DETAILED ACTION
This Non Final Office Action is in response to Request for Continued Examination filed on 09/07/2022. Claims 1,4-5, 7-10, 12, 14-20  have been amended. Claims 1-20 filed on 09/07/2022 remain pending in the application.

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Drawings
The drawings filed on 03/21/2022 are accepted.

Information Disclosure Statement
The information disclosure statements (IDS) submitted on 09/14/2022 have been considered. The submission is in compliance with the provisions of 37 CFR 1.97.  Accordingly an initialed and dated copy of Applicant's IDS form 1449 filed 09/14/2022 are attached to the instant Office action. 

Continued Examination Under 37 CFR 1.114
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection.  Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114.  Applicant's submission filed on 09/07/2022 has been entered.

Examiner’s Note
Examiner contacted and presented the applicant’s representative, Mr. Chase Means, Reg. No. 71, 517, with examiner’s proposed amendments on 12/12/2022. The applicant declined the examiner’s proposed amendments and requested an office action.
	Response to Arguments filed on 09/07/2022
Applicant's arguments filed 09/07/2022have been fully considered but they are not persuasive.
Applicant stated “None of the cited references teach or suggest such features. Indeed, claim 1 as reproduced above has been amended to specify that "a plurality of pairs ... including a unique ID (UID) and secret key" are retrieved based on "at least one parameter comprising at least one of a device type or a date range," as claimed. (Emphasis added.) Claims 10 and 16 have been amended to recite similar subject matter… For example, page 5 of the Office Action cites 17:8-15 of Griffin as allegedly teaching retrieving at least one pair including a unique ID and a secret key. However, this portion of Griffin does not teach or suggest that "a plurality of pairs ... including a unique ID (UID) and secret key" are retrieved based on "at least one parameter comprising at least one of a device type or a date range," as claimed. Instead, Griffin relates only to retrieving a single "HMAC key cryptogram" and single "unique identifier," not a plurality of pairs as claimed. In addition, Griffin does not teach or suggest retrieving a plurality of pairs based on at least one parameter comprising at least one of a device type or a date range as claimed… Thomas does not teach or suggest that "a plurality of pairs ... including a unique ID (UID) and secret key" are retrieved based on "at least one parameter comprising at least one of a device type or a date range," as claimed. Instead, Thomas relates only to single pairing message for which a device may receive a single "encrypted key generator" and a single "random number," not a plurality of pairs as claimed. In addition, Griffin does not teach or suggest retrieving a plurality of pairs based on at least one parameter comprising at least one of a device type or a date range as claimed. The remaining references cited in the Office Action do not cure the defects of Griffin and Thomas described above”.
Examiner respectfully disagrees. Examiner submits that the combination of Griffin in view of Thomas disclose the above argued limitation. Particularly. Griffin discloses retrieving a plurality of pairs, as described in e.g. Figure 4, where a plurality of pairs, e.g. (412-414) and (426-428) are retrieved from server storage 142, where each pair includes a different ID and is utilized to generate and return seed 1 (418) and seed 2 (432), corresponding to first and second activation codes, respectively, as disclosed in Col. 9 line 48-67 and Col. 10 line 1-36, with the motivation of encrypting different information with different keys, similarly see Figure 7 (714-716) and (734-736) for the plurality of pairs retrieval (714-716) and (734-736), where each pair comprises a different ID as illustrated in Figure 4. The concept of different ID and different key being retrieved for each pair is also illustrated in Figure 7. Griffin does not explicitly disclose the retrieval based on the at least one parameter as claimed, however, Thomas discloses the retrieval based on the parameter, i.e. retrieving an encrypted/secret key generator and a random number, corresponding to the UID, where the random number identifies a unique key for decrypting the retrieved encrypted key generator. Furthermore, Thomas discloses in [0013] retrieving a pair based on a device type, where there are plurality of device types as disclosed in [0045, 0077], and accordingly have their corresponding pair disclosed above in [0013]. Therefore, the combination of Griffin in view of Thomas discloses the above argued limitation. Please see detailed rejection below.
Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459 (1966), that are applied for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.

