Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Response to Arguments
Applicant's response with amendments filed 08/25/2022 have been received and entered.  Applicant has amended claims 1, 2, and 15. Amended claims have been examined on the merits.
Applicant’s arguments, see Applicant Arguments pages 1-5, with respect to the rejection(s) of the independent claims 1, 10, and 15 under 35 U.S.C. 112(a) have been fully considered and are persuasive. Therefore, the rejection has been withdrawn.
Applicant’s arguments, see Applicant Arguments pages 1-5, with respect to the rejection(s) of the independent claims 1, 10, and 15 under 35 U.S.C. 103 have been fully considered and are persuasive. Therefore, the rejection has been withdrawn. However, upon further consideration, a new ground(s) of rejection is made in view of CAMAROTA et al. (US 20180109381), hereinafter CAMAROTA.
	In response to the Applicant’s arguments that “there must be some apparent reason to combine prior art references beyond merely finding individual references that match portions of the applicant's invention”, and “the Examiner has failed to establish a prima facie case to support the rejection of claims”; the Examiner respectfully disagrees and submits that all cited references are in the same field of endeavor with the claimed invention, and maintains that one of skill in the art would be motivated to make the changes proposed by the Examiner.  Applicant is advised to recite more details of the inventive concept based on the Specification into the claim language in order to overcome the art of record.
	The rest of applicant’s arguments are moot in view of new grounds of rejection set forth above.
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1-4, 8-10, and 14-17 are rejected under 35 U.S.C. 103 as being unpatentable over BALTATU et al. (US 20200322794), hereinafter BALTATU in view of Nix (US 10169587), hereinafter Nix in view of Quick, Jr. (US 6178506), hereinafter Quick in view of CAMAROTA et al. (US 20180109381), hereinafter CAMAROTA.
	Regarding Claim 1, BALTATU teaches
	A method for establishing a secure wireless link for communication between a first device and a second device over a wireless physical channel ([Abstract] A method of protecting the exchange of privacy-sensitive data in a wireless communication network, …, possessing the data to be sent to the network through a wireless connection; generating and providing a private secret cryptographic key to a second entity, being the intended recipient of the data, …; having the first entity receive the information and encrypt the data using the public key and the received information to obtain protected, encrypted privacy-sensitive data. Para [0007] Therefore, symmetric encryption schemes used in today's mobile networks do not permit to protect any privacy-sensitive data that is exchanged before the completion of the user authentication procedure. Para [0026] generating and providing a public cryptographic key to a first entity, possessing privacy-sensitive data to be sent to a wireless communication network through a wireless connection), 
	transmitting, by the first device, the encrypted identifying information over the wireless physical channel (Para [0030] having the first entity send to the second entity through the wireless communication network the encrypted privacy-sensitive data; [0031] having the second entity decrypt the encrypted privacy-sensitive data exploiting the private secret cryptographic key);
	receiving, by the second device, the encrypted identifying information and using private key information associated with the public key information to extract the identifying information (Para [0031] having the second entity decrypt the encrypted privacy-sensitive data exploiting the private secret cryptographic key);
	using the encrypted identifying information to restore the Connector and to verify the integrity of the Connector (Para [0056] having the second entity of the second wireless network verify the identifying information of the first entity and computing authentication data for the authentication of the first network entity; Para [0057] having the second entity of the second wireless network encrypt said authentication data for the authentication of the first entity using the public cryptographic key and the first privacy support context information of the first wireless network, to obtain protected, encrypted authentication data for the authentication of the first entity).
	BALTATU does not explicitly teach wherein a paring protocol requires the first device send identifying information over the wireless physical channel, the identifying information identifying the device sending the identifying information or a user thereof, wherein the pairing protocol is based upon a Device Provisioning Protocol and wherein the identifying information is a part of the Connector as defined in the Device Provisioning Protocol.
