DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Response to Amendment
	Claims 1 and 13-14 have been amended. Claims 1-15 are currently pending. Applicant’s amendments, with respect to the objections to claims 1 and 13-14, overcome the objections to the claims. The objection has been withdrawn. Applicant’s amendments, with respect to claim 1, overcome §102 (a)(1) rejections to the claims. The 102 rejections have been withdrawn.

Response to Arguments
Applicant’s arguments (See pg. 6), filed on 09/09/2022, with respect to the rejection(s) of claim(s) 1 under 35 USC 102 indicate that Kim ‘275 does not disclose “the initial configuration message contains helper data to repeatedly generate the same predetermined value”. This has been fully considered and is persuasive. Applicant further argued (See pg. 6) that “Kim ‘275 would teach away from tinkering with the private key rk in a manner including helper data” because the helper data would remove the randomness of the private key rk. Examiner respectfully disagrees. Kim ‘275 (See FIG. 6 and [0059]) recites that the GPK (610) creates a random number rk, i.e. the private key rk (the initial configuration message), which is given as an input (challenge) to a PUF for generating the PUF code pc as an output (response) of the PUF via the PUF code construction. Upon this fact, it would be reasonable to interpret the private key rk as a challenge in the challenge-response pair (CRP) because it is obvious to get a random challenge value to the PUF for security reasons. Furthermore, in the field of PUF technology, the so-called helper data has been used to ensure that a response from a PUF should be the same output when the same challenge is evaluated several times, because there is always noise from any PUF circuit, which is highly likely to flip bit values of the output (it’s a disadvantage of the PUF). In conclusion, if the random private key rk combined with the helper data as a challenge stimulates the PUF, the helper data would help the PUF to generate a consistent response by removing the noise of the circuit itself rather than the randomness.
Therefore, the rejections have been withdrawn. However, upon further consideration, a new ground(s) of rejection has been made. Please see the rejections below.

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claim(s) 1-6 and 9-15 is/are rejected under 35 U.S.C. 103 as being unpatentable over KIM ‘275 in view of LU, US-20190165954-A1 (hereinafter “LU ‘954”).
Per claim 1 (independent):
KIM ‘275 discloses: A method of obtaining a cryptographic key in a chipset comprising:
generating an initial configuration message using a physical unclonable function (PUF) of the chipset, wherein said PUF generates a predetermined value when using the initial configuration message as input to the PUF (FIGS. 4-5, [0045], C's KoB (a chipset) has an authentication token                         
                            
                                
                                    T
                                
                                
                                    i
                                    d
                                
                            
                        
                     (that was issued by S (a client access server)) and can compute a session key sk; [0046], the authentication server S (the client access server) is represented as 502 … and the client (the chipset) is represented as 506; [0047], C sends a request message (an initial configuration message) to S via P (step 512). The message contains id and                         
                            
                                
                                    T
                                
                                
                                    i
                                    d
                                
                            
                            =
                            
                                
                                    E
                                    N
                                    C
                                
                                
                                    t
                                    k
                                    i
                                    d
                                
                            
                            
                                
                                    i
                                    d
                                    +
                                    t
                                    s
                                    +
                                    p
                                    k
                                    +
                                    Φ
                                
                            
                        
                     where Φ is a hash value                         
                            H
                            
                                
                                    i
                                    d
                                    +
                                    t
                                    s
                                    +
                                    p
                                    k
                                    +
                                    
                                        
                                            r
                                            k
                                        
                                        
                                            s
                                        
                                    
                                
                            
                        
                    ; [0053], A KoB (of the chipset) comprises a PUF (PUF), an ECDH symmetric key generator, a public key generator, a cryptographic hash function (i.e., SHA-256), and non-volatile memory such as flash memory; [0054], C's KoB keeps and manages the following information: (1) an authentication token                         
                            
                                
                                    T
                                
                                
                                    i
                                    d
                                
                            
                        
                     … (2) a PUF code pc (a predetermined value) that is derived (generated) from a private key rk (See GPK in FIG. 6; given as input to the PUF), and (3) the public key                         
                            
