Notice of Pre-AIA  or AIA  Status
The present application, filed on or after June 10, 2020, is being examined under the first inventor to file provisions of the AIA .

Detailed action
Claims 1-3, 5, 6, 8-12 and 14-16 are pending and being considered.
Claims 1, 3, 5, 6, 8-12 and 14-16 have been amended.
Specification
The specification filed on 10/05/2022 have been accepted and objection on the title is withdrawn.
Response to 103 
Applicants argument filed on 10/05/2022 have been fully considered and are not persuasive.
In response to applicant’s argument on page 9 of remarks that there is no teaching, suggestion, or motivation to combine the references, the examiner recognizes that obviousness may be established by combining or modifying the teachings of the prior art to produce the claimed invention where there is some teaching, suggestion, or motivation to do so found either in the references themselves or in the knowledge generally available to one of ordinary skill in the art.  See In re Fine, 837 F.2d 1071, 5 USPQ2d 1596 (Fed. Cir. 1988), In re Jones, 958 F.2d 347, 21 USPQ2d 1941 (Fed. Cir. 1992), and KSR International Co. v. Teleflex, Inc., 550 U.S. 398, 82 USPQ2d 1385 (2007).  In this case, Mansour teaches plurality of entities i.e. first and second computers in communication with managing entity backend server in order to securely exchange communication between each entity based on encrypted request and response packet. Le Saint teaches Managing entity i.e. server computers in instance case for generating two different keys i.e. session keys based on different parameters and then perform secure communication between client and server. Similarly, newly cited reference Eric is also directed towards secure communication with in a network by performing encryption/decryption based on keys. Hence the above references taken as whole are directed towards solving the problem of securing communication within a network and would have been obvious for person of ordinary skills in the art to combine the teaching of all the above references to come to the result of securing communication.  See the rejection below more detail of establishing obviousness. 
In response to applicant’s argument on page 12 of remarks that none of the cited references teach “the key KS1 having a first expiration date” and “a derived key DKS1 having a second expiration date”. The examiner acknowledges applicant’s point of view but respectfully disagrees because Mansour on [0010-0011, 0100-0101 and claim 3] teaches first computer (i.e. first entity) generating symmetric key (i.e. derived key DKS1) wherein the symmetric key maybe ephemeral key (i.e. temporary keys having expiry date). Liu (i.e. cited reference) on [0029 and 0069] teaches session key having specific expiry window such as when session ends. The applicant argues that the teaching of Liu found on [0069] is bot equivalent to the claim feature of expiration date of key because the expiration of key in LIU is linked with ending of the session. The examiner acknowledges applicant’s point of view but respectfully disagrees because the claim recites key KS1 with expiration date indicating key KS1 is to be expired after certain time period (i.e. broadly interpreted). Similarly, the session key of LIU is limited use for only one session and will be expired after the session ends, thereby giving the session key certain time period before the key is expired which is equivalent to a key having expiry date. In other words, session based keys, limited use keys, one time key, temporary key, ephemeral key and dynamic keys all corresponds to a key having expiry window. 

Claim Objections
Claims 1, 8, 12, 14 and 16 objected to because of the following informalities:  
Claim 1 line 2 recites “key generation parameter” and line 22 “at least one derivation parameter” the examiner suggests to clarify if the derivation parameter and generation parameter are same. 
Claim 1 line 9 recites “key generation function” and line 22 recites “a derivation function” the examiner suggests to clarify if generation function and derivation function correspond to same purpose.
claim 1 line 7-9 recites “generating by the managing entity the key KS1, using a first secret, the key KS 1 having a first expiration date, said key generation parameter and a key generation function, wherein said first secret is held by the managing entity ” should read as “generating by the managing entity the key KS1, using a first secret, and wherein the key KS1 having first expiration date; ”
Claim 1 line 10 recites “a key KB1” should read as “the key KB1” to be consistence with the key KB1 recited in line 4 of the claim.
Claim 8, the examiner suggests to clarify when does authentication of each first entity is performed because the transmission of key generation parameter is dependent on an authentication request.
Claim 12 recites “regenerating the key KS1” and “regenerating the key DKS1” the examiner suggests to clarify which entity performs the above regenerating steps and the need of performing it.  
claim 14 recites “initialization of the known secret of the second entity” should read as “initialization of the second secret known by the second entity”
Claim 16 recites “each first and second entity” should read as “the first entity and the second entity”

CLAIM INTERPRETATION

The following is a quotation of 35 U.S.C. 112(f):
(f) Element in Claim for a Combination. – An element in a claim for a combination may be expressed as a means or step for performing a specified function without the recital of structure, material, or acts in support thereof, and such claim shall be construed to cover the corresponding structure, material, or acts described in the specification and equivalents thereof. 

