DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Continued Examination Under 37 CFR 1.114
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection.  Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114.  Applicant's submission filed on 10/11/2022 has been entered.
 

Response to Remarks
This communication is considered fully responsive to the “Applicant Arguments/Remarks Made in an Amendment” filed on 10/11/2022.
Claims 1-3, 5-6, 9, 11-13, 15-23, 52-53, 56 are pending and are examined in this office action. 
Claims 1,12, 17, 52   have been amended.
New claim 56 has been added and no claim has been canceled.

Response to Arguments
Applicant’s arguments, filed on 10/11/2022, with respect to claims have been considered but are moot because the arguments do not apply to any of the references being used in the current rejection.  The Examiner found features modified  to claims that have changed the scope of the invention, Therefore, Applicant’s remarks regarding rejection under 35 U.S.C 103 for the claims are moot. Applicant's remarks are considered as forward looking statement for the newly reconstructed claims.
In view of the applicant’s amendment to the claims, the examiner has clarified and remapped the rejection to the argued claim limitations in details, using the prior art of record in the current prosecution of the claims as well a new prior art. See SHIN et al. (US Pub No. US 20180139213  A1).

Allowable Subject Matter
Claim 53 is objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims.

Claim 56 will be allowed if it overcomes all 35 U.S.C. 112(b) rejection. 


Information Disclosure Statement
The information disclosure statement (IDS) submitted on 04/05/2022 is in compliance with the provisions of 37 CFR 1.97.  Accordingly, the information disclosure statement is being considered and recorded by the examiner.

Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.


The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.


Claims 1, 9, 11, 52-53, 56 are  rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA  35 U.S.C. 112, the applicant), regards as the invention.
Claim 1,  recites the limitation "the network host" in Line 14.  There is insufficient antecedent basis for this limitation in the claim.

Claim 9,  recites the limitation "a network host" in Line 3.  Is this “a network host” corrected to “a network host” Claim 1 line 24? If so, there is insufficient antecedent basis for this limitation in the claim.

Claim 11,  recites the limitation "a network host" in Line 6.  Is this “a network host” corrected to “a network host” Claim 1 line 24? If so, there is insufficient antecedent basis for this limitation in the claim.

Claim 52,  recites the limitation "the network host" in Line 9.  There is insufficient antecedent basis for this limitation in the claim.

Claim 53,  recites the limitation "a network host" in  Line 3.  Is this “a network host” corrected to “the network host” Claim 52 line 9? If so, there is insufficient antecedent basis for this limitation in the claim.

Claim 56,  recites the limitation "a network host" and “the network host” in multiple places. Are they connected to each other? If so first occurrence should write as “ a network host” and other should be “the network host”. For examination purpose, the examiner will interpret as best understood by the examiner. 


Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.


Claims 1-3, 5-6, 9, 11-13, 15, 23, 52 are rejected under 35 U.S.C. 103 as being unpatentable over  Farrell, S et al. ("LPWAN Overview; draft-farrell-lpwan-overview-02.txt", LPWAN OVERVIEW; DRAFT-FARRELL-LPWAN-OVERVIEW-02.TXT, INTERNET ENGINEERING TASK FORCE, IETF; STANDARDWORKINGDRAFT, INTERNET SOCIETY (ISOC) 4, RUE DES FALAISES CH- 1205 GENEVA, SWITZERLAND, 30 October 2016;  (2016-10-30), pages 1-33, XP015116218, [retrieved on 2016-10-30]; hereinafter as “FARRELL”, provided in IDS)  in view of SHIN et al. (US Pub No. US 20180139213  A1)