	In the same field of endeavor, Nix teaches
	wherein a paring protocol requires the first device send identifying information over the wireless physical channel, the identifying information identifying the device sending the identifying information or a user thereof (Col. 2, lines 7-12, “In an attempt to address these needs to simplify or automate device provisioning, the WiFi Alliance™ released a Device Provisioning Protocol (DPP) specification on Apr. 9, 2018 as version 1.0 (DPPv1.0). Although the DPPv1.0 defines a series of messages between an initiator and a responder in order to support a device configuration”.  Col. 5, lines 18-22, “An initiator can be a computing device that includes a WiFi radio and can be associated with an initiator user. The initiator can operate the WiFi radio with an initiator configuration in order for the initiator to send and receive messages with the responder”.  Col. 6, lines 30-35, “The initiator can send (i) secure hash values for the initiator bootstrap public key and the responder bootstrap public key, the (ii) derived initiator ephemeral public key, and (iii) the first ciphertext to the initiator. The initiator can send a DPP authentication request to the responder”),
	wherein the pairing protocol is based upon a Device Provisioning Protocol and wherein the identifying information is a part of the Connector as defined in the Device Provisioning Protocol (Col. 58, lines 26-34, “The configuration object with network credentials 109 can comprise a connector or configuration object as specified in section 6.3.5 and 6.3.6 of DPP specification version 1.0. The configuration object with network credentials 109 can be signed using the recorded initiator ephemeral private key pi 102b, corresponding to public key Pi 102a sent in message 317 and 122 above. Or, in another embodiment the configuration object with network credentials 109 can be signed using the recorded initiator bootstrap private key bi 104b”).
	It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the method taught by BALTATU to incorporate the teachings of Nix such that the method of BALTATU includes wherein a paring protocol requires the first device send identifying information over the wireless physical channel, the identifying information identifying the device sending the identifying information or a user thereof, wherein the pairing protocol is based upon a Device Provisioning Protocol and wherein the identifying information is a part of the Connector as defined in the Device Provisioning Protocol. One would have been motivated to make such combination in order to using a Device Provisioning Protocol with a networked initiator and a set of servers that record PKI keys, in order securely transfer a set of credentials to a device (Nix, Col. 1, lines 19-21).
	The combination of BALTATU and Nix does not explicitly teach the method comprising: generating random information; using a secret uniquely related to the identifying information to derive a session key, using the session key to establish the secure wireless link.
	In the same field of endeavor, Quick teaches
	the method comprising: generating random information (Col. 3, lines 3-7, The terminal generates a public/private key pair and stores it. This key pair is preferably a Diffie-Hellman (D-H) key pair. It optionally concatenates the public key with a random number, and encrypts the (optionally concatenated) number with the password.  Col. 5, lines 18-19, Second, the home system 112 generates its own random number C.sub.H);
	using a secret uniquely related to the identifying information to derive a session key, using the session key to establish the secure wireless link (Col. 4, lines 49-58, Optionally, the terminal 104 and the base station of the serving system 106 carry out a separate procedure to establish a local session encryption key SESS 108 to protect the user identifier from interception. The terminal 104 uses the password to encrypt the D-H public key, optionally concatenated with a random number before encryption, then transmits the user identifier (optionally encrypted under the local session key) and the encrypted public key, that is, a first DH-EKE message 110, to the base station of the serving system 106 in a registration request).
	It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the method taught by the combination of BALTATU and Nix to incorporate the teachings of Quick such that the method of the combination of BALTATU and Nix includes generating random information; using a secret uniquely related to the identifying information to derive a session key, using the session key to establish the secure wireless link. One would have been motivated to make such combination so that the terminal 104 uses the password to encrypt the D-H public key, optionally concatenated with a random number before encryption, then transmits the user identifier (optionally encrypted under the local session key) and the encrypted public key (Quick, Col. 4, lines 52-56).
	The combination of BALTATU, Nix, and Quick does not explicitly teach encrypting, by the first device, a combination of the identifying information and the random information by using a public key information of the second device to provide encrypted identifying information.
	In the same field of endeavor, CAMAROTA teaches
	encrypting, by the first device, a combination of the identifying information and the random information by using a public key information of the second device to provide encrypted identifying information (Para [0015], In some implementations, the first configurator device may provide decryption information to the second configurator device. The decryption information may enable the second configurator device to decrypt at least the portion of the configurator keybag and may obtain the configurator private signing key and the configurator public verification key.  Para [0050], The DPP authentication phase uses the bootstrapping data, obtained using a bootstrapping technique, to strongly authenticate the configurator and enrollee. The DPP authentication consists of a 3-message exchange and generates a shared secret [i.e. random information] and authenticated key. At 215, the configurator device 210 generates a first nonce, generates a protocol key pair, performs a hash function of the enrollee public bootstrap key, and generates a first symmetric key based on a shared secret derived from the hashed bootstrap data. The configurator device 210 sends a DPP Authentication Request message 217 via one or more of the channels in the Channel List. The DPP authentication request message 217 includes the shared secret and the first nonce encrypted by the first symmetric key.  Para [0055] “At the conclusion of the DPP configuration phase, the configurator device 210 may create a connector (represented by arrow 277). The connector is a signed introduction that enables the enrollee device 250 to get a trusted statement that other devices on the network are permitted to communicate with it. Each connector may include a tuple of a group identifier, a network role, and a network access provisioning key, all signed using a configurator private signing key of the configurator device”).