The following is a quotation of pre-AIA  35 U.S.C. 112, sixth paragraph:
An element in a claim for a combination may be expressed as a means or step for performing a specified function without the recital of structure, material, or acts in support thereof, and such claim shall be construed to cover the corresponding structure, material, or acts described in the specification and equivalents thereof.

The claims in this application are given their broadest reasonable interpretation using the plain meaning of the claim language in light of the specification as it would be understood by one of ordinary skill in the art.  The broadest reasonable interpretation of a claim element (also commonly referred to as a claim limitation) is limited by the description in the specification when 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, is invoked. 

As explained in MPEP § 2181, subsection I, claim limitations that meet the following three-prong test will be interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph:
(A)	the claim limitation uses the term “means” or “step” or a term used as a substitute for “means” that is a generic placeholder (also called a nonce term or a non-structural term having no specific structural meaning) for performing the claimed function; 
(B)	the term “means” or “step” or the generic placeholder is modified by functional language, typically, but not always linked by the transition word “for” (e.g., “means for”) or another linking word or phrase, such as “configured to” or “so that”; and 
(C)	the term “means” or “step” or the generic placeholder is not modified by sufficient structure, material, or acts for performing the claimed function. 

Use of the word “means” (or “step”) in a claim with functional language creates a rebuttable presumption that the claim limitation is to be treated in accordance with 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph. The presumption that the claim limitation is interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, is rebutted when the claim limitation recites sufficient structure, material, or acts to entirely perform the recited function. 

Absence of the word “means” (or “step”) in a claim creates a rebuttable presumption that the claim limitation is not to be treated in accordance with 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph. The presumption that the claim limitation is not interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, is rebutted when the claim limitation recites function without reciting sufficient structure, material or acts to entirely perform the recited function. 
Claim limitations in this application that use the word “means” (or “step”) are being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, except as otherwise indicated in an Office action. Conversely, claim limitations in this application that do not use the word “means” (or “step”) are not being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, except as otherwise indicated in an Office action.

This application includes one or more claim limitations that do not use the word “means,” but are nonetheless being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, because the claim limitation(s) uses a generic placeholder that is coupled with functional language without reciting sufficient structure to perform the recited function and the generic placeholder is not preceded by a structural modifier.  Such claim limitation(s) is/are: A secure systemin claim 12.

Claim limitation(s) “A secure system” of claims 12 gives their broadest reasonable interpretation of the claim elements with a limited description in the specification. The examiner notes that A system comprises first and second entity having a memory module as hardware structure and the entities are smartphone, table computer etc. See spec [page 8 line 5-20]. Accordingly claims 12 invoke 35 U.S.C. 112 (f) or sixth paragraph, but the corresponding structure is described.

Because these claim limitation(s) are being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, they are being interpreted to cover the corresponding structure described in the specification as performing the claimed function, and equivalents thereof.

If applicant does not intend to have this/these limitation(s) interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, applicant may:  (1) amend the claim limitation(s) to avoid it/them being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph (e.g., by reciting sufficient structure to perform the claimed function); or (2) present a sufficient showing that the claim limitation(s) recite(s) sufficient structure to perform the claimed function so as to avoid it/them being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph.


                                               Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The factual inquiries for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.

The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1-3, 5-6, and 8-10 are rejected under 35 U.S.C. 103 as being unpatentable over Mansour et al (hereinafter Mansour) (US 20170149740) in view of Le Saint et al (hereinafter Le Saint) (US 20180375663) in view of Le Saint et al (hereinafter Eric) (US 20120144193) and further in view of LIU et al (hereinafter LIU) (US 20160127331).

