Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Detailed action
Claims 1-20 are pending and being considered.
Claims 1 and 10-20 have been amended.
112b is withdrawn based on amendments.

Response to 103
	Applicants argument filed on 09/23/2022 have been fully consider and are partially persuasive. In response to applicant’s argument on page 2 of remarks that IC card and terminal device of Ishibashi cannot be equated to initiator device and receiver device respectively of instant application because they do not perform the function of the recited receiver and initiator device. The examiner acknowledges applicant’s point of view but respectfully disagrees because the IC card and terminal device of Ishibashi performs the function of transmitting first random number, receiving first random number, transmitting second random number between IC card and terminal device and encrypting the communication between the IC card and terminal device as required by the claim. Therefore, IC card and terminal device of Ishibashi read onto initiator and receiver device of instant application.
In response to applicant’s argument on last para of page 2 of remarks that the cited references fail to teach “an encryption key determined using the first key information and the second key information“  the applicant argues that the Day (i.e. cited reference) cannot teach the limitation if the claim is taken into account as whole, the examiner acknowledges applicants point of view but respectfully disagrees because the claim requires that an encryption key is determined using first and second key information. Day explicitly teaches this concept See on [0018 and 0035] encryption key (i.e. encryption key) can be generated from the static key portion (i.e. static key), the session key portion (first key information), and the client key portion (i.e. second key information).

Rest of applicant’s arguments with respect to amended limitation are moot in view of new grounds of rejection. The arguments do not apply to the current art being used. 
The above response is equally applicable to independent claims 1, 10 and 16.
   
Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The factual inquiries for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1, 6-10, 12, 16 and 18 is/are rejected under 35 U.S.C. 103 as being unpatentable over Ishibashi (US 20090259850) in view of Day et al (hereinafter Day) (US 20150113276) and further in view of Ahn et al (hereinafter Ahn) (US 20160277189).

Regarding claim 1 Ishibashi teaches A method of device authentication, the method comprising: (Ishibashi on [0002] teaches a method of performing mutual authentication);
transmitting a first random number from the receiver device to the initiator device [[in response to the authentication command]] (Ishibashi Fig 3 block s2 and text on [0072-0073] teaches transmitting by the terminal (i.e. receiver device) the first random number generated at the terminal to IC card 12 (i.e. initiator device), the communication unit 38 of the IC card 12 receives the file number and first random number. See also Fig 14 block s122 and text on [0151] teaches transmitting a mutual authentication command along with first random number to the IC card 12);
transmitting the first random number, a second random number, and second key information from the initiator device to the receiver device (Ishibashi Fig 3 block S15 and text on [0075] teaches the communication unit 38 of IC card 12 (i.e. initiator device) transmits the second random number, first random number and ID (i.e. second key information) encrypted with key Ks to the terminal device (i.e. receiver device), the communication unit 28 of the information processing terminal 11 obtains the second random number, first random number, and ID encrypted with the degenerate key);
 transmitting the first random number, the second random number, and the first key information from the receiver device to the initiator device (Ishibashi Fig 3 block S8 and text on [0077] teaches terminal device transmit the first random number, second random number, and session key (i.e. first key information) encrypted with the degenerate key Ks to the IC card 12 (i.e. initiator device). See also Fig 14 block S148 and text on [0176] teaches transmitting by the terminal device the first and second random number along with session key);
 and encrypting information communicated between the initiator device and the receiver device [[using an encryption key determined using the first key information and the second key information]] (Ishibashi on [0080] teaches] the information processing terminal 11 and IC card 12 encrypt the information to be transmitted with the session key, then transmit the information).
	Although Ishibashi teaches transmitting first random number but fails to explicitly teach transmitting first random number in response to authentication request, determining, by the receiver device, first key information using the first random number and an encryption key determined using the first key information and the second key information, however Day from analogous art teaches sending an authentication command from an initiator device to a receiver device (Day Fig 1 block 106, 110, 116 and text on [0031 and 0042] teaches the client application executed on computing device 104 transmitting session command along with credential, wherein the credential comprises authentication information such as user name or password for performing authentication based on authentication information from the credential);
 an encryption key determined using the first key information and the second key information (Day on [0018] teaches the server system can use a combined encryption key to encrypt client data received from the remote client during the session. The combined encryption key (i.e. encryption key) can be generated from the static key portion (i.e. static key), the session key portion (first key information), and the client key portion (i.e. second key information)).

