Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Specification 
The specification filed on September 24, 2020 is accepted. 
Drawings
The drawings filed on September 24, 2020 are accepted.

Detailed action 
Claims 1-20 are pending 
Claims 1-11 have been elected by the applicant for examination

Information Disclosure Statement
The information disclosure statement (IDS) submitted on 09/24/2020, 03/08/2021 and 05/26/2021 was filed after the mailing date of the application no. 17/030682 on 09/24/2020.  The submission is in compliance with the provisions of 37 CFR 1.97.  Accordingly, the information disclosure statement is being considered by the examiner.

Response to Restriction election argument
In response to applicant’s argument filed on 08/25/2022 that restriction is improper and the claim set 1-11, 12-18 and 19-20 do not pose a serious search burden due to the overlapping of each claim set. The examiner acknowledges applicants point of view but respectfully disagrees because each claim set have distinct mode of operation. For example, claims set 1-11, 12-18 and 19-20 are related as sub combinations disclosed as usable together in a single combination.  The sub combinations are distinct if they do not overlap in scope and are not obvious variants, and if it is shown that at least one sub combination is separately usable.  In the instant case, the sub combination of claims 12-18 has a separate component such as the electronic control unit and distributed control module for establishing a first and second session key foe engaging in secure encrypted communication. The sub combination of claims 19-20 has a separate component such as encryption decryption module for performing encryption decryption utilizing device public key and session key, See MPEP § 806.05(d).

                                               Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1, 4 and 6-10 are rejected under 35 U.S.C. 103 as being unpatentable over Stahl (US 20160373418) in view of MOMCHILOV et al (hereinafter MOMCHILOV) (US 20200374136) and further in view of Roth et al (hereinafter Roth) (US 10547613).

Regarding claim 1 Stahl teaches a method of establishing secure communication between a server and a device in a distributed control system (Stahl on [0013-0014] teaches  a method for enabling a secure provisioning of a credential from a server to a wireless device);
wherein a first public-private key pair comprising a server public key and a server private key is associated with the server, and wherein a second public- private key pair comprising a device public key and a device private key is associated with the device, the method comprising: (Stahl on [0013-0014] teaches method for enabling secure provisioning of credential between server and wireless device using device public-private key pair comprising device public key and device private key and server public-private key pair comprising server public key and server private key);
with the server, generating a server nonce (Stahl Fig 2 block S1 and text on [0047-0048, 0069 and 0105] teaches server generating server nonce);
 transmitting the server public key, a server key signature, and the server nonce from the server to the device (Stahl Fig 2 block S1 and text on [0047-0048 and 0055] teaches transmitting an authentication request from the server comprising the server nonce and transmitting sever credential message from the server comprising server public key and SAI indicator as digital signature (i.e. server signature). See on [0084-0085] teaches transmitting server credential comprising server public key, a server certificate. See also Fig 6 and text on [0105] teaches the device receiving server public key and server nonce from server);
with the device, verifying the server public key, signing the server nonce with the device private key, resulting in a server nonce signature, and generating a device nonce (Stahl on [0053] teaches generating a device nonce. See on [0055] teaches wireless device 60 then verifies the digital signature received using the calculated hash value and the received server public key. If the signature is correct then the device stores the server public key. See Fig 6 and text on [0105] teaches device receives server nonce and signs the server nonce using device private key and generate device nonce. Further teaches the wireless device then verifies the signature received from the server using the calculated hash value and the received server public key. If the signature is valid, then the wireless device stores the server public key (i.e. equivalent to validating the server public key at the device));
 transmitting the server nonce, the server nonce signature, the device public key, a device key signature, and the device nonce from the device to the server (Stahl Fig 6 and text on [0105] teaches the wireless device prepares an authentication response 603 by signing S21 the server nonce using the device private key and generates a device nonce. The wireless device 60 sends S3 the signature (i.e. server nonce signature) together with device nonce in an authentication response 603 to the server 7. See on [0048-0049] teaches the authentication response also comprises DAI indicator having device key signature and returning the server nonce in the authentication response message to the serve. See on [0066] teaches sending the device public key to the server (i.e. the wireless device transmits the server nonce, the server nonce signature, device public key, device key signature and device nonce in view of cited para above));
 with the server, verifying the server nonce, verifying the device public key (Stahl Fig 3 block S313 and text on [0070 and 0072] teaches verifying the authentication response by identifying the device public key corresponding to the device identifier. Further teaches and verifying the received authentication response comprises verifying that the decrypted version of server nonce matches the server nonce generated by the server);
generating a session key, encrypting the session key with the device public key, resulting in an encrypted session key (Stahl on [0106] teaches generating symmetric key (i.e. session key) and wrapping the symmetric key with device public key);
and with the device, [[verifying the device nonce,]] decrypting the encrypted session key with the device private key, resulting in a decrypted session key, [[and verifying the decrypted session key]] (Stahl on [0106] teaches the wireless device receiving the symmetric key and decrypting the symmetric using devices private key).
	Stahl fails to explicitly teach and with the device, verifying the device nonce, and verifying the decrypted session key and signing a combination of the device nonce and the session key with the server private key, resulting in a combined signature, however MOMCHILOV from analogous art teaches and with the device, verifying the device nonce, and verifying the decrypted session key (MOMCHILOV on [0062] teaches the virtual delivery appliance (i.e. device in instant case) validates signature of its nonce using client device public key. See on [0070] teaches the virtual delivery appliance validates gateway public key (i.e. session key in instant case)).
Thus, it would have been obvious to one ordinary skill in the art before the effective filing date to implement the teaching of MOMCHILOV into the teaching of Stahl by validating the device nonce and session key at the device. One would be motivated to do so in order to authorize connection with client and provide the client with access to the virtual computing session via the connection established based on validating the session key (MOMCHILOV on [0007]).

