DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
This written action is responding to the amendment dated on 08/05/2022.
Claims 1, 9 and 17 have been amended and all other claims are previously presented.
Claims 1-17 are submitted for examination.
Claims 1-17 are pending.
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.

Response to Arguments
Applicant’s amendment filed on August 8, 2022 has claims 1, 9 and 17 amended and all other claims are previously presented. Amended claims 1, 9 and 17 are independent ones, and thus, the amendment necessitates a new ground of rejection.
Applicant’s remark, filed on August 8, 2022 at pages 9-12, indicates, “Applicant respectfully submits that Braskich, Madhavan and Bernsen, alone or in combination, fail to teach, suggest, or otherwise render obvious "exchanging signed key agreement exchange information of a signed key agreement exchange with the party via a second messaging of the handshake messaging phase, the second messaging comprising: sending a third message, the third message comprising a first signed ephemeral public key; and receiving a fourth message, the fourth message comprising a second signed ephemeral public key, wherein the first signed ephemeral public key and second signed ephemeral public key are signed by the respective participants in the mutual authentication handshake and not by a third party," as recited in claim 1 and similarly in claims 9 and 17. On pg. 10 of the Office Action, the Office acknowledges that "[t]he combination of Braskich and Madhavan does not expressly teach: a first signed ephemeral public key, a second signed ephemeral public key." Instead, the Office cites Bernsen as teaching the above recited elements. … However, Bernsen does not teach "exchanging signed key agreement exchange information of a signed key agreement exchange with the party via a second messaging of the handshake messaging phase, the second messaging comprising: sending a third message, the third message comprising a first signed ephemeral public key; and receiving a fourth message, the fourth message comprising a second signed ephemeral public key, wherein the first signed ephemeral public key and second signed ephemeral public key are signed by the respective participants in the mutual authentication handshake and not by a third party" as recited in claim 1 and similarly in claims 9 and 17. Rather, Bernsen appears to teach network system describing two separate handshakes that take place. The first handshake involves a "configurator" communicating with an "enrollee" and "signing the second enrollee public key... of the enrollee" so that "other devices... know they can trust the second enrollee public key." Bernsen, col. 17, In. 7-26. … For at least the reasons discussed above, Applicant respectfully submits that claims 1, 9, and 17 would not have been rendered obvious under 35 U.S.C. § 103 by Braskich in view of Madhavan and Bernsen because the references, alone or in combination, fail to teach, suggest, or otherwise render obvious the recitations of these claims as a whole.”
Applicant’s argument has been considered and is found persuasive. Therefore, Applicant’s amendment necessitates a new ground of rejection. Accordingly, a new ground of rejection based on the newly identified prior-art by Morgner (DE 102014204252), has been applied to the amendment.
Specifically, Morgner discloses an authentication method between a control unit device and an identity document (portable electronic device) in order to provide access to a user to the system. Morgner discloses a mutual authentication process where the participants party agree on key exchange protocol (Diffie-Hellman) to verify the identity of each side. Paragraph 0074 discloses that each party will generate an ephemeral key pair and the public ephemeral key will be signed by each side with the correspondent ephemeral private key. Thus, Examiner submits that Morgner teaches the amended feature limitation, “wherein the first signed ephemeral public key and second signed ephemeral public key are signed by the respective participants in the mutual authentication handshake and not by a third party.” (See rejection below)
Applicant further recites similar remarks as listed above for independent claims, 9 and 17. Please refer to the aforementioned response, which addresses how the new combination of prior-art references by Braskich, Madhavan and Morgner render the claimed limitations obvious.
Applicant further recites similar remarks as listed above for dependent claims, 2-8 and 10-16. Please refer to the aforementioned response, which addresses how the new combination of prior-art references by Braskich, Madhavan and Morgner would render the claimed limitations obvious.


Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1-4, 6-7, 9-12, 14-15 and 17 are rejected under 35 U.S.C. 103 as being unpatentable over Braskich et al. (US 2007/0162751) hereinafter Braskich in view of Madhavan et al. (US 2009/0249074) hereinafter Madhavan and further in view of Morgner (DE 102014204252).
As per claim 1, Braskich teaches a method of performing a side of a mutual authentication handshake (Braskich, parag. [0070]; “The Mutual Authentication (MA) handshake is an optional procedure that may be used to establish a secure association between two MPs in a WLAN mesh.”), the method comprising: 
exchanging identity information with a party via a first messaging of a handshake messaging phase (Braskich, Parag. [0039]; “FIG. 4 is a message flow diagram showing messaging between nodes during mutual authentication. In FIG. 4, subordinate node 401 will need to authenticate superordinate node 403 and vice versa. As shown, mutual authentication can be broken down into a negotiation phase, an authentication phase, and a secure association phase. During the negotiation phase the first authentication message is sent from subordinate node 401 to superordinate node 403, while a second authentication message is sent from superordinate node 403 to the subordinate node 401. With the information provided in the first and the second authentication messages, nodes 401 and 403 can properly authenticate each other during the authentication phase.” … Parag. [0041]; “First authentication message 513 comprises a plurality of information elements 521 (PTK1A), and a plurality of information elements 529 (PTK2-A). The information elements PTK1-A are needed for the superordinate node to authenticate the subordinate node and are sent from supplicant process 503 of subordinate node 501 to authenticator process 509 of superordinate node 507.”), the first messaging comprising: 
sending a first message, the first message comprising a first cryptographic nonce (Braskich, Parag. [0018-0021]; “At step 303 logic circuitry 201 instructs transmitter 202 to transmit a first authentication message. The first authentication message comprises: information needed for a second node (superordinate node) to authenticate the first node; and information needed by the second node for the second node to be authenticated by the first node. The information in the first authentication message needed for the second node to authenticate the first node comprises a mutual authentication information element identifying the first node as a node to be authenticated, a Robust Security Network (RSN) information element identifying a key suite to be used for authenticating the first node, and an Extensible Authentication Protocol over LAN Key (EAPOL-Key) message containing a nonce created by the first node.”) and [a first signed device certificate portion]; and 
receiving a second message, the second message comprising a second cryptographic nonce (Braskich, Parag. [0022-0025]; “At step 305 a second authentication message is received by receiver 203. The second authentication message is received from the second node and comprises: information needed by the first node for the first node to be authenticated by the second node; and information needed for the first node to authenticate the second node. The information needed in the second authentication message by the first node for the first node to be authenticated by the second node comprises a mutual authentication information element identifying the first node as a node to be authenticated, an RSN information element identifying a key suite to be used for authenticating the first node, and an EAPOL-Key message containing a nonce created by the second node.”) and [a second signed device certificate portion], and 
[exchanging signed key agreement exchange information of a signed key agreement exchange with the party via a second messaging of the handshake messaging phase], the second messaging comprising: 
sending a third message, the third message comprising (Braskich, Parag. [0030-0032]; “At step 319, an association request message is sent by transmitter 202. The association request message comprises: information needed by the second node to derive and validate a first PTK; and information needed by the second node to derive and validate a second PTK.”) [a first signed ephemeral public key]; and 
receiving a fourth message, the fourth message comprising (Braskich, Parag. [0034-0036]; “At step 321 receiver 203 receives an association response message. The association response message comprises: information needed by the first node to validate the second PTK; and information needed by the first node to validate the first PTK.”) [a second signed ephemeral public key],
[wherein the first signed ephemeral public key and second signed ephemeral public key are signed by the respective participants in the mutual authentication handshake and not by a third party].
Braskich does not expressly teach:
a first signed device certificate portion;
a second signed device certificate portion;
exchanging signed key agreement exchange information of a signed key agreement exchange with the party via a second messaging of the handshake messaging phase,
… a first signed ephemeral public key, and
… a second signed ephemeral public key.
wherein the first signed ephemeral public key and second signed ephemeral public key are signed by the respective participants in the mutual authentication handshake and not by a third party. 
However, Madhavan teaches:
a first signed device certificate portion (Madhavan, Parag. [0067]; “The client hello message also contains the telematics unit serial number which can be used by the call center to determine which vehicle is making the request. The call center responds with a Server Hello message specifying the encryption to be used which for the vehicle communication system 10 will generally be the pre-established cipher suite identified by the vehicle in the ClientHello message. The call center then sends its compact certificate containing its public key, followed by a CertificateRequest message Soliciting the vehicle's compact certificate so that the call center can authenticate the vehicle.”);
a second signed device certificate portion (Madhavan, Parag. [0068]; “Having received the call center compact certificate, the vehicle authenticates the call center using the previously stored call center certificate data, and again this can be done according to the process of FIG. 7. If validated, the vehicle then sends to the call center a ClientKeyExchange message including a premaster key encrypted with the call center's public key. The vehicle also sends its compact certificate as a response to the call center's CertificateRequest message.”);
exchanging signed key agreement exchange information of a signed key agreement exchange with the party via a second messaging of the handshake messaging phase (Madhavan, Parag. [0067]; “The TLS handshaking begins with the vehicle 12 sending a ClientHello message requesting establishment of a secure connection and specifying the desired encryption, for example, TLS_ECDH_ECDSA_WITH AES_128_CBC_SHA, which is identified in RFC 4492.” Examiner submits: See Fig. 9 where also shows a Key Exchange as part of the handshaking process.)
Braskich and Madhavan are from similar field of technology. Prior to the instant application’s effective filling date, there was a need for a mutual authentication protocol, usable in low-throughput connections and applications including low-throughput connections, whereby two parties (e.g., two devices, without limitation) may ensure the identity of the party they are in communication with and establish a secure session for exchanging encrypted data.
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Madhavan system into Braskich system, with a motivation to provide authentication techniques using digital certificates to provide secure communication between two entities such as a vehicle and a central call center (Madhavan, Parag. [0001]).
The combination of Braskich and Madhavan does not expressly teach:
… a first signed ephemeral public key, and
… a second signed ephemeral public key,
wherein the first signed ephemeral public key and second signed ephemeral public key are signed by the respective participants in the mutual authentication handshake and not by a third party.
However, Morgner teaches:
a first signed ephemeral public key (Morgner, Parag. [0061]; “The mutual authentication of control unit and identity document according to embodiments a) may comprise, for example: Transmission of a challenge from a sender to a receiver; the receiver signing the challenge with the symmetric cryptographic key stored in the receiver's memory; transferring the signed challenge from the recipient to the sender; and checking the signature by the transmitter with the aid of the symmetrical cryptographic key of the transmitter stored in the memory of the transmitter.” … Parag. [0074]; “According to embodiments, following a successful mutual authentication of identity document and control unit according to b1) in combination with b2), the following method is carried out between the control unit and the identity document in order to derive symmetrical session keys and, with these session keys, to enable the establishment of a protected data transmission connection between identity document and control unit: agreement of domain parameters between the control unit and the identity document; this agreement can take place before, during or after the mutual authentication; the domain parameters can also already be stored on the identity document from manufacture or personalization of the identity document; Generation of a first ephemeral (i.e. temporary session only valid) asymmetric key pair by the identity document using the agreed domain parameters; the first ephemeral asymmetric key pair includes a Diffie-Hellman (DH) public key (i.e. first ephemeral public key) and a DH private key (i.e. first ephemeral private key); signing the first ephemeral public key with the first private signature key of the identity document; transferring the signed public first ephemeral key to the control unit; Generation of a second ephemeral asymmetric key pair by the control unit using the agreed domain parameters; The second ephemeral asymmetric key pair includes a Diffie-Hellman (DH) public key (i.e., second ephemeral public key) and a DH private key (i.e., second ephemeral private key); Signature of the second ephemeral public key with the second private signature key by the control unit; transferring the signed second ephemeral public key to the identity document; verification of the second ephemeral public key signature by the identity document by means of the verification key of the second certificate; Calculation of a session key by the identity document by a key derivation from the first ephemeral private key and the second ephemeral public key; The key derivation may be performed, for example. B. in concatenate the first ephemeral private key and the second ephemeral public key; checking, by the control unit, the signature of the first ephemeral public key with the aid of the verification key of the first certificate; Calculation of a copy of the session key by the control unit by key derivation from the second ephemeral private key and the first ephemeral public key; The key derivation may be performed, for example.”),
a second signed ephemeral public key (Morgner, Parag. [0061]; “The mutual authentication of control unit and identity document according to embodiments a) may comprise, for example: Transmission of a challenge from a sender to a receiver; the receiver signing the challenge with the symmetric cryptographic key stored in the receiver's memory; transferring the signed challenge from the recipient to the sender; and checking the signature by the transmitter with the aid of the symmetrical cryptographic key of the transmitter stored in the memory of the transmitter.” … Parag. [0074]; “According to embodiments, following a successful mutual authentication of identity document and control unit according to b1) in combination with b2), the following method is carried out between the control unit and the identity document in order to derive symmetrical session keys and, with these session keys, to enable the establishment of a protected data transmission connection between identity document and control unit: agreement of domain parameters between the control unit and the identity document; this agreement can take place before, during or after the mutual authentication; the domain parameters can also already be stored on the identity document from manufacture or personalization of the identity document; Generation of a first ephemeral (i.e. temporary session only valid) asymmetric key pair by the identity document using the agreed domain parameters; the first ephemeral asymmetric key pair includes a Diffie-Hellman (DH) public key (i.e. first ephemeral public key) and a DH private key (i.e. first ephemeral private key); signing the first ephemeral public key with the first private signature key of the identity document; transferring the signed public first ephemeral key to the control unit; Generation of a second ephemeral asymmetric key pair by the control unit using the agreed domain parameters; The second ephemeral asymmetric key pair includes a Diffie-Hellman (DH) public key (i.e., second ephemeral public key) and a DH private key (i.e., second ephemeral private key); Signature of the second ephemeral public key with the second private signature key by the control unit; transferring the signed second ephemeral public key to the identity document; verification of the second ephemeral public key signature by the identity document by means of the verification key of the second certificate; Calculation of a session key by the identity document by a key derivation from the first ephemeral private key and the second ephemeral public key; The key derivation may be performed, for example. B. in concatenate the first ephemeral private key and the second ephemeral public key; checking, by the control unit, the signature of the first ephemeral public key with the aid of the verification key of the first certificate; Calculation of a copy of the session key by the control unit by key derivation from the second ephemeral private key and the first ephemeral public key; The key derivation may be performed, for example.”).
wherein the first signed ephemeral public key and second signed ephemeral public key are signed by the respective participants in the mutual authentication handshake and not by a third party (Morgner, Parag. [0061]; “The mutual authentication of control unit and identity document according to embodiments a) may comprise, for example: Transmission of a challenge from a sender to a receiver; the receiver signing the challenge with the symmetric cryptographic key stored in the receiver's memory; transferring the signed challenge from the recipient to the sender; and checking the signature by the transmitter with the aid of the symmetrical cryptographic key of the transmitter stored in the memory of the transmitter.” … Parag. [0074]; “According to embodiments, following a successful mutual authentication of identity document and control unit according to b1) in combination with b2), the following method is carried out between the control unit and the identity document in order to derive symmetrical session keys and, with these session keys, to enable the establishment of a protected data transmission connection between identity document and control unit: agreement of domain parameters between the control unit and the identity document; this agreement can take place before, during or after the mutual authentication; the domain parameters can also already be stored on the identity document from manufacture or personalization of the identity document; Generation of a first ephemeral (i.e. temporary session only valid) asymmetric key pair by the identity document using the agreed domain parameters; the first ephemeral asymmetric key pair includes a Diffie-Hellman (DH) public key (i.e. first ephemeral public key) and a DH private key (i.e. first ephemeral private key); signing the first ephemeral public key with the first private signature key of the identity document; transferring the signed public first ephemeral key to the control unit; Generation of a second ephemeral asymmetric key pair by the control unit using the agreed domain parameters; The second ephemeral asymmetric key pair includes a Diffie-Hellman (DH) public key (i.e., second ephemeral public key) and a DH private key (i.e., second ephemeral private key); Signature of the second ephemeral public key with the second private signature key by the control unit; transferring the signed second ephemeral public key to the identity document; verification of the second ephemeral public key signature by the identity document by means of the verification key of the second certificate; Calculation of a session key by the identity document by a key derivation from the first ephemeral private key and the second ephemeral public key; The key derivation may be performed, for example. B. in concatenate the first ephemeral private key and the second ephemeral public key; checking, by the control unit, the signature of the first ephemeral public key with the aid of the verification key of the first certificate; Calculation of a copy of the session key by the control unit by key derivation from the second ephemeral private key and the first ephemeral public key; The key derivation may be performed, for example.” Examiner submits that each ephemeral public key is signed by the mutual authentication participants, thus the keys are not signed by a third party. )
Braskich, Madhavan and Morgner are from similar field of technology. Prior to the instant application’s effective filling date, there was a need for a mutual authentication protocol, usable in low-throughput connections and applications including low-throughput connections, whereby two parties (e.g., two devices, without limitation) may ensure the identity of the party they are in communication with and establish a secure session for exchanging encrypted data.
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Morgner system into Braskich-Madhavan system, with a motivation to provide a key derivation protocol where each public ephemeral key are signed by the participants in a mutual authentication process (Morgner, Parag. [0061-0074]).

