising:
………and that was derived by the first computing device based on application of the key derivation algorithm to the master key [Figure # 3 and paragraph: 0077, At step 58, the recipient (recipient C in this example) [i.e. applicant’s first computing device] receives the message over communications network 14. The message may be received by the recipient's client software running on the recipient's equipment 12.
Then at paragraph: 0078, If the recipient's client software has a copy of an appropriate derived key [i.e. applicant’s master key] available in a local cache, the client software may use that derived key to decrypt the message. If the derived key is not available locally, the recipient may obtain a copy of the derived key [i.e. applicant’s master key] from organization 18. 
Then at paragraph: 0079, In particular, at step 60, the recipient may generate a derived-key request and may provide the derived key request to the decryption server 24. Any suitable arrangement may be used to make the derived key request. For example, the client of sender A or the gateway 22 may automatically include a clickable link (e.g., a web link) in the outgoing message. When recipient C receives the message, instructions in the message may prompt recipient C to click on the link. Clicking on the link may instruct recipient C's web browser or other suitable client software to transmit certain information in the link to a particular web address over communications network 14. The information that is transmitted may include recipient identity information and may serve as a derived key request. The web address may be associated with decryption server 24. This is merely one illustrative way in which a derived key request may be provided to decryption server 24. Any suitable arrangement may be used if desired. 
	Then at paragraph: 0082, After the decryption server 24 obtains the derived key [i.e. applicant’s master key] for recipient C from key generator 20 [i.e. applicant’s based on application of key derivation algorithm] at step 64, the decryption server 24 may provide the derived key to recipient C over communications network 14 at step 66. The decryption server 24 may provide the derived key to recipient C securely by using the secure communications channel that was established at step 62 (e.g., over the SSL link). 
Where at Figure # 4 and paragraph: 0083, At step 68, recipient C  [i.e. applicant’s first computing device] receives the derived symmetric key [i.e. applicant’s master key] from the decryption server 24  over the secure communications channel. The recipient may then use decryption engine 34 to decrypt the encrypted message (i.e., to decrypt the ciphertext) [i.e. applicant’s authenticating the user device based on the message]. The inputs to decryption engine 34 are the encrypted version of the message (i.e., the ciphertext) and the derived key of recipient C. The output of the decryption engine 34 is the unencrypted version of the message contents.].
	Appenzeller does not teach clearly receiving, by the second computing device from a first computing device different from the user device, a second key that is different from the first key and the master key…; 
	deriving, by the second computing device based on application of the key derivation algorithm to the second key, a derived key; and
	authenticating, by the second computing device the user device based on the message and the derived key. 
	However, Rose does teach receiving, by the second computing device from a first computing device different from the user device, a second key that is different from the first key and the master key… [paragraph: 0034, lines 3 – 11, The mobile station key K [i.e. applicant’s second key] is also known to the Authentication Center, and might be transmitted through the telephone switching network to the Base Station, which transmission is presumed secure, so that it is known at both stations [i.e. applicant’s first/second computing devices]. This might be a long-term key as used in the North American IS-41 mobile phone system, a temporary key [i.e. applicant’s derived key] derived from such a long-term key [i.e. applicant’s second key], or a temporary key such as is sent in the European GSM system]; 
	deriving, by the second computing device based on application of the key derivation algorithm to the second key, a derived key [paragraph: 0014, The above and other objects are achieved, according to the present invention, by a method for permitting encrypted communications between two stations [i.e. applicant’s first and second computing device] which are operable with encryption algorithms that accept encryption keys having work factors with respectively different values, comprising:. Where at paragraph: 0019, performing a hash function [i.e. applicant’s first/second computing device key derivation algorithm] on the initial encryption key [i.e. applicant’s first key] to produce a first output, and deriving from the first output a first intermediate key having a work factor value not greater than the lower one of the different work factor values determined in the determining step.
	Then at paragraph: 0020, performing a hash function [i.e. applicant’s based on application of the key derivation algorithm] on the first intermediate key [i.e. applicant’s second key] to produce a second output, and deriving from the second output a final encryption key [i.e. applicant’s a derived key] having a work factor value not greater than the lower one of the different work factor values determined in said determining step]; and
	authenticating, by the second computing device the user device based on the message and the derived key [paragraph: 0031, lines 7 – 11, All of the structural components illustrated in FIG. 1 are already known in the art, the basic difference between the known that works in the present invention resides in the manner in which data is encrypted for transmission [i.e. applicant’s message] from a transmitting station [i.e. applicant’s user device] and decrypted with a key [i.e. applicant’s derived key] upon reception [i.e. applicant’s authenticating] by an authorized receiving station [i.e. applicant’s second computing device].]. 
	It would have been obvious to one of ordinary skilled in the art before the effective filing date of the claimed invention to combine the teachings of Appenzeller and Rose in order for the encrypting sensitive electronic communications such as email messages to prevent unauthorized access to such messages between senders and recipients with encryption capabilities and may or may not have existing relationships with the other parties and organizations of Appenzeller to include determining the encryption key capabilities of communication parties through an assessment of the encryption key work factors of the communicating parties of Rose. This would allow for continuing of the communications/messages of sensitive information between parties by using an agreed upon encryption key that is usable by all communicating parties before securing and sending an encrypted communication/message to the other party. See paragraphs: 0012, 0022 of Rose.
Appenzeller and Rose do not clearly teach receiving, by a second computing device from a user device, a message based on a first key that was derived by the user device based on application of a key derivation algorithm to a master key. 
However, Little does teach receiving, by a second computing device from a user device, a message based on a first key that was derived by the user device based on application of a key derivation algorithm to a master key [col. 8, lines 55 – 67 and col. 9, line 1, Once the secure pairing is completed, the connecting device 10, 20, 30, or 100 and the access device 104 may negotiate any further communications protocols for the wireless communication link 16, 26, 36, or 106. As described above, the access device 104 and the connecting user device 10, 20, 30 or 100 may have established a master connection key for deriving further connection keys for use in transmitting data, using key establishment protocols known in the art. Thus, the master connection key data may comprise the secure pairing key described above, or it may comprise the secure pairing key along with a further seed value, generated by either the connecting user device 10, 20, 30, or 100 or the access device 104, and transmitted to the access device or the connecting user device.].
It would have been obvious to one of ordinary skilled in the art before the effective filing date of the claimed invention to combine the teachings of Appenzeller as modified and Little in order for the encrypting sensitive electronic communications such as email messages to prevent unauthorized access to such messages between senders and recipients with encryption capabilities and may or may not have existing relationships with the other parties and organizations of Appenzeller as modified to include determining the encryption key capabilities of communication parties through an assessment of the encryption key work factors of the communicating parties of Little. This would allow for continuing of the communications/messages of sensitive information between parties by using an agreed upon encryption key that is usable by all communicating parties before securing and sending an encrypted communication/message to the other party. See col. 6, lines 39 – 50 of Little. 