The combination fails to explicitly teach and signing a combination of the device nonce and the session key with the server private key, resulting in a combined signature, however Roth from analogous art teaches signing a combination of the device nonce and the session key with the server private key, resulting in a combined signature (Roth on [Col 15 line 24-31] teaches generating a hash of the client nonce, the server nonce, the DHA public key, and the encrypted session key (i.e. combining the session key with client nonce by hashing it) signs the hash using the DPS private key to generate a signed hash, and sends the server nonce, the encrypted session key and the signed hash to the new device).
 Thus, it would have been obvious to one ordinary skill in the art before the effective filing date to implement the teaching of Roths into the combined teaching of Stahl and MOMCHILOV by combining the session key and the nonce and signing the combination. One would be motivated to do so in order to validate the session key and the nonce at device based on the combined signature (Roth on [col 1 line 25-40]).
Regarding claim 4 the combination of Stahl, MOMCHILOV and Roths teaches all the limitation of claim 1 above, Stahl further teaches wherein verifying the server nonce comprises reading the server nonce signature with the device public key and verifying that the result matches the server nonce (Stahl Fig 3 block S313 and text on [0070 and 0072] teaches verifying the authentication response by identifying the device public key corresponding to the device identifier. Further teaches and verifying the received authentication response comprises verifying that the decrypted version of server nonce matches the server nonce generated by the server).
Regarding claim 6 the combination of Stahl, MOMCHILOV and Roths teaches all the limitation of claim 1 above, MOMCHILOV further teaches wherein verifying the device nonce comprises reading the combined signature with the server public key and verifying that a portion of the result matches the device nonce (MOMCHILOV on [0062] teaches the virtual delivery appliance (i.e. device in instant case) validates signature of its nonce using client device public key).
Thus, it would have been obvious to one ordinary skill in the art before the effective filing date to implement the teaching of MOMCHILOV into the teaching of Stahl by validating the device nonce and session key at the device. One would be motivated to do so in order to authorize connection with client and provide the client with access to the virtual computing session via the connection established based on validating the session key (MOMCHILOV on [0007]).

Regarding claim 7 the combination of Stahl, MOMCHILOV and Roths teaches all the limitation of claim 1 above, MOMCHILOV further teaches wherein verifying the decrypted session key comprises reading the combined signature with the server public key and verifying that a portion of the result matches the decrypted session key (MOMCHILOV on [0070] teaches the virtual delivery appliance validates gateway public key (i.e. session key in instant case) using client device public key (i.e. server public key because server in instant case is equivalent to client)).
Thus, it would have been obvious to one ordinary skill in the art before the effective filing date to implement the teaching of MOMCHILOV into the teaching of Stahl by validating the device nonce and session key at the device. One would be motivated to do so in order to authorize connection with client and provide the client with access to the virtual computing session via the connection established based on validating the session key (MOMCHILOV on [0007]).

Regarding claim 8 the combination of Stahl, MOMCHILOV and Roths teaches all the limitation of claim 1 above, Stahl further teaches further comprising transmitting encrypted communications between the server and the device using the session key (Stahl on [0106] teaches using the symmetric key to establish encrypted communication between server and wireless device).

Regarding claim 9 the combination of Stahl, MOMCHILOV and Roths teaches all the limitation of claim 1 above, Stahl further teaches further comprising establishing a forward- secrecy key between the server and the device (Stahl on [0066-0067] teaches establishing forward-secrecy key between server and device).
Regarding claim 10 the combination of Stahl, MOMCHILOV and Roths teaches all the limitation of claim 9 above, Stahl further teaches wherein the forward-secrecy key is established using a Diffie-Hellman key exchange protocol (Stahl on [0064-0065] teaches establishing forward-secrecy key between server and device using Diffie-Hellman key exchange protocol).