	It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the method taught by the combination of BALTATU, Nix, and Quick to incorporate the teachings of CAMAROTA such that the method of the combination of BALTATU, Nix, and Quick includes encrypting, by the first device, a combination of the identifying information and the random information by using a public key information of the second device to provide encrypted identifying information. One would have been motivated to make such combination so that The DPP authentication consists of a 3-message exchange and generates a shared secret [i.e. random information] and authenticated key (CAMAROTA, Para [0050]).
	Regarding Claim 2, BALTATU teaches
	A device being a first device adapted to establish a secure wireless link for communication between the first device and a second device over a wireless physical channel ([Abstract] A method of protecting the exchange of privacy-sensitive data in a wireless communication network, …, possessing the data to be sent to the network through a wireless connection; generating and providing a private secret cryptographic key to a second entity, being the intended recipient of the data, …; having the first entity receive the information and encrypt the data using the public key and the received information to obtain protected, encrypted privacy-sensitive data Para [0007] Therefore, symmetric encryption schemes used in today's mobile networks do not permit to protect any privacy-sensitive data that is exchanged before the completion of the user authentication procedure.  Para [0026] generating and providing a public cryptographic key to a first entity, possessing privacy-sensitive data to be sent to a wireless communication network through a wireless connection),
	a transmitter that is arranged to transmit the modified Connector over the wireless channel (Para [0030] having the first entity send to the second entity through the wireless communication network the encrypted privacy-sensitive data);
	wherein the modified Connector enables the second device to restore the original Connector and thereby verify the integrity of the Connector (Para [0056] having the second entity of the second wireless network verify the identifying information of the first entity and computing authentication data for the authentication of the first network entity; Para [0057] having the second entity of the second wireless network encrypt said authentication data for the authentication of the first entity using the public cryptographic key and the first privacy support context information of the first wireless network, to obtain protected, encrypted authentication data for the authentication of the first entity).
	BALTATU does not explicitly teach wherein Device Provisioning Protocol requires the first device send identifying information over the wireless physical channel, wherein the identifying information is a part of a Connector as defined in the Device Provisioning Protocol, wherein the identifying information uniquely determines the device sending the identifying information or a user thereof.
	In the same field of endeavor, Nix teaches
	wherein Device Provisioning Protocol requires the first device send identifying information over the wireless physical channel, wherein the identifying information is a part of a Connector as defined in the Device Provisioning Protocol, wherein the identifying information uniquely determines the device sending the identifying information or a user thereof (Col. 2, lines 7-12, “In an attempt to address these needs to simplify or automate device provisioning, the WiFi Alliance™ released a Device Provisioning Protocol (DPP) specification on Apr. 9, 2018 as version 1.0 (DPPv1.0). Although the DPPv1.0 defines a series of messages between an initiator and a responder in order to support a device configuration”.  Col. 5, lines 18-22, “An initiator can be a computing device that includes a WiFi radio and can be associated with an initiator user. The initiator can operate the WiFi radio with an initiator configuration in order for the initiator to send and receive messages with the responder”.  Col. 6, lines 30-35, “The initiator can send (i) secure hash values for the initiator bootstrap public key and the responder bootstrap public key, the (ii) derived initiator ephemeral public key, and (iii) the first ciphertext to the initiator. The initiator can send a DPP authentication request to the responder”),
	It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the method taught by BALTATU to incorporate the teachings of Nix such that the method of BALTATU includes wherein Device Provisioning Protocol requires the first device send identifying information over the wireless physical channel, wherein the identifying information is a part of a Connector as defined in the Device Provisioning Protocol, wherein the identifying information uniquely determines the device sending the identifying information or a user thereof. One would have been motivated to make such combination in order to using a Device Provisioning Protocol with a networked initiator and a set of servers that record PKI keys, in order securely transfer a set of credentials to a device (Nix, Col. 1, lines 19-21).