As per claim 16. Appenzeller as modified does teach a method [Appenzeller, paragraph: 0006, It is an object of the present invention to provide secure messaging systems that use symmetric keys to facilitate secure communications] comprising:
receiving, by the second computing device from a user device, a message based on a first key [Appenzeller, Figure # 3, and paragraph: 0068, At step 46, sender A [i.e. applicant’s user device/second computing device] sends the message to the recipient [i.e. applicant’s user device/user device i.e. applicant’s user device/second computing device]. As an example, sender A's email client may send an email message [i.e. applicant’s a message] [i.e. applicant’s receiving, by a second computing device from a user device, a message] that is addressed to the recipient B over intranet 16. 
Where further of Appenzeller, at paragraph: 0070, The outbound message from the sender may be received by the gateway 22 at step 48. The gateway may have message management software or other suitable software that is used to implement policies such as encryption policies, virus scanning policies, archiving policies, etc. The gateway can use these policies and message attribute information such as message content information, source and destination address information, header information, etc. to determine how to handle each message. For example, the gateway can examine the domain name portion of each recipient's email address to determine whether or not a particular message should be encrypted. 
Where further of Appenzeller, at paragraph: 0053, lines 8 – 12, The sender A sends each message through gateway 22. Gateway 22 uses encryption engine 28 to encrypt each message using a symmetric key. The symmetric key is derived from the master key 26 by the key generator 20 and is therefore referred to as a "derived key."
Then of Appenzeller, at paragraph: 0071, lines 1 – 5, Any suitable encryption policies may be implemented using gateway 22. For example, gateway 22 may encrypt all outgoing messages, may encrypt messages being sent to a particular recipient or list of recipients (i.e., particular customers) [i.e. applicants based on a first key]], wherein the first key was derived by the user device based on the master key [Little, col. 8, lines 55 – 67 and col. 9, line 1, Once the secure pairing is completed, the connecting device 10, 20, 30, or 100 [i.e. applicant’s user device] and the access device 104 may negotiate any further communications protocols for the wireless communication link 16, 26, 36, or 106. As described above, the access device 104 and the connecting user device 10, 20, 30 or 100 may have established a master connection key for deriving further connection keys for use in transmitting data, using key establishment protocols known in the art. Thus, the master connection key data may comprise the secure pairing key described above, or it may comprise the secure pairing key along with a further seed value, generated by either the connecting user device 10, 20, 30, or 100 or the access device 104, and transmitted to the access device or the connecting user device.] as an initial input to a first quantity of iterations of the key derivation algorithm [Appenzeller, at paragraph: 0053, lines 8 – 12, The sender A sends each message through gateway 22. Gateway 22 uses encryption engine 28 to encrypt each message using a symmetric key. The symmetric key is derived from the master key 26 [i.e. applicant’s master key] by the key generator 20 and is therefore referred to as a "derived key. [i.e. applicants based on a first key]"
Then further of Appenzeller, at paragraph: 0071, lines 1 – 5, Any suitable encryption policies may be implemented using gateway 22. For example, gateway 22 may encrypt all outgoing messages, may encrypt messages being sent to a particular recipient or list of recipients (i.e., particular customers) [i.e. applicants based on a first key]], wherein the first key is different from the second key and different from the master key [Appenzeller, paragraph: 0007, lines 2 – 8, derived keys are specific to each recipient – but derived by HMAC function to a master key]…………;
and wherein the first quantity is greater than the third quantity [Appenzeller, paragraph: 0091, A diagram of an illustrative system 10 in which a hierarchical architecture has been used for the key generators is shown in FIG. 5. Super key generator 70 [i.e. applicant’s first quantity] has a master key 72. Super key generator 70 is operated by an organization 18 (FIG. 1) and may be used to derive sub-master keys [i.e. applicant’s third quantity] for the various units of the organization. In FIG. 5, two organizational units are shown--unit E and unit F. In general, an organization may have any suitable number of units.];
Appenzeller does not teach clearly deriving, by a second computing device without access to a master key, and based on a second key as an initial input to a third quantity of iterations of a key derivation algorithm, a derived key; and
	authenticating, by the second computing device, the user device based on the derived key and the message.
	However, Rose does teach deriving, by a second computing device without access to a master key, and based on a second key as an initial input to a third quantity of iterations of a key derivation algorithm, a derived key [paragraph: 0014, The above and other objects are achieved, according to the present invention, by a method for permitting encrypted communications between two stations [i.e. applicant’s first and second computing device] which are operable with encryption algorithms that accept encryption keys having work factors with respectively different values, comprising:. Where at paragraph: 0019, performing a hash function [i.e. applicant’s first/second computing device key derivation algorithm] on the initial encryption key to produce a first output, and deriving from the first output a first intermediate key having a work factor value not greater than the lower one of the different work factor values determined in the determining step.
Then at paragraph: 0020, performing a hash function [i.e. applicant’s key derivation algorithm] on the first intermediate key to produce a second output [i.e. applicant’s and based on a second key as an initial input to a third quantity of iterations of a key derivation algorithm], and deriving from the second output a final encryption key [i.e. applicant’s a derived key – third quantity of iterations] having a work factor value not greater than the lower one of the different work factor values determined in said determining step]; and
	authenticating, by the second computing device, the user device based on the derived key and the message [paragraph: 0031, lines 7 – 11, All of the structural components illustrated in FIG. 1 are already known in the art, the basic difference between the known that works in the present invention resides in the manner in which data is encrypted for transmission [i.e. applicant’s message] from a transmitting station [i.e. applicant’s user device] and decrypted with a key [i.e. applicant’s derived key] upon reception [i.e. applicant’s authenticating] by an authorized receiving station [i.e. applicant’s second computing device].].
It would have been obvious to one of ordinary skilled in the art before the effective filing date of the claimed invention to combine the teachings of Appenzeller and Rose in order for the encrypting sensitive electronic communications such as email messages to prevent unauthorized access to such messages between senders and recipients with encryption capabilities and may or may not have existing relationships with the other parties and organizations of Appenzeller to include determining the encryption key capabilities of communication parties through an assessment of the encryption key work factors of the communicating parties of Rose. This would allow for continuing of the communications/messages of sensitive information between parties by using an agreed upon encryption key that is usable by all communicating parties before securing and sending an encrypted communication/message to the other party. See paragraphs: 0012, 0022 of Rose.