Regarding claim 1, FARRELL teaches a method for transmitting message frames, comprising: 
generating, by an end device (see fig. 1: End-Device) comprising a processor, a first message frame portion comprising a first plain header; the first plain header containing destination and source routing information (uplink frame/Message…with header structure: Page 18-19; aforesaid uplink frame 6LowPAN IP6 header includes source and destination address: pages 23-24, section 5.2.1); 
obtaining a device identifier (DevEUI) and a header blinding key (HdrBKey) (aforesaid End-devices obtains DevEUI and HdrBKey; “And finally the end-device also needs a  long-term identifier for itself, syntactically also an EUI-64, and  known as the device EUI or DevEUI”: Page 10, Uplink Frame is composed of, inter alia, header and Authentication: 16-40 bits (==HdrBKey)”: Page 18; ); 
generating a first header mask using the DevEUI and the HdrBKey (“a Join-accept downlink message is returned from the network server to the end-device that specifies the 24-bit NetID, 32-bit DevAddr and channel information and from which the AppSKey and NwkSKey can be derived based on knowledge of the AppKey”: Page 11: “ The AppKey is required to be specific to the device,  that is, each end-device should have a different AppKey value”: Page 10);
While FARRELL teaches generating a first header mask using the DevEUI and the HdrBKey,
FARRELL does not explicitly disclose:  obtaining a first blinded header by  encrypting the first plain header by the first header mask ;  obtaining a first updated message frame portion by replacing the first plain header using the first blinded header ;
generating a first blinded message frame comprising the first updated message frame portion; and transmitting the first blinded message frame to a network gateway, wherein the header binding key (HdrBKey) is known only to the end device and to the network host. 

SHIN , in the same field of endeavor, discloses:
obtaining a first blinded header by  encrypting the first plain header by the first header mask  (“A method for encrypting a message of a user terminal device includes: receiving a message via a message input window; displaying the received message; encrypting the message by using a key index and an encryption key corresponding to a chatting window for the message based on an instruction for transmitting the message to another chatting party being received; and transmitting the encrypted message to the other chatting party”: [abstract]; “control method and device for encrypting a message independently of a chatting application regardless of the type of chatting application”: [0014];  see fig. 2: Terminal with processor which has a cipher/blinder filter: “the processor 140 may add the key index to the header of the message encrypted by the stream cipher (==blinder) scheme.”:  [0113]-[0114]);  
obtaining a first updated message frame portion by replacing the first plain header using the first blinded header   (“the encryption module 142 may encrypt the message through a stream cipher scheme. The stream cipher encrypts the message in units of bits, bytes, or words. In general, the stream cipher may be generated by combining the message and a key stream by an exclusive-or (XOR) operation in units of bits.“”: [0093]; NOTE: old first plain header is replace by Cipher Header:  );
generating a first blinded message frame comprising the first updated message frame portion   (“ updated frame with new encrypted message with cipher“: [0013]-[0114]); and 
transmitting the first blinded message frame to a network gateway, wherein the header binding key (HdrBKey) is known only to the end device and to the network host   (see fig. 5 element S512: “encrypts the message input through the input 110 by using the encryption key (operation S523), the processor 140 may control the communicator 120 to transmit the encrypted message to the reception terminal device 200 through the external server 300 (operation S512)”: [0107]; receiving terminal receives encrypted message and recognize it knowing it’s header information: [0119]-[0120]).
 
Therefore, it would have been obvious to one of the ordinary skill in the art, before the effective filing date of the claimed invention was filed to provide the technique of SHIN  to the system of FARRELL in order  to provide encrypting and decrypting a message on a user terminal itself independently of an application. (SHIN , [0002]).   
	 
Regarding claim 2, FARRELL, in view of SHIN , specifically, FARRELL teaches, teaches, the method of claim 1, wherein the DevEUI and the HdrBKey are each specific to the end device (“A LoRaWAN network has a short network identifier ("NwkID") which is a seven bit value.  A private network (common for LoRaWAN) can use the value zero.  If a network wishes to support "foreign" end-devices  then the NwkID needs to be registered with the LoRA Alliance, in  which case the NwkID is the seven least significant bits of a  registered 24-bit NetID: Page  9’ .  All going well, a    Join-accept downlink message is returned from the network server to    the end-device that specifies the 24-bit NetID, 32-bit DevAddr and channel information and from which the AppSKey and NwkSKey can be    derived based on knowledge of the AppKey: Page 11).  