Regarding claim 1 Mansour teaches A secure communication method between a first entity and a second entity with a communication link in at least one network comprising: (Mansour on [0010] teaches method for securing communications between a first computer and a second computer over a communications network);
generating, by the first entity, a derived key DKS 1 having a second expiration date, wherein said derived key DKS 1 is generated with a derivation function using the key KS 1 and at least one derivation parameter (Mansour on [0011, 0100-0101 and claim 3] teaches first computer (i.e. first entity) generating symmetric key (i.e. derived key DKS1) by symmetric encryption algorithms such as AES-256 and 3DES (i.e. derivation function), shared secret (i.e. key KS1) and variable datum (i.e. derivation parameter), wherein shared secret may be a key and variable datum may be a nonce or seed [0025-0026]. See on [0010] teaches the symmetric key maybe ephemeral key (i.e. having expiry date));
aggregating, by the first entity, said at least one derivation parameter to a message intended for the second entity (Mansour Fig 5 block 420G and text on [0122 and 0131] teaches first computer (i.e. first entity) generate a request data packet (i.e. message intended for second entity, since the request data packet is transmitted to second computer) containing nonce 320G (i.e. random number as derivation parameter));
2 4877-1248-5916.v1PABST, et al. - 16/771,524Attorney Docket: 022044-0513560encrypting, by the first entity, using a symmetric encryption algorithm, a content using the derived key DKS1 specific to the first entity (Mansour on [0010] teaches first computer (i.e. first entity) may be an authorization entity computer (i.e. first entity) for encrypting data packet with symmetric key (i.e. DKS1). See on [0114] teaches the first computer may encrypt data block 340 using symmetric key (DKS1). See on [0144] taches the symmetric key derived by the first computer (i.e. specific to first entity). See on [0169] teaches the symmetric key may be derived by taking the Entity ID OR'ed with SequenceNo and taking the result XOR'ed with the value stored in the cache (i.e. key for specific entity));
aggregating, in a message by the first entity, the encrypted content with the key generation parameter specific to the first entity (Mansour on [0124 and 0131] teaches first computer (i.e. first entity) generate a request data packet having the data block 340 (i.e. encrypted data content) and device ID 320B (i.e. key generation parameter), wherein data block 340 is encrypted with symmetric key);
and decrypting, by the second entity, the encrypted content of the message received, using the derived key DKS1 (Mansour on [0010] teaches extracting, by the second computer, the symmetric key from the control block and decrypting, by the second computer, the encrypted data block with the extracted symmetric key. See on [0138 and 0147] teaches the second computer may then decrypt the encrypted data block 340 with the extracted symmetric key 320E. The second computer may decrypt data block 340 based on the algorithm indicated in symmetric algorithm type 320H).
Although Mansour teaches determining derived key using private key and the request and response data in an encrypted format communicated between first and second computer, but fails to explicitly teach transmitting, by each first entity, to a managing entity, a key generation parameter specific to each first entity for obtaining a key KB1,  transmitting, by each first entity, to a managing entity, a key generation parameter specific to each first entity in order to obtain a key KS1, generating by the managing entity one or more keys KS1 specific to one or more first entities, using a first secret, said key generation parameter and a key generation function, wherein said first secret is held by the managing entity, generating by the managing entity one or more keys KB 1 specific to one or more first entities, using a second secret, said key generation parameter specific to each first entity and a key generation function, wherein said second secret is held by the managing entity, supplying, by the managing entity, each key KS 1 to each first entity, supplying, by the managing entity, each key KB 1 to each first entity,  erasing, in a memory of said managing entity, each key KB1, wherein a request for obtaining the key KS1 and a response to said request are encrypted using the key KB 1 stored by each first entity, generating the key KS1, by the second entity, to obtain the derived key DKS1, using the derivation parameter and the derivation function, and determining, by the second entity, said derived key DKS 1 specific to the first entity using said key generation parameter specific to the first entity, the first secret known by the second entity and the key generating function, however Le Saint from analogous art teaches 
transmitting, by the first entity, to a managing entity, a key generation parameter specific to said first entity for obtaining a key KB1 (Le Saint on [0209] teaches the client computer (i.e. first entity) transmits encrypted client data that can be used to identify and track client by authorized entity (client identifier i.e. key generation parameter specific to the client to derive first and second session key equivalent to KS1 and KB1 in view of [0213 and 0224]));
transmitting, by the first entity, to the managing entity, the key generation parameter specific to the first entity in order to obtain a key KS1 (Le Saint on [0209] teaches the client computer (i.e. first entity) transmits encrypted client data that can be used to identify and track client (client identifier i.e. key generation parameter specific to the client to derive first and second session key equivalent to KS1 and KB1 in view of [0213 and 0224]));
generating by the managing entity the key KS1, using a first secret, [[the key KS 1 having a first expiration date,]] said key generation parameter and a key generation function, [[wherein said first secret is held by the managing entity]] (Le Saint on [0213] teaches the server computer (i.e. managing entity) can determine the first session key (i.e. key KS1, wherein the session keys are only used for specific session indicating expiry date) using a key derivation function (“KDF”) based on the first intermediate shared secret (i.e. first secret), the server identifier (“ID_s”), and the client identifier (i.e. key generation parameter));
 generating by the managing entity a key KB 1, using a second secret, said key generation parameter specific to the first entity and the key generation function, [[wherein said second secret is held by the managing entity]] (Le Saint on [0224] teaches the server computer can determine a second session key (i.e. one or more keys KB1) using a key derivation function (i.e. key generation function) based on the second intermediate shared secret (i.e. second secret), the server identifier for this communication session, and the client identifier (i.e. key generation parameter) for this session);
erasing, in a memory of said managing entity, the key KB 1, [[wherein a request for obtaining the key KS1 transmitted by the first entity to the managing entity and a response to said request supplied by the managing entity to the first entity are encrypted using the key KB1 stored by the first entity]] (Le Saint on [0226] teaches the server computer can zeroize (i.e. erase) the second session key).