Regarding claim 21. Appenzeller does teach the method of claim 1, wherein the message based on the first key comprises the message comprising the first key or a hash based on the first key [Appenzeller, paragraph: 0012, lines 1 – 2, For example, the key generator may apply an HMAC function to a master key and recipient ID to produce a derived key] or a secure message authentication code based on the first key.
Regarding claim 22.  Appenzeller as modified does teach the method of claim 1, wherein the authenticating based on the message and the derived key comprises authenticating the user device based on a comparison of the message [Appenzeller, Figure # 4 and paragraph: 0083, At step 68, recipient C receives the derived symmetric key [i.e. applicant’s derived key] from the decryption server 24 over the secure communications channel. The recipient may then use decryption engine 34 to decrypt the encrypted message (i.e., to decrypt the ciphertext) [i.e. applicant’s authenticating the user device based on a comparison of the message]. The inputs to decryption engine 34 are the encrypted version of the message (i.e., the ciphertext) and the derived key of recipient C. The output of the decryption engine 34 is the unencrypted version of the message contents.] and
a value generated by the second computing device based on the derived key [Little, col. 8, lines 55 – 67 and col. 9, line 1, Once the secure pairing is completed, the connecting device 10, 20, 30, or 100 [i.e. applicant’s user device] and the access device 104 [i.e. applicant’s second computing device] may negotiate any further communications protocols for the wireless communication link 16, 26, 36, or 106. As described above, the access device 104 and the connecting user device 10, 20, 30 or 100 may have established a master connection key for deriving further connection keys [i.e. applicant’s a value generated by the second computing device based on the derived key] for use in transmitting data, using key establishment protocols known in the art. Thus, the master connection key data may comprise the secure pairing key described above, or it may comprise the secure pairing key along with a further seed value, generated by either the connecting user device 10, 20, 30, or 100 or the access device 104, and transmitted to the access device or the connecting user device.].
Regarding claim 23.  Appenzeller does teach the method of claim 1, wherein the second computing device [Appenzeller, paragraph: 0025, Equipment of the type shown in system 10 of FIG. 1 may be used to support secure communications between senders and recipients. A sender is a user who sends a message. A recipient is a user who receives a message. Because users can generally both send and receive messages, a given user may at one time be a sender and at another time be a recipient. Where at Figure # 3, and paragraph: 0068, At step 46, sender A [i.e. applicant’s user device/second computing device] sends the message to the recipient [i.e. applicant’s user device/user device i.e. applicant’s user device/second computing device].] does not have access to the master key, wherein the deriving the derived key comprises deriving based on one or more iterations of the key derivation algorithm, and wherein a first iteration, of the one or more iterations, used the second key as an input [Appenzeller, paragraph: 0081, At step 64, after the decryption server 24 has determined that the requesting recipient (recipient C in this example) is authorized to obtain a copy of the derived key, the decryption server 24 may request and obtain the derived key from key generator 20. The key request made by decryption server 24 may be made over intranet 16 and may include the recipient ID. The decryption server 24 is at the same organization as the key generator 20, so the key generator 20 trusts the decryption server. Accordingly, the key generator 20 may use the recipient ID [i.e. applicant’s second key] information from the decryption server and the derived key generation process of steps 38, 40, and 42 (FIG. 2) to produce the derived key. The derived key may be provided to the decryption server over intranet 16.].
As per claim 25. Appenzeller does teach the method of claim 16, wherein the message based on the first key comprises the first key, a hash based on the first key [Appenzeller, paragraph: 0007, Secure messages may be sent between senders and recipients using symmetric message keys. An organization may have a key generator that derives symmetric message keys from a master key. The key generator may produce the derived keys by applying a one-way function such as an HMAC function or other hash function [i.e. applicant’s a hash based on] to the master key and recipient identity information (i.e., a recipient ID). The resulting derived keys [i.e. applicant’s first and second key] are specific to each recipient. The compromise of a derived key will not compromise the master key, which helps to ensure security.] or a secure message authentication code based on the first key.
As per claim 26. Appenzeller as modified does teach the method of claim 16, wherein the authenticating based on the message and the derived key comprises authenticating the user device based on a comparison of the message [Appenzeller, Figure # 4 and paragraph: 0083, At step 68, recipient C receives the derived symmetric key [i.e. applicant’s derived key] from the decryption server 24 over the secure communications channel. The recipient may then use decryption engine 34 to decrypt the encrypted message (i.e., to decrypt the ciphertext) [i.e. applicant’s authenticating the user device based on a comparison of the message]. The inputs to decryption engine 34 are the encrypted version of the message (i.e., the ciphertext) and the derived key of recipient C. The output of the decryption engine 34 is the unencrypted version of the message contents.] and
a value generated by the second computing device based on the derived key [Little, col. 8, lines 55 – 67 and col. 9, line 1, Once the secure pairing is completed, the connecting device 10, 20, 30, or 100 [i.e. applicant’s user device] and the access device 104 [i.e. applicant’s second computing device] may negotiate any further communications protocols for the wireless communication link 16, 26, 36, or 106. As described above, the access device 104 and the connecting user device 10, 20, 30 or 100 may have established a master connection key for deriving further connection keys [i.e. applicant’s a value generated by the second computing device based on the derived key] for use in transmitting data, using key establishment protocols known in the art. Thus, the master connection key data may comprise the secure pairing key described above, or it may comprise the secure pairing key along with a further seed value, generated by either the connecting user device 10, 20, 30, or 100 or the access device 104, and transmitted to the access device or the connecting user device.].
Claim[s] 2, 10, 12, 13 is/are rejected under 35 U.S.C. 103 as being unpatentable over Appenzeller et al. [US PGPUB # 2006/0010324] in view of Rose [US PGPUB # 2003/0169882] and Little et al. [US PAT # 8112794] as applied in the rejection of claim # 1 above, further in view of Xu et al. [US PGPUB # 2015/0208238]
As per claim 2. Appenzeller and Rose and Little do teach what is taught in the rejection of claim # 1 above. 
Appenzeller and Rose and Little do not teach clearly the method of claim 1, further comprising:
receiving, from the user device, a list comprising two or more key derivation algorithms supported by the user device; and
determining, based on the list, that the user device supports the key derivation algorithm.
	However, Xu does teach the method of claim 1, further comprising:
receiving, from the user device, a list comprising two or more key derivation algorithms supported by the user device [Xu, Figure # 3, and paragraph: 0036, Step 32: The source SGSN sends the handover request to the target MME. The handover request includes the UE capability information (including a list of NAS algorithm of the UE, RRC algorithm of the UE, and UP algorithm of the UE) and the key information currently used by the source system (or the key derived by the source system according to the currently used key information).]; and
determining, based on the list, that the user device supports the key derivation algorithm [Xu, Figure # 3 and paragraph: 0045, Step 310: According to the parameters used in the RRC encryption key derivation [i.e. applicant’s determining, based on the list, that the user device supports the key derivation algorithm] and the UP encryption key derivation, the parameters used in K.sub.ASME derivation, the parameters used in K.sub.NAS derivation, the parameters used in K.sub.eNB derivation in the received contents of the transparent container, the UE derives the RRC encryption key, UP encryption key, K.sub.ASME, K.sub.NAS, and K.sub.eNB, and sets a protection algorithm applicable after handover].