Claims 2, 3 and 5 are rejected under 35 U.S.C. 103 as being unpatentable over Stahl (US 20160373418) in view of MOMCHILOV et al (hereinafter MOMCHILOV) (US 20200374136), in view of Roth et al (hereinafter Roth) (US 10547613) and further in view of Enokida (US 20050033957).

Regarding claim 2 the combination of Stahl, MOMCHILOV and Roths teaches all the limitation of claim 1 above, the combination fails to explicitly teach wherein the server key signature comprises the server public key signed with an authorization private key; and wherein the device key signature comprises the device public key signed with the authorization private key, however Enokida from analogous art teaches wherein the server key signature comprises the server public key signed with an authorization private key; and wherein the device key signature comprises the device public key signed with the authorization private key (Enokida on [0156] teaches a CA key which is private key for digitally signing the public key of the server and the public key of the client).
Thus, it would have been obvious to one ordinary skill in the art before the effective filing date to implement the teaching of Enokida into the combined teaching of Stahl, MOMCHILOV and Roths by signing the device and server public key using authorization private key of the authority. One would be motivated to do so in order to establish secure communication between server and device based on mutual authentication of signed public key of device and server (Enokida on [0010-0012]).

Regarding claim 3 the combination of Stahl, MOMCHILOV and Roths teaches all the limitation of claim 2 above, MOMCHILOV further teaches wherein verifying the server public key comprises reading the server key signature with an authorization public key and verifying that the result matches the server public key (MOMCHILOV on [0057] teaches Since the virtual delivery appliance 53 trusts the RoT 57 and has access to the RoT 57 public key (i.e. authorization public key), the virtual delivery appliance is able to verify the validity of the client device 52 public key signature and, if valid, may then trust the client device public key).
Thus, it would have been obvious to one ordinary skill in the art before the effective filing date to implement the teaching of MOMCHILOV into the teaching of Stahl by validating the device nonce and session key at the device. One would be motivated to do so in order to authorize connection with client and provide the client with access to the virtual computing session via the connection established based on validating the session key (MOMCHILOV on [0007]).

Regarding claim 5 the combination of Stahl, MOMCHILOV, Roths and Enokida teaches all the limitation of claim 2 above, Enokida further teaches wherein verifying the device public key comprises reading the device key signature with an authorization public key and verifying that the result matches the device public key (Enokida on [0192] teaches verifying clients public key certificate using root key).
Thus, it would have been obvious to one ordinary skill in the art before the effective filing date to implement the teaching of Enokida into the combined teaching of Stahl, MOMCHILOV and Roths by signing the device and server public key using authorization private key of the authority. One would be motivated to do so in order to establish secure communication between server and device based on mutual authentication of signed public key of device and server (Enokida on [0010-0012]).

Claim 11 is/are rejected under 35 U.S.C. 103 as being unpatentable over Stahl (US 20160373418) in view of MOMCHILOV et al (hereinafter MOMCHILOV) (US 20200374136), in view of Roth et al (hereinafter Roth) (US 10547613) and further in view of Roberts et al (US 20120271380).

Regarding claim 11 the combination of Stahl, MOMCHILOV and Roths teaches all the limitation of claim 9 above, Stahl further teaches and transmitting encrypted communications between the server and the device using the forward-secrecy key (Stahl on [0065-0066] teaches transmitting communication between server and device using forward secrecy).
Although combination teaches establishing forward-secrecy key but fails to explicitly teach ceasing transmission of encrypted communications between the server and the device using the session key, however Roberts from analogous art teaches after the forward-secrecy key is established: ceasing transmission of encrypted communications between the server and the device using the session key (Roberts on [0035] teaches terminating the secure communication session using the session key).
Thus, it would have been obvious to one ordinary skill in the art before the effective filing date to implement the teaching of Roberts into the combined teaching of Stahl, MOMCHILOV and Roths by ceasing the communication between server and client using the session key. One would be motivated to do so in order to protect sensitive information using the session key by termination the connection after each session, thereby protecting the sensitive information (Roberts on [0005]).
 Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. 
SONG et al (US 20190236560) is directed towards a method for issuing at least one specific electronic voucher by at least one specific issuer; and more particularly, to the method of determining validities of issuing data and registering a function value in a public blockchain network, and the server using the same.
Metke et al (US 20090217043) is directed towards method and system for mutual authentication of nodes in a wireless communication network.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to MOEEN KHAN whose telephone number is (571)272-3522. The examiner can normally be reached 7AM-5PM EST M-TH Alternate Fridays.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Shewaye Gelagay can be reached on (571)272-4219. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/MOEEN KHAN/               Examiner, Art Unit 2436