Thus, it would have been obvious to one ordinary skill in the art before the effective filing date to implement the teaching of Day into the teaching of Ishibashi by generating encryption key from first and second key material. One would be motivated to do so in order to secure user credentials or sensitive data transmitted between the initiator device and the receiver device when establishing a session using the encryption key common between the first device and the second device because the encryption key is generated based on the keying information of first and the second device (Day on [0003-0004]).
Although the combination of Ishibashi and Day teaches transmitting first random information but fails to explicitly teach transmitting a first random number from the receiver device to the initiator device in response to the authentication command, determining, by the receiver device, first key information using the first random number transmitted by the receiver device in response to the authentication command, however Ahn from analogous art teaches 
transmitting a first random number from the receiver device to the initiator device in response to the authentication command (Ahn Fig 2 and text on [0048-0049] teaches the external device (i.e. initiator device in instant case) sends an authentication request to the vehicle controller (i.e. receiver device in instant case) in response the vehicle controller generates random number S (i.e. first random number in instant case) and transmits the random number S to the external device);
 determining, by the receiver device, first key information using the first random number transmitted by the receiver device in response to the authentication command (Ahn Fig 2 and text on [0048-0050] teaches the vehicle controller (i.e. receiver device) generates (i.e. determines) a first session key Ks (i.e. key material) based on random number S (i.e. first random number)).
Thus, it would have been obvious to one ordinary skill in the art before the effective filing date to implement the teaching of Ahn into the combined teaching of Ishibashi and Day by determining a key material using random number and transmitting first random number responsive to authentication command. One would be motivated to do so in order to secure communication between different devices when performing mutual authentication between two devices (Ahn on [0009-0010]).
 
Regarding claim 6 the combination of Ishibashi, Day and Ahn teaches all the limitations of claim 1 above, Day further teaches including determining the encryption key using a static key stored in each of the initiator and the receiver devices, the first key information, and the second key information (Day on [0018] teaches the server system can use a combined encryption key to encrypt client data received from the remote client during the session. The combined encryption key (i.e. encryption key) can be generated from the static key portion (i.e. static key), the session key portion (first key information), and the client key portion (i.e. second key information). See on [0019] teaches the same static key is used for different remote client in different session).
Thus, it would have been obvious to one ordinary skill in the art before the effective filing date to implement the teaching of Day into the teaching of Ishibashi by generating encryption key from first and second key material. One would be motivated to do so in order to secure user credentials or sensitive data transmitted between the initiator device and the receiver device when establishing a session using the encryption key common between the first device and the second device because the encryption key is generated based on the keying information of first and the second device (Day on [0003-0004]).

Regarding claim 7 the combination of Ishibashi, Day and Ahn teaches all the limitations of claim 1 above, Ishibashi further teaches wherein the initiator device is a verifier device and the receiver device is a credential device (Ishibashi Fig 1 and text on [0061] teaches the communication system 1 shown in FIG. 1 is made up of two devices of an information processing terminal 11 (i.e. verifier device) having a communication function and an IC (Integrated Circuit) card 12 (i.e. credential device), and is a system wherein the information processing terminal 11 and IC card 12 perform mutual communication and exchange information).

Regarding claim 8 the combination of Ishibashi, Day and Ahn teaches all the limitations of claim 7 above, Ishibashi further teaches wherein the receiver device is a smartphone and the initiator device is a server or an access control device (Ishibashi on [0301] teaches the IC card (i.e. receiver device) may be a portable telephone, music player, digital camera, notebook-type personal computer, or PDA (Personal Digital Assistant). See on [0228] teaches the terminal device (i.e. initiator device) as an access control device).

Regarding claim 9 the combination of Ishibashi, Day and Ahn teaches all the limitations of claim 7 above, Ishibashi further teaches wherein the receiver device is a smart card and the initiator device is a server or an access control device (Ishibashi on [0301] teaches the IC card (i.e. receiver device) may be a portable telephone, music player, digital camera, notebook-type personal computer, or PDA (Personal Digital Assistant). See on [0228] teaches the terminal device (i.e. initiator device) as an access control device).