	It would have been obvious to one of ordinary skilled in the art before the effective filing date of the claimed invention to combine the teachings of Appenzeller as modified and Xu in order for the encryption of bank transactions or bank communications between the bank and the various customer devices or customer to external customers of the bank of Appenzeller as modified to include performing data key communication security negotiations between base stations of Xu. This would allow for the protection of the communication data by encrypting the data with key[s] that both the customer[s] and the bank can support. See paragraph: 0008 of Xu.
As per claim 10. Appenzeller as modified does teach the method of claim 1, further comprising:
determining, based on a list of key derivation algorithms received from the user device [Xu, Figure # 3, and paragraph: 0036, Step 32: The source SGSN sends the handover request to the target MME. The handover request includes the UE capability information (including a list of NAS algorithm of the UE, RRC algorithm of the UE, and UP algorithm of the UE) and the key information currently used by the source system (or the key derived by the source system according to the currently used key information).], that the user device does not support the key derivation algorithm [Xu, paragraph: 0037, Step 33: According to the received key information, the target MME derives an Access Security Management Entity (ASME) key K.sub.ASME, an NAS key K.sub.NAS, and an eNB key K.sub.eNB, and selects an NAS algorithm.]; and
sending, to the user device, via a secured channel, and based on the determining that the user device does not support the key derivation algorithm, the key derivation algorithm [Xu, Figure # 3 and paragraph: 0045, Step 310: According to the parameters used in the RRC encryption key derivation [i.e. applicant’s determining, based on the list, that the user device supports the key derivation algorithm] and the UP encryption key derivation, the parameters used in K.sub.ASME derivation, the parameters used in K.sub.NAS derivation, the parameters used in K.sub.eNB derivation in the received contents of the transparent container, the UE derives the RRC encryption key, UP encryption key, K.sub.ASME, K.sub.NAS, and K.sub.eNB, and sets a protection algorithm applicable after handover].
As per claim 12. Appenzeller and Rose do teach a method [Appenzeller, paragraph: 0006, It is an object of the present invention to provide secure messaging systems that use symmetric keys to facilitate secure communications] comprising:
	Appenzeller and Rose do not teach clearly receiving, from a user device, a list comprising two or more key derivation algorithms supported by the user device;
determining, by a second computing device and based on the received list, that a key derivation algorithm supported by the second computing device is not indicated by the list; and
sending, to the user device via a secured channel, and based on the determining that the key derivation algorithm supported by the second computing device is not indicated by the list, the key derivation algorithm supported by the second computing device. 
	Xu discloses, at paragraph: 0006, It is an object of the present invention to provide secure messaging systems that use symmetric keys to facilitate secure communications.
However, Xu does teach receiving, from a user device, a list comprising two or more key derivation algorithms supported by the user device [Xu, Figure # 3, and paragraph: 0036, Step 32: The source SGSN sends the handover request to the target MME. The handover request includes the UE capability information (including a list of NAS algorithm of the UE, RRC algorithm of the UE, and UP algorithm of the UE) [i.e. applicant’s list comprising two or more key derivation algorithms supported by the user device] and the key information currently used by the source system (or the key derived by the source system according to the currently used key information).];
determining, by a second computing device and based on the received list, that a key derivation algorithm supported by the second computing device is not indicated by the list [Xu, paragraph: 0037, Step 33: According to the received key information, the target MME derives an Access Security Management Entity (ASME) key K.sub.ASME, an NAS key K.sub.NAS, and an eNB key K.sub.eNB, and selects an NAS algorithm. Where at paragraph: 0093, Furthermore, a transparent container may be generated out of the security information of the NAS and AS selected by the LTE system, the capability information supported by the UE, and the encryption algorithm selected by the target eNB, and the transparent container is transmitted to the UE. Therefore, when the UE hands over from the UTRAN to the LTE system, the UE obtains the parameter information of the NAS key and AS key selected by the LTE system, and the encryption algorithm selected by the target eNB. The UE negotiates the NAS and AS security parameters and the security algorithm between the LTE system [i.e. applicant’s second computing device] and a different system [i.e. or applicant’s second computing device] without adding any signaling, and a security correlation is created between the UE and the LTE system. [i.e. determining, by a second computing device and based on the received list, that a key derivation algorithm supported by the second computing device is not indicated by the list]]; and
sending, to the user device via a secured channel, and based on the determining that the key derivation algorithm supported by the second computing device is not indicated by the list, the key derivation algorithm supported by the second computing device [Xu, Figure # 3 and paragraph: 0045, Step 310: According to the parameters used in the RRC encryption key derivation and the UP encryption key derivation, the parameters used in K.sub.ASME derivation, the parameters used in K.sub.NAS derivation, the parameters used in K.sub.eNB derivation in the received contents of the transparent container, the UE [i.e. applicant’s user device] derives the RRC encryption key, UP encryption key, K.sub.ASME, K.sub.NAS, and K.sub.eNB, and sets a protection algorithm applicable after handover [i.e. applicant’s key derivation algorithm supported by the second computing device] to the LTE system or different system]. 
It would have been obvious to one of ordinary skilled in the art before the effective filing date of the claimed invention to combine the teachings of Appenzeller as modified and Xu in order for the encryption of bank transactions or bank communications between the bank and the various customer devices or customer to external customers of the bank of Appenzeller as modified to include performing data key communication security negotiations between participants in before communication with each other of Xu. This would allow for the negotiated protection of the communication data by encrypting the data with key[s] that both the customer and the bank can support. See paragraph: 0008 of Xu.
As per claim 13. Appenzeller as modified does teach the method of claim 12, further comprising:
	receiving, from the user device, a message based on a first key derived using the key derivation algorithm supported by the second computing device [Appenzeller, Figure #3 and paragraph: 0077, At step 58, the recipient (recipient C in this example) [i.e. applicant’s second computing device] receives the message [i.e. message] over communications network 14 from sender A [i.e. applicant’s user device]. The message may be received by the recipient's client software running on the recipient's equipment 12. 
	Then at paragraph: 0078, If the recipient's client software has a copy of an appropriate derived key available in a local cache, the client software may use that derived key [i.e. applicant’s first key derived using the key derivation algorithm supported by the second computing device] to decrypt the message. If the derived key is not available locally, the recipient may obtain a copy of the derived key from organization 18.