	The combination of BALTATU and Nix does not explicitly teach the device comprising: a processor, wherein the processor is arranged to: generate random information; drive a session key using a secret that is uniquely related to the identifying information; and use the session key to establish the secure wireless link with the second device.
	In the same field of endeavor, Quick teaches
	the device comprising: a processor, wherein the processor is arranged to: generate random information (Col. 3, lines 3-7, The terminal generates a public/private key pair and stores it. This key pair is preferably a Diffie-Hellman (D-H) key pair. It optionally concatenates the public key with a random number, and encrypts the (optionally concatenated) number with the password.  Col. 5, lines 18-19, Second, the home system 112 generates its own random number C.sub.H).
	drive a session key using a secret that is uniquely related to the identifying information; and use the session key to establish the secure wireless link with the second device (Col. 4, lines 49-58, Optionally, the terminal 104 and the base station of the serving system 106 carry out a separate procedure to establish a local session encryption key SESS 108 to protect the user identifier from interception. The terminal 104 uses the password to encrypt the D-H public key, optionally concatenated with a random number before encryption, then transmits the user identifier (optionally encrypted under the local session key) and the encrypted public key, that is, a first DH-EKE message 110, to the base station of the serving system 106 in a registration request).
	It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the method taught by the combination of BALTATU and Nix to incorporate the teachings of Quick such that the method of the combination of BALTATU and Nix includes the device comprising: a processor, wherein the processor is arranged to: generate random information; drive a session key using a secret that is uniquely related to the identifying information; and use the session key to establish the secure wireless link with the second device. One would have been motivated to make such combination so that the terminal 104 uses the password to encrypt the D-H public key, optionally concatenated with a random number before encryption, then transmits the user identifier (optionally encrypted under the local session key) and the encrypted public key (Quick, Col. 4, lines 52-56).
	The combination of BALTATU, Nix, and Quick does not explicitly teach encrypt a combination of the identifying information and the random information by using a public key information of the second device to provide a modified Connector.
	In the same field of endeavor, CAMAROTA teaches
	encrypt a combination of the identifying information and the random information by using a public key information of the second device to provide a modified Connector (Para [0015], In some implementations, the first configurator device may provide decryption information to the second configurator device. The decryption information may enable the second configurator device to decrypt at least the portion of the configurator keybag and may obtain the configurator private signing key and the configurator public verification key.  Para [0050], The DPP authentication phase uses the bootstrapping data, obtained using a bootstrapping technique, to strongly authenticate the configurator and enrollee. The DPP authentication consists of a 3-message exchange and generates a shared secret [i.e. random information] and authenticated key. At 215, the configurator device 210 generates a first nonce, generates a protocol key pair, performs a hash function of the enrollee public bootstrap key, and generates a first symmetric key based on a shared secret derived from the hashed bootstrap data. The configurator device 210 sends a DPP Authentication Request message 217 via one or more of the channels in the Channel List. The DPP authentication request message 217 includes the shared secret and the first nonce encrypted by the first symmetric key.  Para [0055] “At the conclusion of the DPP configuration phase, the configurator device 210 may create a connector (represented by arrow 277). The connector is a signed introduction that enables the enrollee device 250 to get a trusted statement that other devices on the network are permitted to communicate with it. Each connector may include a tuple of a group identifier, a network role, and a network access provisioning key, all signed using a configurator private signing key of the configurator device”).
	It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the method taught by the combination of BALTATU, Nix, and Quick to incorporate the teachings of CAMAROTA such that the method of the combination of BALTATU, Nix, and Quick includes encrypt a combination of the identifying information and the random information by using a public key information of the second device to provide a modified Connector. One would have been motivated to make such combination so that The DPP authentication consists of a 3-message exchange and generates a shared secret [i.e. random information] and authenticated key (CAMAROTA, Para [0050]).
	Regarding Claim 3, the combination of BALTATU, Nix and Quick teaches all the limitations of claim 2 above,
	wherein the identifying information is an identifier for a password or passphrase and the secret is the password or passphrase (Nix, Col. 17, lines 8-12, Configuration object could contain a list of network identifiers, device identifiers, RF band and channel information, configuration parameters, pre-share keys, PKI keys, names, passwords, group temporal keys, a shared secret 198 for a PKEX key exchange, etc.).
	The motivation/rationale to combine the references is similar to claim 2 above.