Claims 1-2, 10 and 16 are rejected under 35 U.S.C. 103 as being unpatentable over Griffin (US 10615969 B1), hereinafter Griffin in view of Thomas et. al. (US 20100306538 A1), hereinafter Thomas.
Regarding claim 1 (Currently Amended), Griffin teaches a method comprising: 
receiving a request for an activation code database from a remote computing device (Griffin Figure 9, Col. 17 line 8-15 “To obtain a seed 132 for the DEK 130, the database server 116 sends a request to the HSM 118 over a secured channel, such as the secure connection 150. At 918, the database server 116 retrieves the HMAC key cryptogram 126 from the local storage 142. At 920, the database server 116 retrieves the unique identifier 128 from the local storage 142. These retrieved values are sent to the HSM 118 through the secure connection 150.”, where the seed 132 generated, based on HMAC in Figure 9 (924), corresponds to the activation code,
consistent with the activation code generated based on HMAC in the instant application [0054]), 
retrieving a plurality of pairs [based on the at least one parameter], each of the plurality of pairs (Griffin Figure 9 (918,920, 956) Col. 17 line 8-15 “To obtain a seed 132 for the DEK 130, the database server 116 sends a request to the HSM 118 over a secured channel, such as the secure connection 150. At 918, the database server 116 retrieves the HMAC key cryptogram 126 from the local storage 142. At 920, the database server 116 retrieves the unique identifier 128 from the local storage 142. These retrieved values are sent to the HSM 118 through the secure connection 150.”, where the HMAC key cryptogram 126 and the unique identifier 128 correspond to the secret key and unique ID (UID), respectively, Griffin further discloses the above described concept for a plurality of pairs retrieved, as described in e.g. Figure 4, where a plurality of pairs, e.g. (412-414) and (426-428) are retrieved from server storage 142, where each pair is utilized to generate seed 1 (418) and seed 2 (432), corresponding to first and second activation codes, respectively, as disclosed in Col. 9 line 48-67 and Col. 10 line 1-36, with the motivation of encrypting different information with different keys, similarly see Figure 7 for the plurality of pairs retrieval (714-716) and (734-736)); 
generating [[an]] at least a first activation code for [[the]] a first UID of the plurality of pairs; and returning the first activation code to the remote computing device (Griffin Figure 9 (924, 928, 958) Col. 17 line 38-40 and 48-59 “At 922, the HMAC key cryptogram 126 is decrypted by the key manager circuit 114 using the master key encryption key 122 to obtain the HMAC key 124…At 924, a seed 132 is generated by the key manager circuit 114 using the HMAC key 124 and the unique identifier 128. The seed 132 is generated by calling an HMAC function, the executable file for which may be, for example, installed on the HSM 118, and transmitted to the database server 116 through the secure connection 150. The purpose of the seed 132 is to securely generate a secret value that serves as an input to a key derivation function (KDF) executed on the database server 116 to generate the DEK 130. Advantageously, at 928 and 930, respectively, the HMAC key 124 and the unique identifier 128 are deleted from the HSM 118 to reduce security vulnerabilities.”, Figure 4, where a plurality of pairs, e.g. (412-414) and (426-428) are retrieved from server storage 142, where each pair is utilized to generate and return seed 1 (418) and seed 2 (432), corresponding to first and second activation codes, respectively, as disclosed in Col. 9 line 48-67 and Col. 10 line 1-36).
While Griffin discloses the aforementioned limitations, however, Griffin does not explicitly disclose that the request includes a parameter, and retrieving/determining the above mentioned pair based on the parameter.
Griffin discloses a request and retrieving a plurality of pairs comprising unique ID (UID) and secret key, however, Griffin does not disclose the below limitations.
Thomas discloses the request including at least one parameter comprising at least one of a device type or a date range (Thomas [0013] “…a host device may establish trust with an accessory device. The host device may include a storage medium and a communication interface that is adapted to communicate with the accessory device. A processing circuit may be coupled to the communication interface and the storage medium. The processing circuit may send a pairing request message including an identification of a device type of the host device to an accessory device, and may receive an encrypted key generator and a random number from the accessory device in response. The key generator may be encrypted using an encryption key derived from the random number and a global key, which global key is known to the host device and is the same value for all devices of a same device type. The processing circuit may use the global key and the received random number to derive the encryption key used for decrypting the key generator. Using the key generator and the random number, the processing circuit may derive a device key for use establishing secure delivery of content from the accessory device.”),
and retrieving…based on the at least one parameter, each of the plurality of pairs (Thomas [0013] “The processing circuit may send a pairing request message including an identification of a device type of the host device to an accessory device, and may receive an encrypted key generator and a random number from the accessory device in response. The key generator may be encrypted using an encryption key derived from the random number and a global key, which global key is known to the host device and is the same value for all devices of a same device type. The processing circuit may use the global key and the received random number to derive the encryption key used for decrypting the key generator. Using the key generator and the random number, the processing circuit may derive a device key for use establishing secure delivery of content from the accessory device.”, where the retrieved pair based on the request is 1) an encrypted key generator, corresponding to a secret key generator, and 2) a random number, which is a unique number to be used in conjunction with a global key to derive and identify a unique decryption key for decryption the encrypted key generator where the random number corresponds to a unique ID, , where there are plurality of device types as disclosed in [0045, 0077], and accordingly have their corresponding pair disclosed above in [0013]).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Griffin to incorporate the teaching of Thomas to utilize the above feature, with the motivation of establishing trust and secure delivery of content between the communicating devices, as recognized by (Thomas [0013]).