Thus, it would have been obvious to one ordinary skill in the art before the effective filing date to implement the teaching of Le Saint into the teaching of Mansour by generating first and second session key based on key generation function, key generation parameter and shared secret and erasing the generated session key from the memory after performing operation based on the generated session keys. One would be motivated to do so in order to perform secure authentication based on session keys generated based on the client identifier in order to perform secure communication between different entities (Le Saint on [0001]).

The combination of Mansour and Le saint fails to explicitly teach supplying, by the managing entity, each key KS 1 to each first entity, supplying, by the managing entity, each key KB 1 to each first entity, generating the key KS1, by the second entity, to obtain the derived key DKS1, using the derivation parameter and the derivation function and determining, by the second entity, said derived key DKS 1 specific to the first entity using said key generation parameter specific to the first entity, the first secret known by the second entity and the key generating function, however Eric from analogous art teaches wherein said first and second secret is held by the managing entity (Eric on [0049 and 0076] teaches second computer storing shared secret for initializing);
obtaining, by the second entity, the derived key DKS1, using the key KS1, the at least one derivation parameter and the derivation function (Eric on [0070] teaches SAM host (i.e. second entity) determines session keys (i.e. derived key DSK1) by applying key derivation function KDF (i.e. key generation function) using shared secret Z, ephemeral public key (Q.sub.eh i.e. KS1) client OTID (i.e. key generation parameter)).
determining, by the second entity, said derived key DKS 1 specific to the first entity using said key generation parameter specific to the first entity, the first secret known by the second entity and the key generating function (Eric on [0070] teaches SAM host (i.e. second entity) determines session keys (i.e. derived key DSK1) by applying key derivation function KDF (i.e. key generation function) using shared secret Z, ephemeral public key (Q.sub.eh i.e. KS1) client OTID (i.e. key generation parameter)).
Thus, it would have been obvious to one ordinary skill in the art before the effective filing date to implement the teaching of Eric into the combined teaching of Mansour and Le Saint by determining by the second computer a key in received packet based on key generation parameter and shared secret to perform secure communication. One would be motivated to do so in order to perform secure authentication of the requesting device based on session keys generated in order to perform secure communication between different entities (Eric on [0010-0012]).

	Although the combination of Mansour, Le Saint and Eric teaches generating first and second session key (i.e. key KS1 and KB1) and transmitting the requested key in an encrypted packet, but fails to explicitly teach supplying, by the managing entity, each key KS 1 to each first entity, supplying, by the managing entity, each key KB 1 to each first entity, wherein a request for obtaining the key KS1 and a response to said request are encrypted using the key KB1, however LIU from analogous art teaches supplying, by the managing entity, the key KS 1 to the first entity (LIU on [0075] teaches the server sends encrypted first session key to the peripheral device);
the key KS 1 having a first expiration date (LiU on [0029 and 0069] teaches session key having specific expiry window such as when session ends)
 supplying, by the managing entity, the key KB 1 to the first entity (LIU on [0083] teaches in response to the session request, the server generates a second session key different from the first session key. The server (i.e. managing entity) then sends the second session key to the peripheral device (i.e. first entity));
wherein a request for obtaining the key KS1 transmitted by the first entity to the managing entity and a response to said request supplied by the managing entity to the first entity are encrypted using the key KB1 stored by the first entity (LIU on [0080] teaches the server receives first communication (i.e. response) that is sent from the peripheral device via the control device and encrypted with the first session key by the peripheral device. See on [0089] teaches the server receives a key updating request that is encrypted with the first session key and sent from the peripheral device via the control device, the key request including an updated encryption key corresponding to the predetermined device ID, and the key updating request is accompanied by the predetermined device ID of the peripheral device);
 sending, by the first entity, the message directly to the second entity (LIU Fig 1 and text on [0033] teaches the peripheral device (i.e. first entity direct communication with second entity) encrypts communication data by using the second key to obtain encrypted communication data, and transmits the encrypted communication data to the client (i.e. second entity)).