Regarding claim 10 Ishibashi teaches a verifier device of an authentication system, the device comprising (Ishibashi Fig 1 and text on [0061] teaches the communication system 1 shown in FIG. 1 is made up of two devices of an information processing terminal 11 (i.e. credential device) having a communication function and an IC (Integrated Circuit) card 12 (i.e. verifier device), and is a system wherein the information processing terminal 11 and IC card 12 perform mutual communication and exchange information);
physical layer circuitry (Ishibashi Fig 1 block 23 and text on [0064] teaches the IC card 12 comprising a common key authentication processing unit 33 (i.e. physical layer circuitry) made up of computing processing device such as CPU for mutual authentication process);
and processing circuitry operatively coupled to the physical layer circuitry and configured to: (Ishibashi Fig 1 block 23 and text on [0064] teaches the IC card 12 comprising a common key authentication processing unit 33 (i.e. physical layer circuitry) made up of computing processing device such as CPU for mutual authentication process coupled with communication unit 38 (i.e. processing circuitry) is made up of an IC chip or loop antenna or the like including a communicating circuit);
[[decode]] a response communication received from the credential device [[in response to the authentication command]], wherein the response communication includes a first random number determined using the credential deice (Ishibashi Fig 3 block s2 and text on [0072-0073] teaches transmitting by the terminal (i.e. credential device) the first random number generated at the terminal (i.e. determined using the credential device) to IC card 12 (i.e. verifier device), the communication unit 38 of the IC card 12 receives the file number and first random number);
encrypt the first random number, a second random number, and verifier device keying material for sending to the credential device (Ishibashi Fig 4 and text on [0074-0075] teaches encrypt the second random number, first random number, and the ID of the IC card 12 (i.e. verifier key material) thereof with the degenerate key Ks for transmitting to the terminal device. See also on Fig 14 block S137 and text on [0162] teaches encrypting the first random number, the second random number and the keying information);
decrypt encrypted information received from the credential device, wherein the encrypted information includes the first random number, the second random number, and the receiver device keying material (Ishibashi on [0078] teaches decrypt the encoded first random number, second random number, and session key (i.e. receiver device keying material) with the degenerate key Ks).

Although Ishibashi teaches response containing the first random number is received but fails to explicitly teach, decode a response communication received from the credential device in response to the authentication command, determine receiver device keying material using the first random number, encode an authentication command for sending to a credential device, and calculate a session encryption key using the verifier keying material and the receiver keying material, however Day from analogous art teaches encode an authentication command for sending to a credential device (Day Fig 1 block 106, 110, 116 and text on [0031 and 0042] teaches the client application executed on computing device 104 transmitting session command along with credential, wherein the credential comprises authentication information such as user name or password for performing authentication based on authentication information from the credential (i.e. authentication information encoded in the credential));
decoding a response (Day Fig 1 block 106, 110, 116 and text on [0031] teaches the client application executed on computing device 104 transmitting session command along with credential, wherein the credential comprises authentication information such as user name or password for performing authentication based on authentication information from the credential (i.e. authentication information encoded in the credential) by comparing the authentication information included in the credential with the stored authentication information (i.e. decoding authentication command));
and calculate a session encryption key using the verifier keying material and the receiver keying material (Day on [0018] teaches the server system can use a combined encryption key to encrypt client data received from the remote client during the session. The combined encryption key (i.e. session encryption key) can be generated from the static key portion (i.e. static key), the session key portion (i.e. verifier keying material), and the client key portion (i.e. receiver keying material)).
Thus, it would have been obvious to one ordinary skill in the art before the effective filing date to implement the teaching of Day into the teaching of Ishibashi by generating encryption key from first and second key material and sending an encoded command to the device. One would be motivated to do so in order to secure user credentials or sensitive data transmitted between the initiator device and the receiver device when establishing a session using the encryption key common between the first device and the second device because the encryption key is generated based on the keying information of first and the second device (Day on [0003-0004]).
	Although the combination teaches an authentication command and decoding a response containing the first random number, but fails to explicitly teach decode a response communication received from the credential device in response to the authentication command, determine receiver device keying material using the first random number, however Ahn from analogous art teaches 
decode a response communication received from the credential device in response to the authentication command (Ahn Fig 2 and text on [0048-0053] teaches the external device (i.e. verifier device in instant case) sends an authentication request to the vehicle controller (i.e. credential device in instant case) in response the vehicle controller generated random number S (i.e. first random number in instant case) and transmits the random number S to the external device, the external device receives the random number and performs operation using the received random number);
determine receiver device keying material using the first random number (Ahn Fig 2 and text on [0048-0050] teaches the vehicle controller generates a first session key Ks based on random number S (i.e. first random number)).