Claims 10 (Currently Amended) and 16 (Currently Amended) are directed to a non-transitory computer-readable storage medium and device, respectively, associated with the method claimed in claim 1. Claims 10 and 16 are similar in scope to claim 1, and are therefore rejected with the same rationale and motivation as claim 1. 

Regarding claim 2 (Original), Griffin in view of Thomas teaches the method of claim 1, wherein the request is received using a secure communications channel (Griffin Col. 17 line 8-15 “To obtain a seed 132 for the DEK 130, the database server 116 sends a request to the HSM 118 over a secured channel, such as the secure connection 150”).  

Claims 3-4 and 11 are rejected under 35 U.S.C. 103 as being unpatentable over Griffin (US 10615969 B1), hereinafter Griffin in view of Thomas et. al. (US 20100306538 A1), hereinafter Thomas, Libonate (US 20150312255 A1), hereinafter Libonate ,Sidle (US 20110246773 A1), hereinafter Sidle and John et. al. (US 20190149527 A1), hereinafter John.

Regarding claim 3 (Previously Presented), Griffin in view of Thomas teaches the method of claim 1, 
Griffin does not teach the below limitation.
Thomas discloses wherein the at least one parameter comprises the device type. Rationale and motivation in claim 1 apply.
Griffin in view of Thomas do not disclose the below limitations.
Libonate discloses wherein the at least one parameter comprises a customer identifier (CID) (Libonate illustrates in Figure 1 a user device sending a request which includes a subscriber identifier, i.e. a customer identifier (CID)), 
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Griffin to incorporate the teaching of Libonate to utilize the above feature, with the motivation of associating the request with subscriber identifier and then a unique identifier instead of the device/customer identifier, which prevent tracking device/customer requests and activities, as recognized by (Libonate [0014]).
Griffin in view of Thomas and Libonate do not disclose the below limitations.
Sidle discloses wherein the at least one parameter comprises a first nonce value (Sidle [0035-0040] “a request message 10a is generated by the client module 40 which includes the following data:… Nonce (used to detect replays)”).
 It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Griffin in view of Libonate to incorporate the teaching of Sidle to utilize the above feature, with the motivation detecting replay attack (Sidle [0040]).
Griffin in view of Thomas, Libonate and Sidle do not disclose the below limitations.
John discloses wherein the at least one parameter comprises the date range (John [0066] “At step 402, the access device 102 may reside on the airplane and may transmit a key request message to the key management server 114, requesting a first key identifier and a first public key corresponding to a first private key. The access device 102 may include data that indicates the request time and the requested time by which to receive the first ephemeral public key and the key identifier. The request message may also include the number of requested public keys, the requested time to live on each of the requested public keys, and any other relevant request information.”, where the request includes a time to live duration, corresponding to date/time range/duration).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Griffin in view of Thomas, Libonate and Sidle to incorporate the teaching of John to utilize the above feature, with the motivation of ability to establish a successful connection between the access device and a remote computer during an connection intermittent environment., as recognized by (John Abstract [0064] and throughout).

Claim 11 (Previously Presented) is directed to a non-transitory computer-readable storage medium associated with the method claimed in claim 3. Claim 11 is similar in scope to claim 3, and are therefore rejected with the same rationale and motivation as claim 3.

Regarding claim 4 (Currently Amended), Griffin in view of Thomas, Libonate, Sidle and John teaches the method of claim 3, 
wherein retrieving the [[pair]] plurality of pairs comprises querying a hardware security manager (HSM) [using the CID, device type, and date range] (Griffin discloses retrieval of the pair as described in Figure 9 (918,920, 956) Col. 17 line 8-15, which involves/comprises the database server querying the HSM, Col. 17 line 8-15 “To obtain a seed 132 for the DEK 130, the database server 116 sends a request to the HSM 118 over a secured channel, Figure 4 as described in claim 4 further describe the plurality of pairs).
Griffin does not disclose the below limitations. 
Thomas discloses the request uses device type, rationale and motivation described in claim 3 apply.
Griffin in view of Libonate do not disclose the below limitation.
Libonate discloses the request uses the CID, rationale and motivation described in claim 3 apply.
Griffin in view of Thomas, Libonate and Sidle do not disclose the below limitation.
John discloses using the date range, rationale and motivation described in claim 3 apply.