	Then further of Appenzeller at paragraph: 0079, In particular, at step 60, the recipient may generate a derived-key request and may provide the derived key request to the decryption server 24. Any suitable arrangement may be used to make the derived key request. For example, the client of sender A or the gateway 22 may automatically include a clickable link (e.g., a web link) in the outgoing message. When recipient C receives the message, instructions in the message may prompt recipient C to click on the link. Clicking on the link may instruct recipient C's web browser or other suitable client software to transmit certain information in the link to a particular web address over communications network 14. The information that is transmitted may include recipient identity information and may serve as a derived key request. The web address may be associated with decryption server 24.  This is merely one illustrative way in which a derived key request may be provided to decryption server 24. Any suitable arrangement may be used if desired]; and
	based on the message, authenticating, by the second computing device and using a second key different from the first key, the user device [Appenzeller,  Figure #4 and paragraph: 0063, At step 68, recipient C [i.e. applicant’s the second computing device] receives the derived symmetric key from the decryption server 24 over the secure communications channel. The recipient may then use decryption engine 34 to decrypt the encrypted message (i.e., decrypt the ciphertext [i.e. applicant’s authenticating, by the second computing device and using a second key different from the first key, the user device]. The inputs to decryption engine 34 are the encrypted version of the message (i.e., the ciphertext) and the derived key of recipient C, The cutout of the decryption engine 34 is the unencrypted version of the message contents], wherein the using the second key comprises deriving, based on application of the key derivation algorithm supported by the second computing device to the second key, the first key [Rose, paragraph: 0019, performing a hash function on the initial encryption key to produce a first output, and deriving from the first output a first intermediate key having a work factor value not greater than the lower one of the different work factor values determined in the determining step.
	Then further of Rose at paragraph: 0020, performing a hash function [i.e. applicant’s by applying the key derivation algorithm supported by the second computing device] on the first intermediate key to produce a second output, and deriving from the second output [i.e. applicant’s based on a second key] a final encryption key [i.e. applicant’s the first key] having a work factor value not greater than the lower one of the different work factor values determined in said determining step].
Claim[s] 3, 18 is/are rejected under 35 U.S.C. 103 as being unpatentable over Appenzeller et al. [US PGPUB # 2006/0010324] in view of Rose [US PGPUB # 2003/0169882] and Little et al. [US PAT # 8112794] as applied in the rejection of claim[s] 1 above, further in view of Zhang et al. [US PGPUB # 2016/0330617]
As per claim 3. Appenzeller and Rose and Little do teach what is taught in the rejection of claim # 1 above. 
Although, Appenzeller does teach the method of claim 1, wherein the first key was derived, by the user device, based on application of a first quantity of iterations of the key derivation algorithm [paragraph: 0053, lines 8 – 12, The sender A [i.e. applicant’s user device] sends each message through gateway 22. Gateway 22 uses encryption engine 28 to encrypt each message using a symmetric key. The symmetric key is derived from the master key 26 by the key generator 20 and is therefore referred to as a "derived key. [i.e. applicant’s by the user device, by applying a first quantity of iterations of the key derivation algorithm ]"
Then at paragraph: 0071, lines 1 – 5, Any suitable encryption policies may be implemented using gateway 22. For example, gateway 22 may encrypt all outgoing messages, may encrypt messages being sent to a particular recipient or list of recipients (i.e., particular customers)] to the master key as an initial input [paragraph: 0053, lines 8 – 12, The sender A sends each message through gateway 22. Gateway 22 uses encryption engine 28 to encrypt each message using a symmetric key. The symmetric key is derived from the master key 26 [i.e. applicant’s master key] by the key generator 20 and is therefore referred to as a "derived key."], the second key was derived, by the first computing device based on application of a second quantity of iterations of the key derivation algorithm to the master key as an initial input [paragraph: 0081, At step 64, after the decryption server 24 has determined that the requesting recipient (recipient C in this example) is authorized to obtain a copy of the derived key, the decryption server 24 [i.e. applicant’s first computing device] may request and obtain the derived key from key generator 20. The key request made by decryption server 24 may be made over intranet 16 and may include the recipient ID. The decryption server 24 is at the same organization as the key generator 20, so the key generator 20 trusts the decryption server. Accordingly, the key generator 20 may use the recipient ID  information from the decryption server and the derived key generation process of steps 38, 40, and 42 (FIG. 2) to produce the derived key. The derived key [i.e. applicant’s second key] may be provided to the decryption server over intranet 16.]. 
While Appenzeller and Rose and Little do not teach clearly the first key is derivable based on application of a third quantity of iterations of the key derivation algorithm to the second key as an initial input, and the first quantity is a sum of the second and the third quantities.
However, Zhang does teach the first key is derivable based on application of a third quantity of iterations of the key derivation algorithm to the second key as an initial input, and the first quantity is a sum of the second and the third quantities [paragraph: 0037, Further, a method according to twenty-fifth exemplary aspect of the present invention provides a method of protecting communication in a mobile communication system including a plurality of base stations, and a UE (User Equipment) connectable to the plurality of base stations for dual connectivity. This method includes: deriving, by a first base station, a second key [i.e. applicant’s first key] from a first key [i.e. applicant’s second key]; sending, by the first base station, the second key to a second base station; deriving, by the second base station, a third key [i.e. applicant’s first quantity is a sum of the second and third quantities] from the second key; sending, by the first base station, information or parameter relating to a fourth key to the UE; and deriving, by the UE, the fourth key for ciphering of user plane. The third key and the fourth key are the same, and the same key is used for encrypting communication between the second base station and the UE.].
It would have been obvious to one of ordinary skilled in the art before the effective filing date of the claimed invention to combine the teachings of Appenzeller as modified and Zhang in order for the encryption of bank transactions or bank communications between the bank and the various customer devices or customer to external customers of the bank of Appenzeller as modified to include calculating and distributing random values for the purpose of protecting the communication of data of Zhang. This would allow for the customers and the bank to encrypt data based on a random value for protection of the transaction communications between the customers and bank. See paragraph: 0016 of Zhang. 