Thus, it would have been obvious to one ordinary skill in the art before the effective filing date to implement the teaching of Ahn into the combined teaching of Ishibashi and Day by determining a key material using random number and transmitting first random number responsive to authentication command. One would be motivated to do so in order to secure communication between different devices when performing mutual authentication between two devices (Ahn on [0009-0010]).
	 
Regarding claim 12 the combination of Ishibashi, Day and Ahn teaches all the limitations of claim 10 above, Day further teaches wherein the processing circuitry is configured to calculate the session key using a static key, the verifier device keying material, and the receiver device keying material (Day on [0018] teaches the server system can use a combined encryption key to encrypt client data received from the remote client during the session. The combined encryption key (i.e. encryption key) can be generated from the static key portion (i.e. static key), the session key portion (first key information), and the client key portion (i.e. second key information). See on [0019] teaches the same static key is used for different remote client in different session).
Thus, it would have been obvious to one ordinary skill in the art before the effective filing date to implement the teaching of Day into the teaching of Ishibashi by generating encryption key from first and second key material along with static key. One would be motivated to do so in order to secure user credentials or sensitive data transmitted between the initiator device and the receiver device when establishing a session using the encryption key common between the first device and the second device because the encryption key is generated based on the keying information of first and the second device (Day on [0003-0004]).

Regarding claim 16 Ishibashi teaches a receiver device of an authentication system, the device comprising: (Ishibashi Fig 1 and text on [0061] teaches the communication system 1 shown in FIG. 1 is made up of two devices of an information processing terminal 11 (i.e. credential device) having a communication function and an IC (Integrated Circuit) card 12 (i.e. verifier device), and is a system wherein the information processing terminal 11 and IC card 12 perform mutual communication and exchange information);
physical layer circuitry (Ishibashi Fig 1 block 23 and text on [0061] teaches the terminal device 11 comprises the common key authentication processing unit 23 (i.e. physical layer circuitry) is made up of a computing processing device such as a CPU);
and processing circuitry operatively coupled to the physical layer circuitry and configured to: (Ishibashi Fig 1 block 23 and text on [0061] teaches the terminal device 11 comprises the common key authentication processing unit 23 (i.e. physical layer circuitry) is made up of a computing processing device such as a CPU coupled to the communication unit 28 (i.e. processing circuitry) is made up of an IC chip or loop antenna including a communication circuit);
[[encode]] a response for sending to the verifier device [[in response to the authentication command]], wherein the response includes a first random number determined by the receiver device [[in response to authentication command]] (Ishibashi Fig 3 block s2 and text on [0072-0073] teaches transmitting by the terminal (i.e. receiver device) the first random number generated at the terminal (i.e. determined by the receiver device) to IC card 12 (i.e. verifier device), the communication unit 38 of the IC card 12 receives (i.e. extract) the file number and first random number);
decrypt encrypted information received from the verifier device, wherein the encrypted information includes the first random number, a second random number, and verifier device keying material (Ishibashi Fig 3 block S4 and text on [0076] teaches the common key authentication processing unit 23 of the information processing terminal 11 controls the decrypting unit 27 to decrypt the encrypted second random number, first random number, and ID (i.e. verifier device key material) with the degenerate day received from the IC card 12);
encrypt the first random number, the second random number and receiver device keying material for sending to the verifier device (Ishibashi Fig 3 block S7 and text on [0077] teaches the terminal (i.e. receiver device) encrypt the first random number, second random number, and session key (i.e. receiver device key material) with the degenerate key Ks).
 