Thus, it would have been obvious to one ordinary skill in the art before the effective filing date to implement the teaching of LIU into the combined teaching of Mansour, Le Saint and Eric by sending the first and second session keys to the requesting device based on encrypted request. One would be motivated to do so in order to establish encrypted communication between plurality of devices in a network to securely transmit private data between each other (LIU on [0004-0006]). 

Regarding claim 2 the combination of Mansour, Le Saint, Eric and LIU teaches all the limitations of claim 1 above, Mansour further teaches further comprising a step of sending a response to the message, encrypted by the symmetric encryption algorithm using the first key KS1 and/or an additional step of erasing the key KS1 in a memory of the second entity (Mansour on [0139-0141] teaches the second computer may then generate a response data packet 400 to return to the first computer. The second computer may include in response data packet 400 the leader block 410 comprising entity name 410A, zone 4108, and control block encryption type 410C. The entity name 410A and zone 410B in leader block 410 may be echoed from those in leader block 310 of request data packet 300. The second computer may also encrypt control block 420 using encryption key 450. In some cases, the second computer may derive encryption key 450 by computing Hash(Symmetric Key.parallel.Entity Name.parallel.Zone), where the symmetric key is symmetric key 320E received in request data packet 300. The second computer may include information indicating the symmetric encryption type utilized to encrypt control block 420 in control block encryption type 410C. See on [0100-0102] teaches request and response packet including symmetric algorithm).
Regarding claim 3 the combination of Mansour, Le Saint, Eric and LIU teaches all the limitations of claim 1 above, Eric further teaches further comprising a prior step of initializing the second entity comprising storing said first secret (Eric on [0049 and 0076] teaches second computer storing shared secret for initializing).
Thus, it would have been obvious to one ordinary skill in the art before the effective filing date to implement the teaching of Eric into the combined teaching of Mansour and Le Saint by storing the shared secret in second entity. One would be motivated to do so in order to perform secure authentication of the requesting device based on session keys generated in order to perform secure communication between different entities (Eric on [0010-0012]).

Regarding claim 5 the combination of Mansour, Le Saint, Eric and LIU teaches all the limitations of claim 1 above, Mansour further teaches wherein said at least one derivation parameter comprises at least one random key generated by said first entity (Mansour on [026] teaches a variable datum i.e. derivation parameter is random value).
Regarding claim 6 the combination of Mansour, Le Saint, Eric and LIU teaches all the limitations of claim 1 above, Mansour further teaches wherein transmitting the key generation parameter for the key KS1 and of supplying said key KS1 are carried out by sending a request for obtaining the key and a response to said request (Mansour Fig 3-4 and text on [0140-0142] teaches first computer sends request data packet containing keys parameters shared secret random value etc. and the second computer receives the request data packet and generated a respond data packet 400);
 wherein the first entity is in a communication link with the managing entity in said network (Mansour on [0058] teaches an authorization entity web application server 112 (i.e. managing entity) in communication with an authorization entity backend server 114 and a service provider computer 116. The authorization entity backend server 114 and service provider computer 116 may be in communication with a processor server computer 118. The processor server computer 118 may provide tokenization services and may also be known as a token service computer or token service provider computer).
Regarding claim 8 the combination of Mansour, Le Saint, Eric and LIU teaches all the limitations of claim 1 above, Le Saint further teaches wherein the transmission by the first entity, to the managing entity, of the key generation parameter specific to the first entity for obtaining the third key is carried out at a same time as an authentication of the first entity with the managing entity (Le Saint on [0209-0212] teaches the client computer can transmit the encrypted client data (i.e. having client identifier used by the server to compute session key ) and blinded client public key (i.e. authentication request because server performs authentication based on the blinded public key) same time  to the server computer (i.e. managing entity)).
Thus, it would have been obvious to one ordinary skill in the art before the effective filing date to implement the teaching of Le Saint into the teaching of Mansour by sending the key generation parameter along with authentication request to the managing entity. One would be motivated to do so in order to perform secure authentication based on session keys generated based on the client identifier in order to perform secure communication between different entities (Le Saint on [0001]).