Regarding claim 3, FARRELL, in view of SHIN , specifically, FARRELL teaches, the method of claim 1, wherein generating the first header mask comprises performing a cryptographic operation on the DevEUI using the HdrBKey (All payloads are encrypted and ciphertexts are protected with a    cryptographic Message Integrity Check (MIC): Page 8).  

Regarding claim 5, FARRELL, in view of SHIN , specifically, SHIN   teaches, The method of claim 1, wherein obtaining the first blinded header comprises performing a bitwise exclusive OR (XOR) operation between the first header mask and the first plain header (the encryption module 142 may encrypt the message through a stream cipher scheme. The stream cipher encrypts the message in units of bits, bytes, or words. In general, the stream cipher may be generated by combining the message and a key stream by an exclusive-or (XOR) operation in units of bits. For the stream cipher, algorithms such as a stream running mode of a block cipher, RC4, Chacha, and the like may be used. : [0093])

Therefore, it would have been obvious to one of the ordinary skill in the art, before the effective filing date of the claimed invention was filed to provide the technique of SHIN  to the system of FARRELL in order  to provide encrypting and decrypting a message on a user terminal itself independently of an application. (SHIN , [0002]).   

Regarding claim 6, FARRELL, in view of SHIN , specifically, FARRELL teaches, The method of claim 1, wherein obtaining the first updated message frame portion comprises replacing the first plain header of the first message frame portion with the first blinded header (Robust Header Procession (RoHC: Page 16; replacing older header with new LPWAN header: Page 22; LoWAN Header Compression: Section 5.2.1).  

Regarding claim 9, FARRELL, in view of SHIN , specifically, FARRELL teaches, further comprising: generating, by the end device, a join request message comprising the DevEUI; transmitting the join request message towards a network host; receiving, from the network host, an encrypted join accept message comprising a network identifier (NetID); extracting the NetID by decrypting the encrypted join accept message; and deriving the HdrBKey using at least an application key (AppKey) and the NetID (end devices are required to use a channel that send Join-Request Message: Page 8; “In order to operate nominally on a LoRaWAN network, a device needs a 32-bit device address, which is the catentation of the NwkID and a 25-bit device-specific network address that is assigned when the device "joins" the network (see below for the join procedure) or that is pre-provisioned into the device. End-devices are assumed to work with one or a quite limited number of    applications, which matches most LoRaWAN use-cases.  The applications    are identified by a 64-bit AppEUI, which is assumed to be a    registered IEEE EUI64 value. In addition, a device needs to have two symmetric session keys, one    for protecting network artefacts (port=0), the NwkSKey, and another    for protecting application layer traffic, the AppSKey.  Both keys are    used for 128 bit AES cryptographic operations.  (See Section 6 for    details.).” Page 9).   

Regarding claim 11, FARRELL, in view of SHIN , specifically, FARRELL teaches, tie method of claim 1, further comprising: prior to generating the first message frame portion, receiving, by the end device, the DevEUI during a manufacturing process of the end device (The join procedure involves a special exchange where the end-device    asserts the AppEUI and DevEUI (integrity protected with the long-term    AppKey, but not encrypted) in a Join-request uplink message: Page 10 ); receiving, by the end device, the HdrBKey during the manufacturing process of the end device (DevAdd includes Device Specific Network Hardware Address ( 25 bits)P :page 10;  ); generating, by the end device, a join request message comprising the DevEUI (The join procedure involves a special exchange where the end-device    asserts the AppEUI and DevEUI (integrity protected with the long-term    AppKey, but not encrypted) in a Join-request uplink message: Page 10);  transmitting the join request message towards a network host; receiving, from the network host, an encrypted join accept message comprising a network identifier (NetID); and  3 SE 183 W: 192974:496262:1:ALEXANDRIAextracting the NetID by decrypting the encrypted join accept message; and deriving the HdrBKey using at least an application key (AppKey) and the NetID; wherein deriving the HdrBKey comprises performing a cryptographic operation on at least the NetID using the AppKey, wherein the cryptographic operations entails a symmetric cipher (LoWAN Join process is  used to have end-devices  to get dynamically access the network. Join process include AppEDU, AppKey, DevEUI. See Table 4: Page 10; “When the device supports a 32    bit counter, then only the least significant 16 bits are sent in the    MAC header, but all 32 bits are used in cryptographic operations: Page 8).