Although Ishibashi teaches command containing first random number issued by the terminal device, but fails to explicitly teach decode an authentication command received from a verifier device and calculate a session encryption key using the verifier device keying material and the receiver device keying material, however Day from analogous art teaches decode an authentication command received from a verifier device (Day Fig 1 block 106, 110, 116 and text on [0031] teaches the client application executed on computing device 104 transmitting session command along with credential, wherein the credential comprises authentication information such as user name or password for performing authentication based on authentication information from the credential (i.e. authentication information encoded in the credential) by comparing the authentication information included in the credential with the stored authentication information (i.e. decoding authentication command));
encode an authentication command (Day Fig 1 block 106, 110, 116 and text on [0031 and 0042] teaches the client application executed on computing device 104 transmitting session command along with credential, wherein the credential comprises authentication information such as user name or password for performing authentication based on authentication information from the credential (i.e. authentication information encoded in the credential));
and calculate a session encryption key using the verifier device keying material and the receiver device keying material (Day on [0018] teaches the server system can use a combined encryption key to encrypt client data received from the remote client during the session. The combined encryption key (i.e. session encryption key) can be generated from the static key portion (i.e. static key), the session key portion (i.e. verifier keying material), and the client key portion (i.e. receiver keying material)).
Thus, it would have been obvious to one ordinary skill in the art before the effective filing date to implement the teaching of Day into the teaching of Ishibashi by generating encryption key from first and second key material and sending an encoded command to the device. One would be motivated to do so in order to secure user credentials or sensitive data transmitted between the initiator device and the receiver device when establishing a session using the encryption key common between the first device and the second device because the encryption key is generated based on the keying information of first and the second device (Day on [0003-0004]).

Although the combination of Ishibashi and Day teaches encode a response comprising first random number but fails to explicitly teach  encode a response for sending to the verifier device in response to the authentication command, wherein the response includes a first random number determined by the receiver device in response to the authentication command, however Ahn from analogous art teaches encode a response for sending to the verifier device in response to the authentication command, wherein the response includes a first random number determined by the receiver device in response to the authentication command (Ahn Fig 2 and text on [0048-0053] teaches the external device (i.e. verifier device in instant case) sends an authentication request to the vehicle controller (i.e. receiver  device in instant case) in response the vehicle controller generated random number S (i.e. first random number as response in instant case) and transmits the random number S to the external device, the external device receives the random number and performs operation using the received random number).
Thus, it would have been obvious to one ordinary skill in the art before the effective filing date to implement the teaching of Ahn into the combined teaching of Ishibashi and Day by determining a key material using random number and transmitting first random number responsive to authentication command. One would be motivated to do so in order to secure communication between different devices when performing mutual authentication between two devices (Ahn on [0009-0010]).

Regarding claim 18 the combination of Ishibashi, Day and Ahn teaches all the limitations of claim 16 above, Day further teaches wherein the processing circuitry is configured to calculate the session key using a static key, the verifier device key material, and the receiver device keying material (Day on [0018-0019] teaches the server system can use a combined encryption key to encrypt client data received from the remote client during the session. The combined encryption key (i.e. session encryption key) can be generated from the static key portion (i.e. static key), the session key portion (i.e. verifier keying material), and the client key portion (i.e. receiver keying material), the static key is the same for different client device).
Thus, it would have been obvious to one ordinary skill in the art before the effective filing date to implement the teaching of Day into the teaching of Ishibashi by generating encryption key from first and second key material and sending an encoded command to the device. One would be motivated to do so in order to secure user credentials or sensitive data transmitted between the initiator device and the receiver device when establishing a session using the encryption key common between the first device and the second device because the encryption key is generated based on the keying information of first and the second device (Day on [0003-0004]).

Claims 2-4, 13-15 and 19-20 is/are rejected under 35 U.S.C. 103 as being unpatentable over Ishibashi (US 20090259850), in view of Day et al (hereinafter Day) (US 20150113276), in view of Ahn et al (hereinafter Ahn) (US 20160277189) and further in view of TANIMOTO et al (hereinafter TANIMOTO) (US 20190342081) 