                                
                                    p
                                
                                
                                    k
                                    s
                                
                            
                        
                     of S; FIG. 6, [0059], GPK (610) first creates a random number rk (as a private key of its caller). For the random number rk, it then generates a public key pk and a PUF code pc using PUF code construction; Note that the private key rk is one of the parameters in the request (or authentication) message.);
transmitting the initial configuration message to a client access server; receiving an altered configuration message from the client access server, wherein the altered configuration message is generated by the client access server based on the initial configuration message (FIG. 5, [0048], Once S (the client access server) receives the message, it decrypts                         
                            
                                
                                    T
                                
                                
                                    i
                                    d
                                
                            
                        
                     in step 514 … S computes, in step 516, a shared secret ss from both its own private key rks and C's public key pk that                         
                            
                                
                                    T
                                
                                
                                    i
                                    d
                                
                            
                        
                     contains. … S now chooses two random numbers µ and κ … Thereafter, S sends C a challenge message (altered configuration message) containing µ,                         
                            
                                
                                    E
                                    N
                                    C
                                
                                
                                    s
                                    k
                                
                            
                            
                                
                                    K
                                
                            
                        
                    , and the message's MAC, in step 51.);
obtaining the cryptographic key from the PUF using the altered configuration message as input to the PUF (FIG. 5, [0049], On receiving the message (the challenge message as input to the PUF), in step 522, C asks its KoB to compute the session key sk (cryptographic key) and, if able, C can verify the received message's MAC with session key sk.; FIG. 6, [0061], CSK (630): … The session key sk is computed as follows: sk=H(µ+ss) where ss is a shared secret that CSS computes for a PUF code pc (stored in the NVM) and a public key pks (already given by S).).

KIM ‘275 does not disclose but LU ‘954 discloses: wherein the message contains helper data to repeatedly generate the same predetermined value (FIG. 3, [0060], Server S sends to device D1 the cipher text with the registered helper data E(R1, M)||H1. Device D1 receives E(R1, M)||H1 (the message; H1 is helper data) and, in response to the cipher text and registered helper data received, generates a response from its PUF. The response may have more than one noisy bits and thus is called a noisy response R1 *. The noisy response R1* is a noisy version of the registered response R1; [0060], Device D1 then uses the registered helper data H1 received to reshape the noisy response R1* in order to obtain the registered response R1 (the same predetermined value).).
It would have been obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention to have modified KIM ‘275 with the challenge including helper data given to a PUF device as taught by LU ‘954 because it would obtain the registered response by removing potential noise in the noise response [0061]. Additionally, LU ‘954 is analogous to the claimed invention because it teaches a system for downlink transmission using physically unclonable function (PUF)-based keys [0057].

Per claim 2 (dependent on claim 1):
KIM ‘275 in view of LU ‘954 discloses the elements detailed in the rejection of claim 1 above, incorporated herein by reference.
KIM ‘275 discloses: The method according to claim 1, wherein the PUF is part of a secure part (FIG. 4, [0053], each KoB has its own computation capability independent of its attached client device and does not use the client's memory for its internal computations.).

Per claim 3 (dependent on claim 2):
KIM ‘275 in view of LU ‘954 discloses the elements detailed in the rejection of claim 2 above, incorporated herein by reference.
KIM ‘275 discloses: The method according to claim 2, wherein the secure part encrypts the altered configuration message and stores the thus obtained encrypted altered configuration message in a memory (FIG. 5, [0049], On receiving the message (the altered configuration message), in step 522, C asks its KoB to compute the session key sk and, if able, C can verify the received message's MAC with session key sk.; FIG. 4, [0035], Key Obfuscation Block: KoB is embedded into a system-on-a-chip … has a … NVM (427; a memory), a PUF ( 426); Note that κ is extracted from                         
                            
                                
                                    E
                                    N
                                    C
                                
                                
                                    s
                                    k
                                
                            
                            
                                
                                    K
                                
                            
                        
                    , which is a part of the received message, encrypted with the session key sk in FIG. 5.).