As per claim 2, the combination of Braskich, Madhavan and Morgner teach the method of claim 1. Madhavan teaches further comprising: selecting information stored in one or more specific fields of a first device certificate (Madhavan, Parag. [0063]; “For each entity, the process involves first identifying and/or assembling the data to be used in the certificate and, in particular, the TBS data that forms the basis of the certificate fingerprint used in the signature. This is shown at step 804. This step also involves identifying which data will be included in the compact certificate for each entity versus what will be pre-stored on the other.”); 
generating a first device certificate portion comprising the selected information (Madhavan, Parag. [0047]; “at step 204, a digital certificate is formed using the digital signature and only some of the authentication information. This produces a compact certificate which includes less than all of the information needed for authentication.”); and
signing the first device certificate portion responsive to a trusted third-party's digital signature to generate the first signed device certificate portion (Madhavan, Parag. [0048]; “Finally, at step 306 the compact certificate is validated at the wireless device using the digital signature and both the data items stored on the wireless device and those contained in the certificate.” … Parag. [0053]; “The method 600 of FIG. 6 begins at step 602 wherein the digital certificate is assembled using all of the TBS certificate data items. Then, the certificate is signed with a digital signature, step 604. This signing can be carried out using public key cryptography as noted above in connection with FIGS. 2 and 5.”).