As per claim 18. Appenzeller as modified does teach the method of claim 16, wherein the second key is derived based on performing a second quantity of iterations of the key derivation algorithm based on the master key as an initial input  wherein the first quantity is a sum of the second and the third quantities [Zhang, paragraph: 0037, Further, a method according to twenty-fifth exemplary aspect of the present invention provides a method of protecting communication in a mobile communication system including a plurality of base stations, and a UE (User Equipment) connectable to the plurality of base stations for dual connectivity. This method includes: deriving, by a first base station, a second key [i.e. applicant’s second key] from a first key [i.e. applicant’s master key]; sending, by the first base station, the second key to a second base station; deriving, by the second base station, a third key [i.e. applicant’s first quantity is a sum of the second and third quantities] from the second key; sending, by the first base station, information or parameter relating to a fourth key to the UE; and deriving, by the UE, the fourth key for ciphering of user plane. The third key and the fourth key are the same, and the same key is used for encrypting communication between the second base station and the UE.].
Claim[s] 6, 7, 24 is/are rejected under 35 U.S.C. 103 as being unpatentable over Appenzeller et al. [US PGPUB # 2006/0010324] in view of Rose [US PGPUB # 2003/0169882] and Little et al. [US PAT # 8112794] as applied in the rejection of claim[s] 1 above, further in view of Laitinen [US PGPUB # 2006/0101270]
As per claim 6. Appenzeller and Rose and Little do teach what is taught in the rejection of claim 1 above. 
Appenzeller and Rose and Little do not teach clearly the method of claim 1, further comprising:
receiving, by the second computing device and from the first computing device, an updated second key and an updated key derivation algorithm associated with the updated key; and
replacing the key derivation algorithm with the updated key derivation algorithm and second key with the updated second key.
However, Laitinen does teach method of claim 1, further comprising:
receiving, by the second computing device and from the first computing device [Laitinen, paragraph: 0051, lines 4 – 7, The bootstrapping server function [i.e. applicant’s first computing device] may indicate the key derivation function to be used when deriving keys from Ks by sending an algorithm identifier to the user equipment [i.e. applicant’s second computing device]], an updated second key and an updated key derivation algorithm associated with the updated key [Laitinen, paragraph: 0049, lines 1 – 8, The user equipment receives (314) the key derivation function in response to the request. Therefore, in this alternative the key derivation function is updated e.g. using the OTA (Over The Air) interface, where the key derivation function implementation itself, or an address (e.g. Uniform Resource Location (URL)) to the key derivation function implementation is sent the user equipment by an operator's OTA server]; and
replacing the key derivation algorithm with the updated key derivation algorithm and second key with the updated second key [Laitinen, paragraph: 0049, lines 1 – 8, The user equipment receives (314) the key derivation function in response to the request. Therefore, in this alternative the key derivation function is updated e.g. using the OTA (Over The Air) interface, where the key derivation function implementation itself, or an address (e.g. Uniform Resource Location (URL)) to the key derivation function implementation is sent the user equipment by an operator's OTA server].
It would have been obvious to one ordinary skilled in the art before the effective filing date of the claimed invention to combine the teachings of Appenzeller as modified and Laitinen in order for the encryption of bank transactions or bank communications between the bank and the various customer devices or customer to external customers of the bank of Appenzeller as modified to include that each station is authenticated by an authentication server, before key parameters and security attributes are exchanged between the stations of Laitinen. This would allow for the prevention of compromised communications data by unauthorized customers and the bank, by calculating communication session keys for each session between the bank and the prospective customer. See paragraph: 0007, lines 12 – 18 of Laitinen. 
As per claim 7. Appenzeller as modified does teach the method of claim 1, further comprising:
sending, to the user device based on a determination that the user device supports an updated key derivation algorithm [Laitinen, paragraph: 0044, lines 6 – 9, Also, an operator may want to define a new key derivation function and customize the user equipment to use the customized key derivation function instead of the default one. Where at paragraph: 0049, lines 1 – 8, The user equipment receives (314) the key derivation function in response to the request. Therefore, in this alternative the key derivation function is updated e.g. using the OTA (Over The Air) interface, where the key derivation function implementation itself, or an address (e.g. Uniform Resource Location (URL)) to the key derivation function implementation is sent the user equipment by an operator's OTA server], a request for an updated message [Laitinen, paragraph: 0026, In one embodiment of the invention, the receiver is configured to receive a key derivation function update from a key derivation function update entity.];
 and authenticating, based on the updated message and a key derived based on the updated key derivation algorithm, the user device [Laitinen, paragraph: 0057, lines 7 – 10, The receiver 402 may also receive a key derivation function update from a key derivation function update entity, that is, when the key derivation function is to be updated in the user equipment 40. Then at paragraph: 0016, According to another aspect of the invention there is provided a method for determining a key derivation function to be used by user equipment. The method comprises receiving an authentication request from user equipment and sending a key derivation function identifier along with a bootstrapping transaction identifier to the user equipment in response to the authentication request.].
As per claim 24. Appenzeller as modified does teach the method of claim 16, further comprising:
receiving, by the second computing device and based on a compromise of the key derivation algorithm [Laitinen, paragraph: 0009, a key derivation function in the user equipment may need to be changed for some reason, for example, when the key derivation function has been compromised], an updated key derivation algorithm and an updated third key [Laitinen, paragraph: 0026, In one embodiment of the invention, the receiver is configured to receive a key derivation function update from a key derivation function update entity. Where at paragraph: 0047, lines 5 – 8, the user equipment selects key derivation function and uses it when needed to generate a key]; and
sending, to the user device and based on a determination that the user device supports the updated key derivation algorithm, an indication of the updated key derivation algorithm [Laitinen, paragraph: 0057, lines 7 – 10, The receiver 402 may also receive a key derivation function update from a key derivation function update entity, that is, when the key derivation function is to be updated in the user equipment 40. Then at paragraph: 0016, According to another aspect of the invention there is provided a method for determining a key derivation function to be used by user equipment. The method comprises receiving an authentication request from user equipment and sending a key derivation function identifier along with a bootstrapping transaction identifier to the user equipment in response to the authentication request].
Claim[s] 9 is/are rejected under 35 U.S.C. 103 as being unpatentable over Appenzeller et al. [US PGPUB # 2006/0010324] in view of Rose [US PGPUB # 2003/0169882] and Little et al. [US PAT # 8112794] as applied in the rejection of claim[s] 1 above, further in view of Chandoor et al. [US PGPUB # 2017/0201520]
As per claim 9. Appenzeller and Rose and Little do teach what is taught in the rejection of claim 1 above. 
Appenzeller and Rose and Little do not teach clearly the method of claim 1, further comprising:
encrypting, based on the authenticating and based on an encryption protocol shared between the second computing device and the user device, provisioning data; and
sending, to the user device, the encrypted provisioning data.
However, Chandoor does teach the method of claim 1, further comprising:
encrypting, based on the authenticating and based on an encryption protocol shared between the second computing device and the user device, provisioning data [paragraph: 0008, lines 21 – 24, The method may further include receiving, by the second application on the communication device [i.e. applicant’s user device], access data provided by the remote server computer [i.e. applicant’s second computer machine] based on validation of the encrypted provisioning request data.]; and
sending, to the user device, the encrypted provisioning data [paragraph: 0008, lines 24 – 26, The method may also include provisioning, by the second application, the access data onto the second application.].