Regarding claim 9 the combination of Mansour, Le Saint, Eric and LIU teaches all the limitations of claim 1 above, Mansour further teaches said public key and the corresponding private key being stored by said first entity (Mansour on [0152] teaches one storing a particular private key corresponding to a particular public key);
 Le Saint teaches wherein transmission by said first entity, to the managing entity, of the key generation parameter for obtaining the key KB1 is carried out jointly with the transmission of a public key (Le Saint on [0209-0212] teaches the client computer can transmit the encrypted client data (i.e. having client identifier used by the server to compute session key ) and blinded client public key same time  to the server computer (i.e. managing entity)).
Thus, it would have been obvious to one ordinary skill in the art before the effective filing date to implement the teaching of Le Saint into the teaching of Mansour by sending the key generation parameter for generating key jointly with public key. One would be motivated to do so in order to perform secure authentication based on session keys generated based on the client identifier in order to perform secure communication between different entities (Le Saint on [0001]).

The combination Mansour, Le Saint, Eric and the cited portion LIU fails to explicitly teach the third key thus being encrypted using said public key, by the managing entity, prior to the transmission thereof to said first entity, however LIU on different portion teaches wherein the key KB1 encrypted by the managing entity using said public key, by the managing entity, prior to the transmission thereof to said first entity (LIU on [0028-0029 and 0051] teaches encrypting the second key using the first key. See also on [0084] teaches encrypting first and second session key using the pre-stored key).
Thus, it would have been obvious to one ordinary skill in the art before the effective filing date to implement the teaching of LIU cited on different portion into the combined teaching of Mansour, Le Saint and Eric by sending the first and second session keys to the requesting device based on encrypted request and encrypting the first and second session key. One would be motivated to do so in order to establish encrypted communication between plurality of devices in a network to securely transmit private data between each other (LIU on [0004-0006]). 

Regarding claim 10 the combination of Mansour, Le Saint, Eric and LIU teaches all the limitations of claim 1 above, Mansour further teaches wherein said at least one key generation parameter comprises at least one identifier of said first entity (Mansour Fig 4 block 320 and text on [0023] teaches a request data packet 300 (i.e. message) with at least on entity device ID (i.e. key generation parameter)).
Regarding claim 11 the combination of Mansour, Le Saint, Eric and LIU teaches all the limitations of claim 10 above, LIU teaches wherein said at least one key generation parameter further comprises the first expiration date of the key KS1 generated by the first entity (LIU on [0029 and 0069] teaches key valid for certain period of time and expires when session ends).
Thus, it would have been obvious to one ordinary skill in the art before the effective filing date to implement the teaching of LIU into the combined teaching of Mansour, Le Saint and Eric by having a key which expires after certain period of time. One would be motivated to do so in order to establish encrypted communication between plurality of devices in a network to securely transmit private data between each other based on dynamic key which is only valid for specific session (LIU on [0004-0006]). 

Claims 12 and 14-16 are rejected under 35 U.S.C. 103 as being unpatentable over Mansour et al (hereinafter Mansour) (US 20170149740) in view of Le Saint et al (hereinafter Le Saint) (US 20180375663) in view of Buckley et al (hereinafter Buckley) (US 20130182843) and further in view of LIU et al (hereinafter LIU) (US 20160127331).