Claims 5, 7-8, 12, 14, 17 and 19 are rejected under 35 U.S.C. 103 as being unpatentable over Griffin (US 10615969 B1), hereinafter Griffin in view of Thomas et. al. (US 20100306538 A1), hereinafter Thomas, Libonate (US 20150312255 A1), hereinafter Libonate, Sidle (US 20110246773 A1), hereinafter Sidle and John et. al. (US 20190149527 A1), hereinafter John, and further in view of Niset (US 20150089230 A1), hereinafter Niset.

Regarding claim 5 (Currently Amended), Griffin in view of Thomas, Libonate, Sidle and John teaches the method of claim 3, 
Griffin in view of Thomas, Libonate, Sidle and John teaches do not disclose the below limitations.
Niset discloses wherein generating [[an]] at least the first  activation code comprises: generating a second nonce value using the first nonce value and the CID; generating the activation code using the second nonce value and the secret key (Niset illustrates in Figure 3 concatenating random numbers sequence r with a unique Identifier t included in the request, where the random numbers sequence r corresponds to the first nonce and the unique Identifier t corresponds to identifying the machine 30 corresponds to CID, and the result of the concatenation corresponds to the second nonce, then generating an HMAC result using the result of the concatenation, i.e. second nonce, and a secret key KHMAC, 
[0075] “The request 13 contains the number of random numbers that are requested (s in the figure) and a unique identifier tag number (t in the figure) that will be used to detect possible replay attacks and thus guarantee uniqueness. [0077] b. Upon receipt of the request 13, the HRNG 8 in device 10 will produce the random numbers sequence (r in the figure). Note that the random numbers can be generated at the time of the request, or be generated at an earlier time and stored in a buffer. [0078] c. The device 10 subsequently concatenates the random numbers sequence r with the unique tag t and calculates in block 50 its authentication code HMAC (r,t,K.sub.HMAC) using the machines secret key K.sub.HMAC 21. The HRNG device 10 then sends back to the agent 30 the random numbers sequence r in plaintext along with the resulting HMAC(r, t, K.sub.HMAC). [0079] d. Upon receipt of the random numbers sequence r and the HMAC (r,t,K.sub.HMAC), the agent 30 calculates the HMAC in block 51 of the random numbers sequence r with the unique identifier t using its secret key K.sub.HMAC 20. The results are compared in block 61. If the result corresponds to what was received, the machine can confirm authentication of the HRNG device 10, as well as integrity and uniqueness of the received public random numbers sequence...”,
Consistent with the nonce being a random number describe in the instant application in [0028-0029]).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Griffin in view of Thomas, Libonate, Sidle and John to incorporate the teaching of Niset to utilize the above feature, with the motivation of confirming authentication, integrity and uniqueness of the received public random numbers sequence, as recognized by (Niset [0075]).

Claim 12 (Currently Amended) is directed to a non-transitory computer-readable storage medium associated with the method claimed in claim 5. Claim 12 is similar in scope to claim 5, and are therefore rejected with the same rationale and motivation as claim 5.

Regarding claim 7 (Currently Amended), Griffin in view of Thomas, Libonate, Sidle, John and Niset teaches the method of claim 5, wherein generating the first activation code comprises generating a message authentication code (MAC) for the secret key (Griffin Figure 9 (924) Col. 17 line 38-40 and 48-59 “At 922, the HMAC key cryptogram 126 is decrypted by the key manager circuit 114 using the master key encryption key 122 to obtain the HMAC key 124…At 924, a seed 132 is generated by the key manager circuit 114 using the HMAC key 124 and the unique identifier 128. The seed 132 is generated by calling an HMAC function…”).

Claims 14 (Currently Amended) and 19 (Currently Amended) are directed to a non-transitory computer-readable storage medium and device, respectively, associated with the method claimed in claim 7. Claims 14 and 19 are similar in scope to claim 7, and are therefore rejected with the same rationale and motivation as claim 7. 
  