Regarding claim 2 the combination of Ishibashi, Day and Ahn teaches all the limitations of claim 1 above, Ishibashi further teaches and the first random number is bound to a specific context of communication between the initiator device and the receiver device (Ishibashi Fig 3 block S5 and text on [0076] teaches the common key authentication processing unit 23 compares the first random number obtained by decrypting with the first random number generated in step S1, thereby authenticating the IC card 12 (i.e. specific context of communication)).
The combination fails to explicitly teach wherein the first random number is a pseudo random number determined using a counter value, however TANIMOTO from analogous art teaches wherein the first random number is a pseudo random number determined using a counter value (TANIMOTO on [0214-0216] teaches the counter value buffer 352 is a buffer memory which stores a set value of a counter value used in the generation of a pseudo random number).
Thus, it would have been obvious to one ordinary skill in the art before the effective filing date to implement the teaching of TANIMOTO into the combined teaching of Ishibashi, Day and Ahn generating a pseudo random number using a counter value. One would be motivated to do so in order to secure communication between different devices using a random number and tracking the random number based on a counter value for each communication session between client and server devices because every time a communication session is established a random number is generated and recorded as counter value (TANIMOTO on [0009-0010]).

Regarding claim 3 the combination of Ishibashi, Day, Ahn and TANIMOTO teaches all the limitations of claim 2 above, TANIMOTO further teaches including updating the counter value for each communication session between the initiator device and the receiver device (TANIMOTO on [0216] teaches the counter value is incremented each time pseudo random number is generated in a pseudo random number generation processing unit 359).
The rationale to combine is the same as set forth above in claim 2.

	Regarding claim 4 the combination of Ishibashi, Day, Ahn and TANIMOTO teaches all the limitations of claim 2 above, TANIMOTO further teaches including updating the counter value after the first random number is communicated between the receiver device and the initiator device(TANIMOTO on [0216] teaches the counter value is incremented each time pseudo random number is generated in a pseudo random number generation processing unit 359).
The rationale to combine is the same as set forth above in claim 2.

Regarding claim 13 the combination of Ishibashi, Day and Ahn teaches all the limitations of claim 10 above, the combination of fails to explicitly teach wherein the processing circuitry is configured to calculate the first random number by applying a counter value to a pseudo random number function, however TANIMOTO from analogous art teaches wherein the processing circuitry is configured to calculate the first random number by applying a counter value to a pseudo random number function (TANIMOTO on [0214-0216] teaches counter value buffer 352 is a buffer memory which stores a set value of a counter value used in the generation of a pseudo random number).
Thus, it would have been obvious to one ordinary skill in the art before the effective filing date to implement the teaching of TANIMOTO into the combined teaching of Ishibashi, Day and Ahn by generating a pseudo random number using a counter value. One would be motivated to do so in order to secure communication between different devices using a random number and tracking the random number based on a counter value for each communication session between client and server devices because every time a communication session is established a random number is generated and recorded as counter value (TANIMOTO on [0009-0010]).
Regarding claim 14 the combination of Ishibashi, Day, Ahn and TANIMOTO teaches all the limitations of claim 13 above TANIMOTO further teaches wherein the processing circuitry is configured to change the counter value used to calculate the random number for each communication session with the credential device (TANIMOTO on [0216] teaches the counter value is incremented each time pseudo random number is generated in a pseudo random number generation processing unit 359).
The rationale to combine is the same as set forth above in claim 13.

Regarding claim 15 the combination of Ishibashi, Day, Ahn and TANIMOTO teaches all the limitations of claim 13 above TANIMOTO further teaches wherein the processing circuitry is configured to change the counter value used to calculate the first random number after an exchange of information with the credential device (TANIMOTO on [0216] teaches the counter value is incremented each time pseudo random number is generated in a pseudo random number generation processing unit 359).
The rationale to combine is the same as set forth above in claim 13.
Regarding claim 19 the combination of Ishibashi, Day and Ahn teaches all the limitations of claim 16 above, the combination fails to explicitly teach wherein the processing circuitry is configured to calculate the first random number by applying a counter value to a pseudo random number function, however TANIMOTO from analogous art teaches wherein the processing circuitry is configured to calculate the first random number by applying a counter value to a pseudo random number function (TANIMOTO on [0214-0216] teaches the counter value buffer 352 is a buffer memory which stores a set value of a counter value used in the generation of a pseudo random number).
Thus, it would have been obvious to one ordinary skill in the art before the effective filing date to implement the teaching of TANIMOTO into the combined teaching of Ishibashi, Day and Ahn by generating a pseudo random number using a counter value. One would be motivated to do so in order to secure communication between different devices using a random number and tracking the random number based on a counter value for each communication session between client and server devices because every time a communication session is established a random number is generated and recorded as counter value (TANIMOTO on [0009-0010]).

