DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Response to Amendment
This Office action is in response to the amendment filed on 09/06/2022. Claims 1, 10 and 19 have been amended.
Response to Arguments
Applicant's arguments filed on 09/06/2022 have been fully considered but they are not persuasive. Applicant argues that Lakk and Schneier do not disclose “wherein the message is an unencrypted message containing confidential information” (Remarks, pages 9-10). The claim language in the wherein clause suggests or makes optional a feature(s) but does not: (i) require a step(s) to be performed (Claim 1) and the software product implementing the method (Claim 10); and (ii) change the functionalities/structure of the system (Claim 19). Therefore, the scope of the claims are not limited by the claim language (see MPEP 2111.04).
Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1-7, 9-16 and 18-20 are rejected under 35 U.S.C. 103 as being unpatentable over Lakk et al. (US 2020/0127849 A1) in view of Schneier (“Applied Cryptography”).
Regarding claims 1 and 10, Lakk discloses a method and corresponding computer program product, the method comprising:
	generating a value (i.e., choosing a secret/seed k0) (par. [0041]; Fig. 2A);
	applying a hash function to the value producing a hash value (i.e., hashing k0 to generate k1) (par. [0039]; Fig. 2A);
	starting with the hash value, reapplying the hash function in an iterative or recursive manner, with a new hash value produced by the hash function acting as an initial value that is applied to the hash function for a next iteration, until a bit sequence representing a message is produced in a message hash value (i.e., repeating the hashing until kn is generated and sending kn to a registry) (paragraphs [0039]-[0042]; Figures 2A-B); and
	utilizing a previous hash value as a new random value in a cryptosystem, wherein the previous hash value is another hash value produced prior to the message hash value (kn-1 is the current time-bound key (TBK) which is used to generate a BLT Signature) (paragraphs [0041], [0047]-[0052]).
	Lakk does not that the value (secret/seed) is a random value. Schneier discloses using random values (i.e., random secrets/seeds) to generate good keys (i.e., Generate the key bits from either a reliably random source or a cryptographically secure pseudo-random-bit generator…The important thing to remember from a key management point of view is that the random seeds for those generators must be just that: random) (Random Keys, pages 6-7). It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Lakk’s method such that the seed is random, as taught by Schneier.  The motivation for doing so would have been to generate secure, random keys.
	The claim language “wherein the message is an unencrypted message containing confidential information” suggests or makes optional a feature(s) but does not require a step(s) to be performed (Claim 1) and the software product implementing the method (Claim 10). Therefore, the scope of the claims are not limited by the claim language (see MPEP 2111.04).
Regarding claim 19, Lakk discloses system comprising:
	a data processing component (Fig. 6; paragraphs [0103]-[0104]);
	a physical memory (Fig. 6; paragraphs [0103]-[0104]); and
	local data storage having stored thereon computer executable program code (Fig. 6; paragraphs [0103]-[0104]), which when executed by the data processing component, cause the data processing component to:
		generate a value (i.e., choosing a secret/seed k0) (par. [0041]; Fig. 2A);
		apply a hash function to the value producing a hash value (i.e., hashing k0 to generate k1) (par. [0039]; Fig. 2A);
		starting with the hash value, reapply the hash function in an iterative or recursive manner, with a new hash value produced by the hash function acting as an initial value that is applied to the hash function for a next iteration, until a bit sequence representing a message is produced in a message hash value (i.e., repeating the hashing until kn is generated and sending kn to a registry) (paragraphs [0039]-[0042]; Figures 2A-B);
		determine a number of iterations required to produce the message hash value (i.e., knowing value n) (par. [0039]); 
		subtract a predetermined number from the number of iterations producing a second number of iterations (i.e., subtracting the time has passed from n) (par. [0041]); 
		retrieve a second hash value that resulted at the second number of iterations from a hash table (i.e., retrieving the correct k value for the current period) (par. [0041]); and 
		utilize the second hash value as a new random value in a cryptosystem, wherein the second hash value is another hash value produced by the hash function at the second number of iterations (k is the current time-bound key (TBK) which is used to generate a BLT Signature) (paragraphs [0041], [0047]-[0052]).
	Lakk does not that the value (secret/seed) is a random value. Schneier discloses using random values (i.e., random secrets/seeds) to generate good keys (i.e., Generate the key bits from either a reliably random source or a cryptographically secure pseudo-random-bit generator…The important thing to remember from a key management point of view is that the random seeds for those generators must be just that: random) (Random Keys, pages 6-7). It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Lakk’s system such that the seed is random, as taught by Schneier.  The motivation for doing so would have been to generate secure, random keys.
	The claim language “wherein the message is an unencrypted message containing confidential information” suggests or makes optional a feature(s) but does not change the functionalities/structure of the system. Therefore, the scope of the claim is not limited by the claim language (see MPEP 2111.04).
Regarding claims 2 and 11, Lakk further discloses examining the new hash value after a predetermined iteration to determine whether the bit sequence is located in the new hash value; and utilizing the random value as the new random value, upon determining that an inadvertent message is not embedded in the hash value (par. [0056]).
Regarding claims 3, 12 and 20, Lakk further discloses receiving a transmitted random value; applying the hash function on the transmitted random value producing a received hash value; verifying a received message is embedded in the received hash value; and confirming that the received message is received (par. [0056]).
Regarding claims 4 and 13, Lakk further discloses starting with the received hash value, reapplying the hash function a predetermined amount of times prior to verifying the received message (par. [0056]).
Regarding claims 5 and 14, Lakk further discloses determining an iteration count required to produce the message hash value, wherein the iteration count reflects a number of iterations that occurred to produce the message hash value (i.e., knowing value n) (par. [0039]); P201911536US01Page 24 of 28subtracting a predetermined number from the iteration count producing a second iteration count (i.e., subtracting the time has passed from n) (par. [0041]); retrieving a second hash value that resulted at the second iteration count from a hash table (i.e., retrieving the correct k value for the current period) (par. [0041]); and utilizing the second hash value as the new random value (k is the current time-bound key (TBK) which is used to generate a BLT Signature) (paragraphs [0041], [0047]-[0052]).
Regarding claims 6 and 15, Lakk further discloses that the predetermined number is incremented after each use (paragraphs [0039] and [0041]).
Regarding claims 7 and 16, Lakk further discloses that the message hash value indicates an additional protocol feature capability (i.e., the message hash value is a time-bound key used in BLT signature algorithm) (par. [0038]-[0039]).
Regarding claims 9 and 18, Lakk further discloses that the hash function is a hash-based message authentication code (HMAC) (par. [0043]).
Claims 8 and 17 are rejected under 35 U.S.C. 103 as being unpatentable over Lakk and Schneier as applied to claims 1 and 10 above, and further in view of Lamport (“Password Authentication with Insecure Communication”).
Regarding claims 8 and 17, Lakk does not disclose that the message hash value is a pre-shared secret used as an authentication mechanism. Lamport discloses that the message hash value is a pre-shared secret used as an authentication mechanism (Section III – Implementation). It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the combined method of Lakk and Schneier such that the message hash value is a pre-shared secret used as an authentication mechanism, as taught by Lamport.  The motivation for doing so would have been to prevent intruders from learning user’s secret passwords.
Conclusion
THIS ACTION IS MADE FINAL.  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. 

Any inquiry concerning this communication or earlier communications from the examiner should be directed to MINH DINH whose telephone number is (571)272-3802. The examiner can normally be reached Mon-Fri: 9 AM - 5:30 PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jeffrey Nickerson can be reached on 469-295-9235. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.



/MINH DINH/Primary Examiner, Art Unit 2432