It would have been obvious to one ordinary skilled in the art before the effective filing date of the claimed invention to combine the teachings of Appenzeller as modified and Chandoor in order for the encryption of bank transactions or bank communications between the bank and the various customer devices or customer to external customers of the bank of Appenzeller as modified to include encrypting the communications between the stations by using multiple encryption rounds [i.e. TOES] of Chandoor. This would allow for the prevention of an attacker using brute force attacks and gaining access to such communications data given that the data is encrypted multiple times. See paragraph: 0035 of Chandoor. 
Claim[s] 15 is/are rejected under 35 U.S.C. 103 as being unpatentable over Appenzeller et al. [US PGPUB # 2006/0010324] in view of Rose [US PGPUB # 2003/0169882] and Little et al. [US PAT # 8112794] and Xu et al. [US PGPUB # 2015/0208238], as applied in the rejection of claim[s] 12 above, further in view of Tyree [US PGPUB # 2011/0145897]
As per claim 15.  Appenzeller and Rose and Little and Xu do teach what is taught in the rejection of claim 12 above. 
Appenzeller and Rose and Little and Xu do not teach clearly the method of claim 12, further comprising:
encrypting, before the sending the key derivation algorithm supported by the second computing device, and based on a digital signature, the key derivation algorithm supported by the second computing device.
However, Tyree does teach the method of claim 12, further comprising:
encrypting, before the sending the key derivation algorithm supported by the second computing device, and based on a digital signature, the key derivation algorithm supported by the second computing device [paragraph: 0077, lines 4 – 13, It should be understood that the cryptographic public key infrastructure signature algorithm may render the derivation of the private key from the shared key, cryptographically infeasible (e.g., impractical given the present and projected state of technology or mathematical practice). Furthermore, use of the cryptographic public key infrastructure signature algorithm to generate a shared key that renders derivation of the private key cryptographically infeasible].
It would have been obvious before the effective filing date of the claimed invention to combine the teachings of Appenzeller as modified and Tyree in order for the encryption of bank transactions or bank communications between the bank and the various customer devices or customer to external customers of the bank of Appenzeller as modified to include that each station is authenticated by an authentication server, before key parameters and security attributes are exchanged between the stations of Tyree. This would allow for authenticating each customer and the bank based on multi-factor type authentication before commencing communication between parties. See paragraph: 0003 of Tyree. 
Claim[s] 17, 19 is/are rejected under 35 U.S.C. 103 as being unpatentable over Appenzeller et al. [US PUGPUB # 2006/0010324] in view of Rose [US PGPUB # 2003/0169882] and Little et al. [US PAT # 8112794] as applied in the rejection of claim[s] 16 above, further in view of Wang et al. [US PGPUB # 2013/0315393]
As per claim 17. Appenzeller and Rose and Little do teach what is taught in the rejection of claim 16 above. 
	Appenzeller and Rose and Little do not clearly teach the method of claim 16, wherein each iteration, if any, of the key derivation algorithm after a first iteration receives an output derived key of an immediately previous iteration as an input key.
	However, Wang does teach the method of claim 16, wherein each iteration, if any, of the key derivation algorithm after a first iteration receives an output derived key of an immediately previous iteration as an input key [Wang, figure # 2, steps s252 and s254, and paragraph: 0030, lines 1 – 18, generate and store an equipment key [a second communication key – keNB2] (i.e. applicant’s first iteration) and a second transmission key – ed2, based on the previously generated authentication key K-ASME2 [i.e. applicant’s output derived key of an immediately previous iteration as an input key] by a key generation information].
It would have been obvious before the effective filing date of the claimed invention to combine the teachings of Appenzeller as modified and Wang in order for the encryption of bank transactions or bank communications between the bank and the various customer devices or customer to external customers of the bank of Appenzeller as modified to include that each entity is authenticated by an authentication server before being allowed to obtain time limited key derivation function and master key parameters of Wang. This would allow for the calculation of a time limited encryption key for use with protecting communicated data between customers and the bank. See paragraphs: 0025 and 0007 of Wang. 
As per claim 19. Appenzeller as modified does teach the method of claim 16, further comprising sending, based on the authenticating, provisioning data to the user device [Wang, Figure # 5, paragraph: 0042, lines 5 – 10, Then, the user equipment UE1 transmits the first random value R1 to the user equipment UE2 (step S562) [i.e. applicant’s sending….provisioning data to the user device]. The user equipment UE2 [i.e. applicant’s user device] generates the second random value R2, and calculates the second temporary key TK2 [i.e. applicant’s second derived key] according to the master key MK [i.e. applicant’s master key] of the D2D master key information (step S563). 
Then at paragraph: 0038, lines 8 – 14 of Wang, After both of the user equipment UE1 and UE2 obtains the authentication for D2D communication [i.e. applicant’s based on the authenticating], if the user equipment UE1 is intended to perform the D2D communication with the user equipment UE2, the user equipment UE1 sends a D2D communication request related to the user equipment UE2 to the D2D communication controller 130 in the authentication server 110 (step S510).].
Claim[s] 20 is/are rejected under 35 U.S.C. 103 as being unpatentable over Appenzeller et al. [US PUGPUB # 2006/0010324] in view of Rose [US PGPUB # 2003/0169882] and Little et al. [US PAT # 8112794] as applied in the rejection of claim[s] 16 above, further in view of Wang et al. [US PGPUB # 2013/0315393], further in view of Xu et al. [US PGPUB # 2015/0208238]
As per claim 20. Appenzeller and Rose and Little do teach what is taught in the rejection of claim 16 above.
	Appenzeller and Rose and Little do not teach clearly the method of claim 16, further comprising: receiving, from the user device, a request indicating a plurality of algorithms including the key derivation algorithm; and
sending, to the user device, a message comprising an indication of the key derivation algorithm and requesting the message based on the first key.