Per claim 4 (dependent on claim 2):
KIM ‘275 in view of LU ‘954 discloses the elements detailed in the rejection of claim 2 above, incorporated herein by reference.
KIM ‘275 discloses: The method according to claim 2, further comprising setting up of a secure link between the secure part and the client access server, wherein the initial configuration message and the altered configuration message are transmitted via the secure link (FIG. 7, [0068], Once the verification is passed, client id trusts the message's sender (i.e., 5), and will use session key sk for ensuring the confidentiality and integrity of subsequent communications with S (step 718). A secure communication session (a secure link) is created using the session key in a conventional manner; [0069], A refresh-response message (the initial configuration message) including pk' is then sent back to S in step 722. On receiving the message, S creates a new authentication token                         
                            
                                
                                    T
                                
                                
                                    i
                                    d
                                
                                
                                    '
                                
                            
                        
                     … Then,                        
                             
                            
                                
                                    T
                                
                                
                                    i
                                    d
                                
                                
                                    '
                                
                            
                        
                     (the altered configuration message) … are sent to client id.).

Per claim 5 (dependent on claim 2):
KIM ‘275 in view of LU ‘954 discloses the elements detailed in the rejection of claim 2 above, incorporated herein by reference.
KIM ‘275 discloses: The method according to claim 2, further comprising setting up of a secure link between the secure part and the client access server, wherein the cryptographic key is transmitted via the secure link (FIG. 7, [0068], Once the verification is passed, client id trusts the message's sender (i.e., 5), and will use session key sk for ensuring the confidentiality and integrity of subsequent communications with S (step 718). A secure communication session (a secure link) is created using the session key in a conventional manner; [0069], A refresh-response message including pk' (cryptographic key) is then sent back to S in step 722. On receiving the message, S creates a new authentication token                         
                            
                                
                                    T
                                
                                
                                    i
                                    d
                                
                                
                                    '
                                
                            
                        
                     … Then,                        
                             
                            
                                
                                    T
                                
                                
                                    i
                                    d
                                
                                
                                    '
                                
                            
                        
                      … are sent to client id.).

Per claim 6 (dependent on claim 4):
KIM ‘275 in view of LU ‘954 discloses the elements detailed in the rejection of claim 4 above, incorporated herein by reference.
KIM ‘275 discloses: The method according to claim 4, wherein the secure link is implemented using an authenticated Diffie-Hellman key exchange protocol (By design, the user is allowed to access a KoB using only the KoB access interfaces. Elliptic Curve Diffie-Hellman (ECDH) allows two parties (i.e., a pair of a client and an authentication server in TSAF), each having an elliptic curve public-private key pair, to know a shared secret without directly exchanging key materials.).

Per claim 9 (dependent on claim 1):
KIM ‘275 in view of LU ‘954 discloses the elements detailed in the rejection of claim 1 above, incorporated herein by reference.
KIM ‘275 discloses: The method according to claim 1, wherein information about the authenticity, serial number, origin, and/or production of the chipset is transmitted to the client access server, and wherein the altered configuration message is generated by the client access server depending on the information (FIG. 5, [0046], the authentication server S (the client access server) is represented as 502 … and the client (the chipset) is represented as 506; [0047], C sends a request message to S via P (step 512). The message contains id and                         
                            
                                
                                    T
                                
                                
                                    i
                                    d
                                
                            
                            =
                            
                                
                                    E
                                    N
                                    C
                                
                                
                                    t
                                    k
                                    i
                                    d
                                
                            
                            
                                
                                    i
                                    d
                                    +
                                    t
                                    s
                                    +
                                    p
                                    k
                                    +
                                    Φ
                                
                            
                        
                    ; [0049], On receiving the message (the altered configuration message), in step 522, C asks its KoB to compute the session key sk; Note that the request message                         
                            
                                
                                    T
                                
                                
                                    i
                                    d
                                
                            
                        
                     includes information about the KoB (the chipset).).

Per claim 10 (dependent on 1):
KIM ‘275 in view of LU ‘954 discloses the elements detailed in the rejection of claim 1 above, incorporated herein by reference.
The limitations of the claim(s) correspond(s) to features of claim 1 and the claim(s) is/are rejected for the reasons detailed with respect to claim 1.

Per claim 11 (dependent on 1):
KIM ‘275 in view of LU ‘954 discloses the elements detailed in the rejection of claim 1 above, incorporated herein by reference.
The limitations of the claim(s) correspond(s) to features of claim 1 and the claim(s) is/are rejected for the reasons detailed with respect to claim 1.