	Regarding Claim 4, the combination of BALTATU, Nix and Quick teaches all the limitations of claim 2 above,
	wherein a simultaneous authentication of equals' algorithm is used for deriving the session key and the secret is a password used for the simultaneous authentication of equals' algorithm (Nix, Col. 16, lines 24-28, Initiator 102* can mutually derive the second symmetric key using the received ephemeral responder public key Pr 101e and the derived initiator ephemeral private key pi 102b, using a key exchange algorithm 319a as depicted in FIG. 4b. Col. 23, lines 1-5, User configuration 131 can include credentials for an initiator 102 with initiator user 102u, such as a list of SSIDs, identities, and passwords for operation of the initiator 102 with other networks besides network AP 105. Col. 58, lines 47-53, The configuration values of config.network-AP 109c in a configuration object could also specify required supporting data for operation of device 101 with an access point 105 after a configuration step 106, such as an operating class 130a, channel list 130b, an authentication mode for device 101 to operate, which could be PSK, PMK, SAE, EAP, also with any required supporting data and/or identities).
	The motivation/rationale to combine the references is similar to claim 2 above.
	Regarding Claim 8, BALTATU teaches
	A device being a second device adapted to establish a secure wireless link for communication between a first device and the second device over a wireless physical channel ([Abstract] A method of protecting the exchange of privacy-sensitive data in a wireless communication network, …, possessing the data to be sent to the network through a wireless connection; generating and providing a private secret cryptographic key to a second entity, being the intended recipient of the data, …; having the first entity receive the information and encrypt the data using the public key and the received information to obtain protected, encrypted privacy-sensitive data Para [0007] Therefore, symmetric encryption schemes used in today's mobile networks do not permit to protect any privacy-sensitive data that is exchanged before the completion of the user authentication procedure.  Para [0026] generating and providing a public cryptographic key to a first entity, possessing privacy-sensitive data to be sent to a wireless communication network through a wireless connection),
	wherein the device has a public key information and a secret key information associated therewith (Para [0073] Advantageously, the proposed solution can require only one public key, which can be the same for all the communicating elements involved, and a number of private secret keys at least equal to the number of roaming wireless network partners. Each private secret key is bound to the public key through the use of a specific privacy support information identifying the wireless network entity entitled to use that private key),
	wherein the device is adapted to use the encrypted identifying information to restore the Connector and to verify the integrity of the Connector (Para [0056] having the second entity of the second wireless network verify the identifying information of the first entity and computing authentication data for the authentication of the first network entity; Para [0057] having the second entity of the second wireless network encrypt said authentication data for the authentication of the first entity using the public cryptographic key and the first privacy support context information of the first wireless network, to obtain protected, encrypted authentication data for the authentication of the first entity). 
	BALTATU does not explicitly teach wherein a paring protocol requires the first device send identifying information over the wireless physical channel, wherein the identifying information identifies the device sending the identifying information or a user thereof, wherein the pairing protocol is based upon a Device Provisioning Protocol and wherein the identifying information is a part of a Connector as defined in the Device Provisioning Protocol.
	In the same field of endeavor, Nix teaches
	wherein a paring protocol requires the first device send identifying information over the wireless physical channel, wherein the identifying information identifies the device sending the identifying information or a user thereof, wherein the pairing protocol is based upon a Device Provisioning Protocol and wherein the identifying information is a part of a Connector as defined in the Device Provisioning Protocol (Col. 2, lines 7-12, “In an attempt to address these needs to simplify or automate device provisioning, the WiFi Alliance™ released a Device Provisioning Protocol (DPP) specification on Apr. 9, 2018 as version 1.0 (DPPv1.0). Although the DPPv1.0 defines a series of messages between an initiator and a responder in order to support a device configuration”.  Col. 5, lines 18-22, “An initiator can be a computing device that includes a WiFi radio and can be associated with an initiator user. The initiator can operate the WiFi radio with an initiator configuration in order for the initiator to send and receive messages with the responder”.  Col. 6, lines 30-35, “The initiator can send (i) secure hash values for the initiator bootstrap public key and the responder bootstrap public key, the (ii) derived initiator ephemeral public key, and (iii) the first ciphertext to the initiator. The initiator can send a DPP authentication request to the responder”),
	It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the method taught by BALTATU to incorporate the teachings of Nix such that the method of BALTATU includes wherein a paring protocol requires the first device send identifying information over the wireless physical channel, wherein the identifying information identifies the device sending the identifying information or a user thereof, wherein the pairing protocol is based upon a Device Provisioning Protocol and wherein the identifying information is a part of a Connector as defined in the Device Provisioning Protocol. One would have been motivated to make such combination in order to using a Device Provisioning Protocol with a networked initiator and a set of servers that record PKI keys, in order securely transfer a set of credentials to a device (Nix, Col. 1, lines 19-21).