As per claim 3, the combination of Braskich, Madhavan and Morgner teach the method of claim 1. Madhavan teaches further comprising: obtaining a device certificate of the party by combining the second signed device certificate portion and a partially pre-filled device certificate (Madhavan, Parag. [0060]; “step 708 begins with the result R being extracted from the certificate's digital signature using the public key associated with the private key that was used to encrypt the result R. This public key can be pre-stored on the wireless device, which could also be done as a part of the FIG. 6 process of configuring the device, or it can be contemporaneously acquired by the device. Then, to confirm this extracted result, the wireless device combines the first group of certificate data stored on the device with the second group of certificate data contained in the received compact certificate, as indicated at step 712. Then, at step 714, the device performs a hash of the combined data using the same hash function that was used to generate the signature.”).

As per claim 4, the combination of Braskich, Madhavan and Morgner teach the method of claim 3. Madhavan teaches wherein combining the second signed device certificate portion and the partially pre-filled device certificate comprises: combining the second signed device certificate portion with a portion of the partially pre-filled device certificate that is complimentary to the second signed ephemeral public key and second signed device certificate portion (Madhavan, Parag. [0060]; “step 708 begins with the result R being extracted from the certificate's digital signature using the public key associated with the private key that was used to encrypt the result R. This public key can be pre-stored on the wireless device, which could also be done as a part of the FIG. 6 process of configuring the device, or it can be contemporaneously acquired by the device. Then, to confirm this extracted result, the wireless device combines the first group of certificate data stored on the device with the second group of certificate data contained in the received compact certificate, as indicated at step 712. Then, at step 714, the device performs a hash of the combined data using the same hash function that was used to generate the signature. For compact X.509 certificates, the particular hash function used can be identified from the Signature Algorithm field or, where that data is excluded from the compact certificate and made a part of the data pre-stored on the wireless device, it can be pulled from memory on the wireless device.” … Parag. [0061]; “The last step 716 in the validation process is to compare the result R of the hash function performed in step 714 at the wireless device with the extracted result R to determine if they match. If so, the certificate is valid and the entities can proceed with establishment of a secure connection.”).