Per claim 12 (dependent on 10):
KIM ‘275 in view of LU ‘954 discloses the elements detailed in the rejection of claim 10 above, incorporated herein by reference.
KIM ‘275 discloses: The device according to claim 10, wherein the device is an internet-of-things device ([0020], Advantageously, illustrative embodiments of the invention address the EV authentication problem under hostile communication environments; [0021], as the number of EVs grows, plug-in EV charging will become part of the Internet of Things (IoTs).).

Per claim 13 (dependent on 1):
KIM ‘275 in view of LU ‘954 discloses the elements detailed in the rejection of claim 1 above, incorporated herein by reference.
The limitations of the claim(s) correspond(s) to features of claim 1 and the claim(s) is/are rejected for the reasons detailed with respect to claim 1.

Per claim 14 (dependent on 1):
KIM ‘275 in view of LU ‘954 discloses the elements detailed in the rejection of claim 1 above, incorporated herein by reference.
The limitations of the claim(s) correspond(s) to features of claim 1 and the claim(s) is/are rejected for the reasons detailed with respect to claim 1.

Per claim 15 (dependent on 11):
KIM ‘275 in view of LU ‘954 discloses the elements detailed in the rejection of claim 11 above, incorporated herein by reference.
The limitations of the claim(s) correspond(s) to features of claim 11 and the claim(s) is/are rejected for the reasons detailed with respect to claim 11.

Claim(s) 7-8 is/are rejected under 35 U.S.C. 103 as being unpatentable over KIM ‘275 in view of LU ‘954 as applied to claim 1 above, and further in view of Merchan et al., US-20140258736-A1 (hereinafter “Merchan ‘736”).
Per claim 7 (dependent on claim 1):
KIM ‘275 in view of LU ‘954 discloses the elements detailed in the rejection of claim 1 above, incorporated herein by reference.
KIM ‘275 in view of LU ‘954 does not disclose but Merchan ‘736 discloses: The method according to claim 1, wherein the cryptographic key is used to bootstrap security measures of the chipset (FIG. 3, [0042], operating a trusted processor to control the execution of instructions for software programs and to control access to data during the execution of the software programs; [0044], The SRAM-PUF response, Pe, serves as a cryptographic secret (cryptographic key) that is not consistent between different manufactured copies of the trusted processor and that bootstraps a unique device identity (of the chipset), per-application encryption and authentication keys, and random number generation.).
It would have been obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention to have modified KIM ‘275 in view of LU ‘954 with the cryptographic secret derived from a SRAM-PUF response for bootstrapping cryptographic operations as taught by Merchan ‘736 because it would reduce the TCB (trusted computing base) without requiring long-term storage of secret data in non-volatile memory while still ensuring the system security [0005][0044]. Additionally, Merchan ‘736 is analogous to the claimed invention because it teaches generating with a trusted processor a cryptographic key based on a physically unclonable function (See [0006]).

Per claim 8 (dependent on claim 1):
KIM ‘275 in view of LU ‘954 discloses the elements detailed in the rejection of claim 1 above, incorporated herein by reference.
KIM ‘275 in view of LU ‘954 does not disclose but Merchan ‘736 discloses: The method according to claim 1, wherein the cryptographic key is used as a root key in a key ladder to obtain one or more further cryptographic keys (FIG. 3, [0042], operating a trusted processor to control the execution of instructions for software programs and to control access to data during the execution of the software programs; [0044], The trusted processor uses the SRAM-PUF response to generate the root key, Kp … enables the processor to generate a hierarchy of derived keys (a key ladder).).
It would have been obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention to have modified KIM ‘275 in view of LU ‘954 with the root key enabling a processor to generate a hierarchy of derived keys as taught by Merchan ‘736 because it would reduce the TCB (trusted computing base) without requiring long-term storage of secret data in non-volatile memory while still ensuring the system security [0005][0044].

Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to SANGSEOK PARK whose telephone number is (571)272-4332. The examiner can normally be reached Monday-Thursday 7:30-5:30 and Alternate Fridays 8:30-5:30.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, PHILIP CHEA can be reached on (571)272-3951. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/SANGSEOK PARK/Examiner, Art Unit 2499                                                                                                                                                                                                        /PHILIP J CHEA/Supervisory Patent Examiner, Art Unit 2499