Regarding claim 12 Mansour teaches A secure system for exchanging data between a first entity and a second entity with a communication link in at least one network (Mansour on [0010] teaches system for securing communications between a first computer and a second computer over a communications network);
 said first and second entities each comprising a calculation module, a memory module and a network communication interface, the secure system comprising said first and second entities and a managing entity, wherein said managing entity comprises (Mansour on [0014] teaches computer (i.e. first and second computer) having memory (i.e. memorizing) for storing instruction (i.e. Program). See on [0064] teaches network interface (e.g., by an external communication interface). See on [0135] teaches the first computer may send, over a communications network, request data packet 300 to the second computer. See Fig 2 teaches first and second computer in communication with backend server 114 (i.e. managing entity). See on [0111] teaches hash algorithm 320I may indicate the hash algorithm utilized for signature calculation (i.e. calculation module));
a program for transmitting aggregated encrypted data with at least a parameter specific to the first entity allowing for a generation of the derived key DKS1 (Mansour Fig 3-4 and text on [0080-0085 and 0095-0097] teaches request and response packet containing the encrypted data along with specific parameter such as type of algorithm, nonce entity identifier for generating symmetric key. See on [0011, 0100-0101 and claim 3] teaches first computer (i.e. first entity) generating symmetric key (i.e. derived key DKS1) by symmetric encryption algorithms such as AES-256 and 3DES (i.e. derivation function), shared secret (i.e. key KS1) and variable datum (i.e. derivation parameter), wherein shared secret may be a key and variable datum may be a nonce or seed [0025-0026]); 
a program for generating a derived key DKS 1 having second expiration date from a key derivation parameter specific to the first entity and the key KS1 (Mansour on [0011, 0100-0101 and claim 3] teaches first computer (i.e. first entity) generating symmetric key (i.e. derived key DKS1) by symmetric encryption algorithms such as AES-256 and 3DES (i.e. derivation function), shared secret (i.e. key KS1) and variable datum (i.e. derivation parameter), wherein shared secret may be a key and variable datum may be a nonce or seed [0025-0026]. See on [0010] teaches the symmetric key maybe ephemeral key (i.e. having expiry date)); 
and a program for encrypting and decrypting data using said derived key DKS 1 and a symmetric encryption algorithm (Mansour on [0014] teaches computer (i.e. first and second computer) having memory (i.e. memorizing) for storing instruction (i.e. Program). See on [0010] teaches first computer may be an authorization entity computer (i.e. first entity) for encrypting data packet with symmetric key and decrypting, by the second computer, the encrypted data block with the extracted symmetric key. See on [0011] teaches the symmetric key may be a first symmetric key. See on [0133] teaches the first computer may encrypt data block 340 using symmetric key).
	Mansour fails to teach 4877-1248-5916.v1PABST, et al. - 16/771,524 Attorney Docket: 022044-0513560and wherein the memory module of each first entity memorizes: a program for transmitting aggregated encrypted data with at least a parameter specific to the first entity allowing for a generation of the key KS1, and wherein the memory module of each second entity memorizes: a program for regenerating the key KS1 using said key generation parameter specific to the first entity and the second secret known by the second entity, wherein the first secret is held by the managing entity, wherein the second secret is held by the managing entity, a program for regenerating the key DKS 1 using said key derivation parameter specific to the first entity and the key KS1, however Le Saint form analogous art teaches a program for generating a key KS1 from a key generation parameter specific to the first entity and a first secret, [[wherein the first secret is held by the managing entity]] and wherein the key KS1 having a first expiration date (Le Saint on [0213] teaches the server computer (i.e. managing entity) can determine the first session key (i.e. key KS1, wherein session keys are known to be used only for session indicating having expiry date) using a key derivation function (“KDF”) based on the first intermediate shared secret (i.e. first secret), the server identifier (“ID_s”), and the client identifier (i.e. key generation parameter));
a program for generating a key KB 1 from a key generation parameter specific to the first entity and a second secret, [[wherein the second secret is held by the managing entity]] (Le Saint on [0224] teaches the server computer can determine a second session key (i.e. one or more keys KB1) using a key derivation function (i.e. key generation function) based on the second intermediate shared secret (i.e. second secret), the server identifier for this communication session, and the client identifier (i.e. key generation parameter) for this session);
 4 4877-1248-5916.v1PABST, et al. - 16/771,524Attorney Docket: 022044-0513560and wherein the memory module of the first entity stores: a program for transmitting aggregated encrypted data with at least a parameter specific to the first entity allowing for a generation of the key KS1 (Le Saint on [0209] teaches the client computer (i.e. first entity) transmits encrypted client data that can be used to identify and track client by authorized entity (client identifier i.e. key generation parameter specific to the client to derive first and second session key equivalent to KS1 and KB1 in view of [0213 and 0224]));
 and wherein the memory module of the second entity stores: a program for regenerating the key KS1 using said key generation parameter specific to the first entity and the second secret known by the second entity (Le Saint on [0224] teaches the server computer can determine a second session key (i.e. keys KS1 are regenerated by the managing entity because the client generates the session key and the same session keys are regenerated by the server) using a key derivation function (i.e. key generation function) based on the second intermediate shared secret (i.e. second secret), the server identifier for this communication session, and the client identifier (i.e. key generation parameter) for this session. See on [0055 and 0058] teaches the client computer generates the first session key using a key derivation function based on the shared secret, an identifier of the server computer. The server computer 280 may also may determine the same first session key (i.e. regenerating the key) determined by the client computer 240 using a key derivation function based on the shared secret, an identifier of the server computer 280, and an identifier of the communication session).
Thus, it would have been obvious to one ordinary skill in the art before the effective filing date to implement the teaching of Le Saint into the teaching of Mansour by generating first and second session key based on key generation function, key generation parameter and shared secret and regenerating the key by second entity using the same secret. One would be motivated to do so in order to perform secure authentication based on session keys generated based on the client identifier in order to perform secure communication between different entities (Le Saint on [0001]).