Regarding claim 20 the combination of Ishibashi, Day, Ahn and TANIMOTO teaches all the limitations of claim 19 above, TANIMOTO further teaches wherein the processing circuitry is configured to change the counter value used to calculate the random number for each communication session with the verifier device (TANIMOTO on [0216] teaches the counter value is incremented each time pseudo random number is generated in a pseudo random number generation processing unit 359).
The rationale to combine is the same as set forth above in claim 19.


Claims 5, 11 and 17 is/are rejected under 35 U.S.C. 103 as being unpatentable over Ishibashi (US 20090259850), in view of Day et al (hereinafter Day) (US 20150113276), in view of Ahn et al (hereinafter Ahn) (US 20160277189) and further in view of Sutton et al (hereinafter Sutton) (US 20070124589).

Regarding claim 5 the combination of Ishibashi, Day and Ahn teaches all the limitations of claim 1 above, although the combination of teaches determining first key information using random number, but fails to explicitly teach wherein the determining the first key information includes determining the first key information using a static key and the first random number, however Sutton from analogous art teaches wherein the determining the first key information includes determining the first key information using a static key and the first random number (Sutton on [0020-0021] teaches the unit generates its own random number, the generated random number and the second static key can then be used to generate a session key).
Thus, it would have been obvious to one ordinary skill in the art before the effective filing date to implement the teaching of Sutton into the combined teaching of Ishibashi, Day and Ahn by generating first key information using both the generated random number and the static key. One would be motivated to do so in order to perform mutual authentication between host and smart card using the session key because the session key would be specific to the device which transmits the random number and letter can be used in authentication process when comparing the first random number at the receiver side with the first random number originally generated (Sutton on [0001 and 0021]).

Regarding claim 11 the combination of Ishibashi, Day and Ahn teaches all the limitations of claim 10 above, although the combination teaches determining first key information using random number, but fails to explicitly teach wherein the processing circuitry is configured to calculate the receiver device keying material using a static key and the first random number, however Sutton from analogous art teaches wherein the processing circuitry is configured to calculate the receiver device keying material using a static key and the first random number (Sutton on [0020-0021] teaches the unit generates its own random number. Both the locally generated random number and the second static key can then be used to generate a session key (i.e. receiver device keying material)).
Thus, it would have been obvious to one ordinary skill in the art before the effective filing date to implement the teaching of Sutton into the combined teaching of Ishibashi, Day and Ahn by generating first key information using both the generated random number and the static key. One would be motivated to do so in order to perform mutual authentication between host and smart card using the session key because the session key would be specific to the device which transmits the random number and letter can be used in authentication process when comparing the first random number at the receiver side with the first random number originally generated (Sutton on [0001 and 0021]).


Regarding claim 17 the combination of Ishibashi, Day and Ahn teaches all the limitations of claim 16 above, the combination fails to explicitly teach wherein the processing circuitry is configured to calculate the receiver device keying material using a static key and the second random number, however Sutton from analogous art teaches wherein the processing circuitry is configured to calculate the receiver device keying material using a static key and the second random number (Sutton on [0020-0021] teaches the unit generates its own random number, the generated random number and the second static key can then be used to generate a session key).
Thus, it would have been obvious to one ordinary skill in the art before the effective filing date to implement the teaching of Sutton into the combined teaching of Ishibashi, Day and Ahn by generating first key information using both the generated random number and the static key. One would be motivated to do so in order to perform mutual authentication between host and smart card using the session key because the session key would be specific to the device which transmits the random number and letter can be used in authentication process when comparing the first random number at the receiver side with the first random number originally generated (Sutton on [0001 and 0021]).


Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 

Any inquiry concerning this communication or earlier communications from the examiner should be directed to MOEEN KHAN whose telephone number is (571)272-3522. The examiner can normally be reached 7AM-5PM EST M-TH Alternate Fridays.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Shewaye Gelagay can be reached on (571)272-4219. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.




/MOEEN KHAN/               Examiner, Art Unit 2436                                                                                                                                                                                         
/SHEWAYE GELAGAY/Supervisory Patent Examiner, Art Unit 2436