As per claim 6, the combination of Braskich, Madhavan and Morgner teach the method of claim 1. Madhavan teaches further comprising: generating an encoded first digital signature by encoding a first digital signature (Madhavan, Parag. [0047]; “The process begins at step 202 by generating a digital signature using authentication information. Then, at step 204, a digital certificate is formed using the digital signature and only some of the authentication information.”) and /YIN CHEN SHAW/                                                                                                                                                                                                        Braskich teaches: responsive to the second cryptographic nonce (Braskich, Parag. [0022-0025]; “At step 305 a second authentication message is received by receiver 203. The second authentication message is received from the second node and comprises: information needed by the first node for the first node to be authenticated by the second node; and information needed for the first node to authenticate the second node. The information needed in the second authentication message by the first node for the first node to be authenticated by the second node comprises a mutual authentication information element identifying the first node as a node to be authenticated, an RSN information element identifying a key suite to be used for authenticating the first node, and an EAPOL-Key message containing a nonce created by the second node.”).
In addition, Morgner teaches:
signing the third message responsive to the encoded first digital signature (Morgner, Parag. [0052]; “The first certificate allows a verification of the authenticity of a public first signature verification key provided by the identity document, wherein a private first signature key is associated with the public first signature verification key. A “signature key” is a private key with which data, for example Messages can be “signed” such that the receiver can recognize the issuer on the basis of a check with an associated public key, which is referred to below as “signature check key”, and thus check the authenticity of the signed data. Preferably, the signature verification is performed by resorting to a public key system deemed trustworthy.”).

As per claim 7, the combination of Braskich, Madhavan and Morgner teaches the method of claim 1. Morgner teaches further comprising: generating a session secret responsive to the second signed ephemeral public key and an ephemeral private key (Morgner, Parag. [0048]; “a Diffie-Hellman key exchange for agreement of a common secret between identity document and authentication server can also be carried out, wherein the authentication server subsequently transmits a copy of this secret to the control unit. The two copies of this secret represent the first and second trust anchors after storage in the first and second memory. For example, a Diffie-Hellman key exchange, in particular an Elliptic Curve Diffie-Hellman key exchange, can be used.” … Parag. [0074]; “According to embodiments, following a successful mutual authentication of identity document and control unit according to b1) in combination with b2), the following method is carried out between the control unit and the identity document in order to derive symmetrical session keys and, with these session keys, to enable the establishment of a protected data transmission connection between identity document and control unit: agreement of domain parameters between the control unit and the identity document; this agreement can take place before, during or after the mutual authentication; the domain parameters can also already be stored on the identity document from manufacture or personalization of the identity document; Generation of a first ephemeral (i.e. temporary session only valid) asymmetric key pair by the identity document using the agreed domain parameters; the first ephemeral asymmetric key pair includes a Diffie-Hellman (DH) public key (i.e. first ephemeral public key) and a DH private key (i.e. first ephemeral private key); signing the first ephemeral public key with the first private signature key of the identity document; transferring the signed public first ephemeral key to the control unit; Generation of a second ephemeral asymmetric key pair by the control unit using the agreed domain parameters; The second ephemeral asymmetric key pair includes a Diffie-Hellman (DH) public key (i.e., second ephemeral public key) and a DH private key (i.e., second ephemeral private key); Signature of the second ephemeral public key with the second private signature key by the control unit; transferring the signed second ephemeral public key to the identity document; verification of the second ephemeral public key signature by the identity document by means of the verification key of the second certificate; Calculation of a session key by the identity document by a key derivation from the first ephemeral private key and the second ephemeral public key; The key derivation may be performed, for example. B. in concatenate the first ephemeral private key and the second ephemeral public key; checking, by the control unit, the signature of the first ephemeral public key with the aid of the verification key of the first certificate; Calculation of a copy of the session key by the control unit by key derivation from the second ephemeral private key and the first ephemeral public key; The key derivation may be performed, for example.”).