Regarding claim 12, FARRELL, in view of SHIN , specifically, FARRELL teaches, The method of claim 1, further comprising: generating, by the end device, a second message frame portion comprising a second plain header (Uplink and Downlink header: Page 8); generating a second header mask using the first header mask and the HdrBKey (Downlink header: Page 19 , Page 24); obtaining a second blinded header by applying the second header mask to the second plain header; obtaining a second updated message frame portion by updating the second message frame portion using the second blinded header; generating a second blinded message frame comprising the second updated message frame portion; and transmitting the second blinded message frame to the network gateway (Page 8-21).  

Regarding claim 13, FARRELL, in view of SHIN , specifically, FARRELL teaches, The method of claim 12, wherein generating the second header mask comprises performing a cryptographic operation on the first header mask using the HdrBKey  (All payloads are encrypted and ciphertexts are protected with a    cryptographic Message Integrity Check (MIC): Page 8).  
 

Regarding claim 15, FARRELL, in view of SHIN , specifically, SHIN  teaches, The method of claim 12, wherein obtaining the second blinded header comprises performing a bitwise exclusive OR (XOR) operation between the second header mask and the second plain header (the encryption module 142 may encrypt the message through a stream cipher scheme. The stream cipher encrypts the message in units of bits, bytes, or words. In general, the stream cipher may be generated by combining the message and a key stream by an exclusive-or (XOR) operation in units of bits. For the stream cipher, algorithms such as a stream running mode of a block cipher, RC4, Chacha, and the like may be used. : [0093]).

Therefore, it would have been obvious to one of the ordinary skill in the art, before the effective filing date of the claimed invention was filed to provide the technique of SHIN  to the system of FARRELL in order  to provide encrypting and decrypting a message on a user terminal itself independently of an application. (SHIN , [0002]).   
 
Regarding claim 16, FARRELL, in view of SHIN , specifically, FARRELL teaches, The method of claim 12, wherein obtaining the second updated message frame comprises replacing the second plain header of the second message frame portion with the second blinded header (Robust Header Procession (RoHC: Page 16; replacing older header with new LPWAN header: Page 22; LoWAN Header Compression: Section 5.2.1).    

Regarding claim 17, FARRELL, in view of SHIN , specifically, FARRELL teaches, The method of claim 1, further comprising: receiving, by the end device and from the network gateway, a second blinded message frame comprising a second blinded header (Uplink and Downlink header: Page 8); generating a second header mask using the first header mask and the HdrBKey (Downlink header: Page 19 , Page 24); obtaining a second plain header by applying the second header mask to the second blinded header; and obtaining a second message frame by updating the second blinded message frame using the second plain header (Page 8-21).  
 
Regarding claim 18, FARRELL, in view of SHIN , specifically, FARRELL teaches, the method of claim 17, wherein generating the second header mask comprises performing a cryptographic operation on the first header mask using the HdrBKey, wherein the cryptographic operation entails a symmetric cipher (LoWAN Join process is used to have end-devices to get dynamically access the network. Join process include AppEDU, AppKey, DevEUI. See Table 4: Page 10; “When the device supports a 32    bit counter, then only the least significant 16 bits are sent in the    MAC header, but all 32 bits are used in cryptographic operations: Page 8).  