	The combination of BALTATU and Nix does not explicitly teach a processor adapted to: use the private key information to decrypt the encrypted identifying information; extract the identifying information; use a secret uniquely related to the identifying information to derive a session key; and use the session key to establish the secure channel.
	In the same field of endeavor, Quick teaches
	a processor adapted to: use the private key information to decrypt the encrypted identifying information; extract the identifying information; use a secret uniquely related to the identifying information to derive a session key; and use the session key to establish the secure channel (Col. 4, lines 49-58, Optionally, the terminal 104 and the base station of the serving system 106 carry out a separate procedure to establish a local session encryption key SESS 108 to protect the user identifier from interception. The terminal 104 uses the password to encrypt the D-H public key, optionally concatenated with a random number before encryption, then transmits the user identifier (optionally encrypted under the local session key) and the encrypted public key, that is, a first DH-EKE message 110, to the base station of the serving system 106 in a registration request. Col. 4, lines 64-67, The home system then creates a private and public D-H key, from which a tentative session key is obtained using the terminal's public key and the home system's private key).
	It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the method taught by the combination of BALTATU and Nix to incorporate the teachings of Quick such that the method of the combination of BALTATU and Nix includes a processor adapted to use the private key information to decrypt the encrypted identifying information; extract the identifying information; use a secret uniquely related to the identifying information to derive a session key; and use the session key to establish the secure channel. One would have been motivated to make such combination so that the terminal 104 uses the password to encrypt the D-H public key, optionally concatenated with a random number before encryption, then transmits the user identifier (optionally encrypted under the local session key) and the encrypted public key (Quick, Col. 4, lines 52-56).
	The combination of BALTATU, Nix, and Quick does not explicitly teach the device comprising: a receiver adapted to receive, over the wireless channel, encrypted identifying information, wherein the encrypted identifying information comprises identifying information and random information encrypted by the public key information.
	In the same field of endeavor, CAMAROTA teaches
	the device comprising: a receiver adapted to receive, over the wireless channel, encrypted identifying information, wherein the encrypted identifying information comprises identifying information and random information encrypted by the public key information (Para [0015], In some implementations, the first configurator device may provide decryption information to the second configurator device. The decryption information may enable the second configurator device to decrypt at least the portion of the configurator keybag and may obtain the configurator private signing key and the configurator public verification key.  Para [0050], The DPP authentication phase uses the bootstrapping data, obtained using a bootstrapping technique, to strongly authenticate the configurator and enrollee. The DPP authentication consists of a 3-message exchange and generates a shared secret [i.e. random information] and authenticated key. At 215, the configurator device 210 generates a first nonce, generates a protocol key pair, performs a hash function of the enrollee public bootstrap key, and generates a first symmetric key based on a shared secret derived from the hashed bootstrap data. The configurator device 210 sends a DPP Authentication Request message 217 via one or more of the channels in the Channel List. The DPP authentication request message 217 includes the shared secret and the first nonce encrypted by the first symmetric key.  Para [0055] “At the conclusion of the DPP configuration phase, the configurator device 210 may create a connector (represented by arrow 277). The connector is a signed introduction that enables the enrollee device 250 to get a trusted statement that other devices on the network are permitted to communicate with it. Each connector may include a tuple of a group identifier, a network role, and a network access provisioning key, all signed using a configurator private signing key of the configurator device”).
	It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the method taught by the combination of BALTATU, Nix, and Quick to incorporate the teachings of CAMAROTA such that the method of the combination of BALTATU, Nix, and Quick includes a receiver adapted to receive, over the wireless channel, encrypted identifying information, wherein the encrypted identifying information comprises identifying information and random information encrypted by the public key information. One would have been motivated to make such combination so that the DPP authentication includes the shared secret and a first random number encrypted by a first symmetric key (CAMAROTA, Page 15).
Regarding Claims 9 and 16,
Claims 9 and 16 are rejected for similar reasons as in claim 3.