As per claim 9, it is an apparatus claim that recites limitations to those of claim 1, and therefore it is rejected for the same rationale applied to claim 1. In addition, Madhavan teaches a computing apparatus, comprising: a processor; and 
a memory having thereon machine-executable instructions that, when executed by the processor, configure the computing apparatus (Madhavan, Parag. [0037]; “Processor 52 executes various types of digitally stored instructions, such as software or firmware programs stored in memory 54, which enable the telematics unit to provide a wide variety of services. For instance, processor 52 can execute programs or process data to carry out at least a part of the method discussed herein.”).

As per claim 10, the rejection of claim 9 it is incorporated. In addition, it is an apparatus claim that recites limitations to those of claim 2, and therefore it is rejected for the same rationale applied to claim 2.

As per claim 11, the rejection of claim 9 it is incorporated. In addition, it is an apparatus claim that recites limitations to those of claim 3, and therefore it is rejected for the same rationale applied to claim 3.

As per claim 12, the rejection of claim 11 it is incorporated. In addition, it is an apparatus claim that recites limitations to those of claim 4, and therefore it is rejected for the same rationale applied to claim 4.

As per claim 14, the rejection of claim 9 it is incorporated. In addition, it is an apparatus claim that recites limitations to those of claim 6, and therefore it is rejected for the same rationale applied to claim 6.

As per claim 15, the rejection of claim 9 it is incorporated. In addition, it is an apparatus claim that recites limitations to those of claim 7, and therefore it is rejected for the same rationale applied to claim 7.

As per claim 17, it is a storage device claim that recites limitations to those of claim 1, and therefore it is rejected for the same rationale applied to claim 1.

Claims 5 and 13 are rejected under 35 U.S.C. 103 as being unpatentable over Braskich et al. (US 2007/0162751) hereinafter Braskich in view of Madhavan et al. (US 2009/0249074) hereinafter Madhavan and further in view of Morgner (DE 102014204252) as applied to claim 1 above, and further in view of Metke et al. (US 2009/0217043) hereinafter Metke.
As per claim 5, the combination of Braskich, Madhavan and Morgner teach the method of claim 3.
The combination of Braskich, Madhavan and Morgner does not expressly teach:
further comprising: verifying the party's identity responsive to the obtained device certificate of the party.
However, Metke teaches:
further comprising: verifying the party's identity responsive to the obtained device certificate of the party (Metke, Parag. [0023]; “After receiving the association request message 120, the AP (the second node 110) can validate the certificate of the STA (the first node 105), assuming that the AP has the public key of a certification authority (CA) that signed the certificate. If the STA's certificate is determined to be valid, the AP can determine whether the STA has the associated private key by verifying the signature included in the association request message 120, and thus prove an authenticity of the STA. The AP can then determine whether the STA is authorized to use the wireless communication network 100. The association request message 120 also includes the second nonce value (SNonce) that the STA uses to prove its identity to the AP.”).
Braskich, Madhavan, Morgner and Metke are from similar field of technology. Prior to the instant application’s effective filling date, there was a need for a mutual authentication protocol, usable in low-throughput connections and applications including low-throughput connections, whereby two parties (e.g., two devices, without limitation) may ensure the identity of the party they are in communication with and establish a secure session for exchanging encrypted data.
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Metke system into Braskich-Madhavan-Morgner system, with a motivation to provide a method that enables mutual authentication of nodes in a wireless communication network. The method includes processing at a first node a beacon message received from a second node, wherein the beacon message comprises a first nonce value. (Metke, Abstract)

As per claim 13, the rejection of claim 11 it is incorporated. In addition, it is an apparatus claim that recites limitations to those of claim 5, and therefore it is rejected for the same rationale applied to claim 5.