Regarding claim 19, FARRELL, in view of SHIN , specifically, SHIN  teaches, The method of claim 17, wherein obtaining the second plain header comprises performing a bitwise exclusive OR (XOR) operation between the second header mask and the second blinded header  (the encryption module 142 may encrypt the message through a stream cipher scheme. The stream cipher encrypts the message in units of bits, bytes, or words. In general, the stream cipher may be generated by combining the message and a key stream by an exclusive-or (XOR) operation in units of bits. For the stream cipher, algorithms such as a stream running mode of a block cipher, RC4, Chacha, and the like may be used. : [0093])

Therefore, it would have been obvious to one of the ordinary skill in the art, before the effective filing date of the claimed invention was filed to provide the technique of SHIN  to the system of FARRELL in order  to provide encrypting and decrypting a message on a user terminal itself independently of an application. (SHIN , [0002]).   
 
Regarding claim 20, FARRELL, in view of SHIN , specifically, FARRELL teaches, The method of claim 17, wherein obtaining the second message frame comprises replacing the second blinded header of the second blinded message frame with the second plain header (Robust Header Procession (RoHC: Page 16; replacing older header with new LPWAN header: Page 22; LoWAN Header Compression: Section 5.2.1). 

Regarding claim 21, FARRELL, in view of SHIN , specifically, FARRELL teaches, The method of claim 17, further comprising: extracting, by the end device, an encrypted frame payload and a first message integrity code (MIC) from the second message frame; generating a second MIC using the second plain header, the encrypted frame payload, and a network session key (NwkSKey); authenticating the second message frame using the first MIC and the second MIC; obtaining, based on the authenticating, a frame payload by decrypting the encrypted frame payload using at least an application session key (AppSKey); and executing a set of instructions to reconfigure the end device, wherein the frame payload comprises the set of instructions (All payloads are encrypted and ciphertexts are protected with a    cryptographic Message Integrity Check (MIC): Page 8, Also Page 9, Pages 10-12).  

Regarding claim 22, FARRELL, in view of SHIN , specifically, FARRELL teaches, The method of claim 21, wherein generating the second MIC comprises performing a cryptographic operation on the second plain header and the encrypted frame payload using the NwkSKey, wherein the cryptographic operation entails a symmetric cipher (All payloads are encrypted and ciphertexts are protected with a    cryptographic Message Integrity Check (MIC): Page 8, Also Page 9, Pages 10-12).    

Regarding claim 23, FARRELL, in view of SHIN , specifically, FARRELL teaches, The method of claim 21, wherein authenticating the second message frame comprises determining that the first MIC matches the second MIC (All payloads are encrypted and ciphertexts are protected with a    cryptographic Message Integrity Check (MIC): Page 8, Also Page 9, Pages 10-12).    

Regarding claim 52, FARRELL teaches a system (Low Power Wide Area Networks (LPWAN) : Page 1 ), comprising: a network gateway (LPWAN with  network server :Page 4); and an end device (LPWAN with end-device: Page 4)  comprising a first communication interface and a first processor on which a first blinding filter is executing, wherein the end device is operatively connected to the network gateway (LPWAN With end-device and network server: Page 4), wherein the first processor is configured to:  generate a first message frame portion comprising a first plain header; the first plain header containing destination and source routing information;  obtain a device identifier (DevEUI) and a header blinding key (HdrBKey), wherein the header binding key (HdrBKey) is known only to the end device and to the network host; generate, using the first blinding filter, a first header mask using the DevEUI and the HdrBKey; obtaining a first blinded header by encrypting  the first plain header by the header mask; obtaining a first updated message frame portion by replacing the first plain header using  the first blinded header; generate a first blinded message frame comprising the first updated message frame portion; and transmit, using the first communication interface, the first blinded message frame to the network gateway (Rest of the claim is interpreted and rejected for the same reason as set forth in claim 1).

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to M MOSTAZIR RAHMAN whose telephone number is (571)272-4785. The examiner can normally be reached 8:30am-5:00pm PST.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Derrick Ferris can be reached on 571-272-3123. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/M Mostazir Rahman/Examiner, Art Unit 2411                   

/DERRICK W FERRIS/Supervisory Patent Examiner, Art Unit 2411