However, Wang does teach and sending, to the user device, a message comprising an indication of the key derivation algorithm [Wang, paragraph: 0007, lines 6 – 14, When the first user equipment and the second user equipment respectively send a connection request for device-to-device communication to the authentication server, the authentication server performs routine authentication procedures on the first user equipment and the second user equipment [i.e. applicant’s user device], and respectively provides first key generation information and second key generation information [i.e. applicant’s a message comprising an indication of the key derivation algorithm] to the first user equipment and the second user equipment.] and requesting the message based on the first key [Wang, Figure # 5, paragraph: 0042, lines 5 – 10, Then, the user equipment UE1 transmits the first random value R1 to the user equipment UE2 (step S562). The user equipment UE2 generates the second random value R2, and calculates the second temporary key TK2 [i.e. applicant’s first key] according to the master key MK of the D2D master key information (step S563). Where at paragraph: 0044, After the user equipment UE2 receives the third intermediary value V3, the user equipment UE2 calculates a fourth intermediary value V4 according to the second temporary key TK2 and the second random value R2, and determines whether the third intermediary value V3 is the same to the fourth intermediary value V4 (step S569). If the third intermediary value V3 is the same to the fourth intermediary value V4, the user equipment UE2 allows the user equipment UE1 to perform the D2D communication and the encryption and decryption operations during the communication according to the D2D master key information (step S570). According to the above descriptions, it is known that the D2D mutual authentication (the step S560) and the follow-up D2D communication (step S580) are performed without using the D2D communication controller 130.].
It would have been obvious before the effective filing date of the claimed invention to combine the teachings of Appenzeller as modified and Wang in order for the encryption of bank transactions or bank communications between the bank and the various customer devices or customer to external customers of the bank of Appenzeller as modified to include that each entity is authenticated by an authentication server before being allowed to obtain time limited key derivation function and master key parameters of Wang. This would allow for the calculation of a time limited encryption key for use with communicating data between customers and the bank. See paragraphs: 0025 and 0007 of Wang. 
Appenzeller and Rose and Little and Wang do not teach clearly receiving, from the user device, a request indicating a plurality of algorithms including the key derivation algorithm. 
However, Xu does teach receiving, from the user device, a request indicating a plurality of algorithms including the key derivation algorithm [Xu, Figure # 3, and paragraph: 0036, Step 32: The source SGSN sends the handover request to the target MME. The handover request includes the UE capability information (including a list of NAS algorithm of the UE, RRC algorithm of the UE, and UP algorithm of the UE) and the key information currently used by the source system (or the key derived by the source system according to the currently used key information).]
It would have been obvious to one of ordinary skilled in the art before the effective filing date of the claimed invention to combine the teachings of Appenzeller and Xu in order for the encryption of bank transactions or bank communications between the bank and the various customer devices or customer to external customers of the bank of Appenzeller to include performing data key communication security negotiations between participants before communication with each other of Xu. This would allow for the negotiated protection of the communication data by encrypting the data with key[s] that both the customer and the bank can support. See paragraph: 0008 of Xu.
Claim(s) 27 is/are rejected under 35 U.S.C. 103 as being unpatentable over Appenzeller et al. [US PUGPUB # 2006/0010324] in view of Rose [US PGPUB # 2003/0169882] and Little et al. [US PAT # 8112794] as applied in the rejection of claim[s] 1 above, further in view of Young et al. [US PGPUB # 2018/0006815]
As per claim 27. Appenzeller and Rose and Little do teach what is taught in the rejection of claim 1 above.
Appenzeller and Rose and Little do not teach clearly the method of claim 1, wherein the receiving the second key from the first computing device comprises receiving the second key from a secure key facility of the first computing device.
However, Young does teach the method of claim 1, wherein the receiving the second key from the first computing device comprises receiving the second key from a secure key facility of the first computing device [Figure #1 and paragraph: 0037, lines 1 – 2, Returning to FIG. 1, an encrypted master key is also maintained in the computing device 100. Where at paragraph: 0025, lines 1 – 14, The trusted key service 110 [i.e. applicant’s a secure key facility] includes an encrypted key vault 112 and a decrypted key store 114. The encrypted key vault 112 maintains, for each of one or more boot configurations for the computing device 100 [i.e. applicant’s first computing devices comprises….etc.], an encrypted key that is associated with the boot configuration. In one or more embodiments, the boot configuration includes boot code that includes a boot loader, which loads and begins running the components of the operating system 104. The encrypted key can thus also be referred to as associated with an operating system running from a particular boot configuration. Different boot loaders will load and run different operating systems, so by associating an encrypted key with a particular boot configuration, the encrypted key is also associated with a particular operating system [i.e. applicant’s receiving the second key from a secure key facility of the first computing device].].
It would have been obvious to one of ordinary skilled in the art before the effective filing date of the claimed invention to combine the teachings of Appenzeller as modified and Young in order for the encryption of bank transactions or bank communications between the bank and the various customer devices or customer to external customers of the bank of Appenzeller as modified to include encrypting algorithms specific to the bank and the remote customers of Young. This would allow for a robust encryption key and algorithm that is resistant to attack based on the specific attributes of the bank and customer if not known the attacker. See paragraph: 0003 of Young. 
Claim(s) 28 is/are rejected under 35 U.S.C. 103 as being unpatentable over Appenzeller et al. [US PUGPUB # 2006/0010324] in view of Rose [US PGPUB # 2003/0169882] and Little et al. [US PAT # 8112794] as applied in the rejection of claim[s] 1 above, further in view of Deshpande [US PGPUB # 2019/0223014]

As per claim 28. Appenzeller and Rose and Little do teach what is taught in the rejection of claim 1 above.
	Appenzeller and Rose and Little do not teach clearly the method of claim 1, further comprising sending, by the first computing device, the master key to a manufacturer of the user device.

	However, Deshpande does teach the method of claim 1, further comprising sending, by the first computing device, the master key to a manufacturer of the user device [paragraph: 0046, Currently, all Zigbee-enabled products [i.e. applicant’s user devices] in the world use a known master key. This master key is given to a Zigbee integrated circuit (IC) manufacturer under a non-disclosure agreement (NDA) [i.e. applicant’s sending…..the master key to a manufacturer of the user device]. However, this method of securing network connections is inherently insecure. Because master keys are programmed at manufacturing time, they are vulnerable to eavesdropping and also they are sent un-encrypted to a ZR and/or ZED. Pre-loading of a TC master key for the ZR and/or ZED is also vulnerable.].
It would have been obvious to one of ordinary skilled in the art before the effective filing date of the claimed invention to combine the teachings of Appenzeller as modified and Deshpande in order for the encryption of bank transactions or bank communications between the bank and the various customer devices or customer to external customers of the bank of Appenzeller as modified to include tailored encryption keys and algorithms and types of secure channels to be used of Deshpande. This would allow for the creation of multiple wireless secure communication channels and encryption keys to be used based on the type of device that is detected. See paragraphs: 0005 – 0009 of Deshpande.
Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to DANT SHAIFER - HARRIMAN whose telephone number is (571)272-7910. The examiner can normally be reached M - F: 9am to 5pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Kambiz Zand can be reached on 571- 272- 3811. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/DANT B SHAIFER HARRIMAN/          Primary Examiner, Art Unit 2434