Claims 8 and 16 are rejected under 35 U.S.C. 103 as being unpatentable over Braskich et al. (US 2007/0162751) hereinafter Braskich in view of Madhavan et al. (US 2009/0249074) hereinafter Madhavan and further in view of Morgner (DE 102014204252) as applied to claim 1 above, and further in view of Dolev et al. (Vehicle authentication via monolithically certified public key and attributes, 2015) hereinafter Dolev.
As per claim 8, the combination of Braskich, Madhavan and Morgner teach the method of claim 1.
The combination of Braskich, Madhavan and Morgner does not expressly teach:
further comprising: rotate session keys of a secure communication session responsive to initiating a second handshake messaging phase.
However, Dolev teaches:
further comprising: rotate session keys of a secure communication session responsive to initiating a second handshake messaging phase (Dolev, Section 3.3, page 889; “TLS handshakes are based on a pre-defined sequence of phases such as mutual authentication, random secret exchange and session key establishment. However, the handshake between sender S and receiver R starts by sending the supported range of cryptographic standards, also called as Hello message. Moreover, the mutual authentication is accomplished through the CA signed certificates called a Certificate Exchange message.” … “During the certificate exchange receiver R generates a random string keyr and forwards to S along with the certificate CertR. The random string is encrypted with the intended receiver’s certificate sequence number as EPublic keyS (keyr + Sequence NumberS) by using the public key Public keyS and the digital signature EPublic keyS (ESKR (H(keyr + Sequence NumberS))). This way a MitM attacker can no longer fabricate the combination of session key keyr and sequence number Sequence NumberS. S can now decrypt the random string keyr with the certificate sequence number Sequence NumberS using SKS and also the digital signature by using SKS and Public keyR respectively.”).
Braskich, Madhavan, Morgner and Dolev are from similar field of technology. Prior to the instant application’s effective filling date, there was a need for a mutual authentication protocol, usable in low-throughput connections and applications including low-throughput connections, whereby two parties (e.g., two devices, without limitation) may ensure the identity of the party they are in communication with and establish a secure session for exchanging encrypted data.
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Dolev system into Braskich-Madhavan-Morgner system, with a motivation to provide certify both the public key and out-of-band sense-able static attributes to enable mutual authentication of the communicating vehicles. In order to protect against Man-in-the-Middle attacks. (Dolev, Abstract).

As per claim 16, the rejection of claim 9 it is incorporated. In addition, it is an apparatus claim that recites limitations to those of claim 8, and therefore it is rejected for the same rationale applied to claim 8.

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.
Dottax et al. (FR 3030821): a method for authenticating an application (App) executed by a processor (10) of an electronic device, comprising the following steps: - derivation of a cryptographic key (AEK) from a given data (OT_Apps) received from an external electronic entity (20); decryption, using the derived cryptographic key (AEK), of an encrypted secret key encrypted ([App_SK] AEK); - issuing authentication data prepared using the decrypted secret key (App_SK). An electronic device and an associated computer program are also provided.
Gero, et al. (US 9,531,685): An infrastructure delivery platform provides a proxy service as an enhancement to the TLS/SSL protocol to off-load to an external server the generation of a digital signature, the digital signature being generated using a private key that would otherwise have to be maintained on a terminating server. Using this service, instead of digitally signing (using the private key) "locally, the terminating server proxies given public portions of ephemeral key exchange material to the external server and receives, in response, a signature validating that the terminating server is authorized to continue with the key exchange.

Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 




Any inquiry concerning this communication or earlier communications from the examiner should be directed to ALEX D CARRASQUILLO whose telephone number is (571)270-5045. The examiner can normally be reached Monday - Friday 9:00 am - 6:00 pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Yin-Chen Shaw can be reached on 571-272-8878. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/A.D.C./Examiner, Art Unit 2498        

/YIN CHEN SHAW/Supervisory Patent Examiner, Art Unit 2498