Regarding Claims 10 and 17,
Claims 10 and 17 are rejected for similar reasons as in claim 4.
Regarding Claims 14 and 15,
Claims 14 and 15 are rejected for similar reasons as in claim 1.
 Claims 5-7, 11-13 and 18-20 are rejected under 35 U.S.C. 103 as being unpatentable over BALTATU et al. (US 20200322794), hereinafter BALTATU in view of Nix (US 10169587), hereinafter Nix in view of Quick, Jr. (US 6178506), hereinafter Quick in view of CAMAROTA et al. (US 20180109381), hereinafter CAMAROTA in view of Goto (US 20180077255), hereinafter Goto.
	Regarding Claim 5, the combination of BALTATU, Nix, Quick, and CAMAROTA teaches all the limitations of claim 2 above,
	The combination of BALTATU, Nix, Quick, and CAMAROTA does not explicitly teach wherein the device is adapted to receive and extract the public key information from a Beacon, DMG Beacon, Probe Response, Announce, or Information Response frame.
	In the same field of endeavor, Goto teaches
	wherein the device is adapted to receive and extract the public key information from a Beacon, DMG Beacon, Probe Response, Announce, or Information Response frame (Para [0042] “The access point 302 can add Connector to Beacon, Probe Response, or the like and the smartphone 304 can acquire Connector therefrom. The smartphone 304 can establish connection with the access point 302 using the communication parameter corresponding to Legacy stored therein, and ask the access point 302 for the DPP supporting status”.).
	It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the method taught by the combination of BALTATU, Nix, Quick, and CAMAROTA to incorporate the teachings of Goto such that the method of the combination of BALTATU, Nix, Quick, and CAMAROTA includes wherein the device is adapted to receive and extract the public key information from a Beacon, DMG Beacon, Probe Response, Announce, or Information Response frame. One would have been motivated to make such combination in order to add Connector to Beacon, Probe Response, or the like and the smartphone 304 can acquire Connector therefrom (Goto, Para [0042]), and execute required connection processing, such as 4-Way Handshake, with the access point 302 to join the network 303 (Goto, Para [0035]).
	Regarding Claim 6, the combination of BALTATU, Nix, Quick, and CAMAROTA teaches all the limitations of claim 2 above,
	wherein the device is adapted to receive and extract the public key information from a DPP configurator (Goto, Para [0004] “According to the DPP described in Non-Patent Literature 1, a configurator that provides a communication parameter offers information required for establishing connection with an access point to an enrollee that receives the communication parameter. This information is referred to as Connector. Para [0022] “The information used in the communication parameter sharing processing includes a public key used for authentication processing and a device identifier”).
	The motivation/rationale to combine the references is similar to claim 2 and claim 5 above.
	Regarding Claim 7, the combination of BALTATU, Nix, Quick, and CAMAROTA teaches all the limitations of claim 2 above,
	wherein the 802.11 4-way handshake protocol is used to derive a key on which the security of the secure channel is based and the secret is the passphrase or the PSK to use in the 802.11 4-way handshake protocol (Goto, Para [0031] FIG. 5 illustrates the communication parameter transmitted in F406 using DPP, according to Non-Patent Literature 1. More specifically, in an overall configuration of DPP Credential, AKM (Authentication and Key Management Type), Legacy PSK/Passphrase, Connector, Expiry, and the like are set. AKM is a value indicating an authentication protocol and a key exchange algorithm used for the communications. Para [0035] When the connection permission signal is received, in F409, the printer 305 executes required connection processing, such as 4-Way Handshake, with the access point 302 to join the network 303). 
	The motivation/rationale to combine the references is similar to claim 2 and claim 5 above.
Regarding Claims 11 and 18,
Claims 11 and 18 are rejected for similar reasons as in claim 5.
Regarding Claims 12 and 19,
Claims 12 and 19 are rejected for similar reasons as in claim 6.
Regarding Claims 13 and 20,
Claims 13 and 20 are rejected for similar reasons as in claim 7.
Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to HAMID TALAMINAEI whose telephone number is (571)270-3283. The examiner can normally be reached Flexible, M-F 7:30 -5:30.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Shewaye Gelagay can be reached on (571) 272-4219. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/HAMID TALAMINAEI/Examiner, Art Unit 2436                                                                                                                                                                                                        /SHEWAYE GELAGAY/Supervisory Patent Examiner, Art Unit 2436