Although the combination of Mansour and Le Saint teaches first and second computer generating keys based on shared secret (i.e. Le Saint) and symmetric key is determined by the second entity for decryption (i.e. taught by Mansour), but fails to explicitly teach storing the first and second secret and regenerating the DSK1 based on derivation parameter and the key SK1, however Buckley teaches wherein the first secret is held by the managing entity, wherein the second secret is held by the managing entity (Buckley on [0035-0037] teaches each entity assigned with unique secret stored in a secure database);
a program for regenerating the key DKS 1 using said key derivation parameter specific to the first entity and the key KS1 (Buckley on [0019-0020] teaches the key management service KMS including stored instruction for regenerating traffic encryption key (TEK) key using CS identifier (i.e. key derivation parameter), nonce value and TGK key (i.e. key KS1)).

Thus, it would have been obvious to one ordinary skill in the art before the effective filing date to implement the teaching of Buckley into the combined teaching of Mansour and Le Saint by storing the shared secret of each entities and regenerating the decryption key for decrypting the packet. One would be motivated to do so in order to provide secure communication between different entities based on discarding the keys used in encryption and re-generating the same key based on the same parameter when its requited (Buckley on [0003-0005]).

Although Le Saint teaches session key, but fails to explicitly teach session keys having expiry date, however LIU from analogous art teaches the key KS 1 having a first expiration date (LiU on [0029 and 0069] teaches session key having specific expiry window such as when session ends).

Thus, it would have been obvious to one ordinary skill in the art before the effective filing date to implement the teaching of LIU into the combined teaching of Mansour, Le Saint and Buckley by having key with expiration window. One would be motivated to do so in order to establish encrypted communication between plurality of devices in a network to securely transmit private data between each other (LIU on [0004-0006]). 


Regarding claim 14 the combination of Mansour, Le Saint, Buckley and LIU teaches all the limitations of claim 12 above, Le Saint further teaches wherein the managing entity comprising a program for initializing the second entity which includes initialization of the first known secret of the second entity (Le Saint on [0044] teaches the client computer 140 can transmit a request message to the server  to initiate the establishment of secure communication.  The client computer 140 may encrypt the identification data of the response message using the shared secret (i.e. initialization of shared secret) to obtain encrypted identification data).
Thus, it would have been obvious to one ordinary skill in the art before the effective filing date to implement the teaching of Le Saint into the teaching of Mansour by initializing the shared secret to initialize the one or more entities requesting communication. One would be motivated to do so in order to perform secure authentication based on session keys generated based on the client identifier in order to perform secure communication between different entities (Le Saint on [0001]).
Regarding claim 15 the combination of Mansour, Le Saint, Buckley and LIU teaches all the limitations of claim 14 above, Le Saint further teaches further comprising a plurality of second entities organized into at least one batch, in such a way as to access the same resource by the same batch of second entities that share the same secret (Le Saint on [0029] teaches the first and second computer share the same shared secret. The first computer and the second computer may both use the shared secret to generate a session key. See on [0040 and 0065] teaches the first and the second computer generate and share the same secret for generating session key (i.e. to access same resource) for encrypting communication. See on [0044-0045] teaches the client computer encrypts identification data using shared secret and the server computer decrypts the identification data using the shared secret (i.e. having access to same resource using same shared secret)).
Thus, it would have been obvious to one ordinary skill in the art before the effective filing date to implement the teaching of Le Saint into the teaching of Mansour by using the same shared secret to access resource within communication network. One would be motivated to do so in order to perform secure authentication based on shared secret between different entities communicating in a network in order to perform secure communication between different entities (Le Saint on [0001]).

Regarding claim 16 the combination of Mansour, Le Saint, Buckley and LIU teaches all the limitations of claim 12 above, Mansour further teaches wherein each first and second entity comprises a key derivation program according to at least one derivation parameter (Mansour Fig 4-5 block 320i, 320j, 420i and 420j teaches HMAC hash algorithm (i.e. key derivation program) and key value (i.e. parameter)).
Conclusion
THIS ACTION IS MADE FINAL.  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. 

Any inquiry concerning this communication or earlier communications from the examiner should be directed to MOEEN KHAN whose telephone number is (571)272-3522.  The examiner can normally be reached on 7AM-5PM EST M-TH Alternate Fridays.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Shewaye Gelagay can be reached on (571)272-4219.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/MOHAMMAD W REZA/Primary Examiner, Art Unit 2436                                                                                                                                                                                                        




/MOEEN KHAN/               Examiner, Art Unit 2436