Regarding claim 8 (Currently Amended), Griffin in view of Thomas, Libonate, Sidle, John and Niset teaches the method of claim 7, wherein the MAC comprises a hash-based MAC (HMAC) and the generating the first activation code comprises using [the second nonce as the message and] the secret key as the message for the HMAC (Griffin Figure 9 (924) Col. 17 line 48-59 “At 924, a seed 132 is generated by the key manager circuit 114 using the HMAC key 124 and the unique identifier 128. The seed 132 is generated by calling an HMAC function…”, Figure 9 (924) illustrates the seed/activation code is generated by using HMAC function with the HMAC key 124 as a variable/message and ID as a variable/message).
  Griffin in view of Thomas, Libonate, Sidle, John do not disclose the second nonce. Emphasis below in Italic.
Niset discloses wherein the MAC comprises a hash-based MAC (HMAC) and the generating the activation code comprises using the second nonce as the message and the secret key as the message for the HMAC (Niset illustrates in Figure 3 concatenating random numbers sequence r with a unique Identifier t included in the request, where the random numbers sequence r corresponds to the first nonce and the unique Identifier t corresponds to identifying the machine 30 corresponds to CID, and the result of the concatenation corresponds so the second nonce, then generating an HMAC result using the result of the concatenation, i.e. second nonce, and a secret key KHMAC, 
[0075] “The request 13 contains the number of random numbers that are requested (s in the figure) and a unique identifier tag number (t in the figure) that will be used to detect possible replay attacks and thus guarantee uniqueness. [0077] b. Upon receipt of the request 13, the HRNG 8 in device 10 will produce the random numbers sequence (r in the figure). Note that the random numbers can be generated at the time of the request, or be generated at an earlier time and stored in a buffer. [0078] c. The device 10 subsequently concatenates the random numbers sequence r with the unique tag t and calculates in block 50 its authentication code HMAC (r,t,K.sub.HMAC) using the machines secret key K.sub.HMAC 21. The HRNG device 10 then sends back to the agent 30 the random numbers sequence r in plaintext along with the resulting HMAC(r, t, K.sub.HMAC). [0079] d. Upon receipt of the random numbers sequence r and the HMAC (r,t,K.sub.HMAC), the agent 30 calculates the HMAC in block 51 of the random numbers sequence r with the unique identifier t using its secret key K.sub.HMAC 20. The results are compared in block 61. If the result corresponds to what was received, the machine can confirm authentication of the HRNG device 10, as well as integrity and uniqueness of the received public random numbers sequence...”,
Consistent with the nonce being a random number describe in the instant application in [0028-0029]).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Griffin in view of Thomas to incorporate the teaching of Niset to utilize the above feature, with the motivation of confirming authentication, integrity and uniqueness of the received public random numbers sequence, as recognized by (Niset [0075]).

Regarding claim 17 (Currently Amended), Griffin in view of Thomas teaches the device of claim 16, 
Griffin does not teach the below limitation.
Thomas discloses device type as disclosed in claim 16. Rationale and motivation in claim 16 apply.
Griffin in view of Thomas do not disclose the below limitation.
Libonate discloses wherein the at least one parameter comprises a customer identifier (CID) (Libonate illustrates in Figure 1 a user device sending a request which includes a subscriber identifier, i.e. a customer identifier (CID)), 
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Griffin to incorporate the teaching of Libonate to utilize the above feature, with the motivation of associating the request with subscriber identifier and then a unique identifier instead of the device/customer identifier, which prevent tracking device/customer requests and activities, as recognized by (Libonate [0014]).
Griffin in view of Thomas and Libonate do not disclose the below limitations.
Sidle discloses request containing first nonce value (Sidle [0035-0040] “a request message 10a is generated by the client module 40 which includes the following data:… Nonce (used to detect replays)”).
 It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Griffin in view of Thomas, Libonate to incorporate the teaching of Sidle to utilize the above feature, with the motivation detecting replay attack (Sidle [0040]).
Griffin in view of Thomas, Libonate and Sidle do not disclose the below limitations.
John discloses request comprises date range (John [0066] “At step 402, the access device 102 may reside on the airplane and may transmit a key request message to the key management server 114, requesting a first key identifier and a first public key corresponding to a first private key. The access device 102 may include data that indicates the request time and the requested time by which to receive the first ephemeral public key and the key identifier. The request message may also include the number of requested public keys, the requested time to live on each of the requested public keys, and any other relevant request information.”, where the request includes a time to live duration, corresponding to data/time range/duration).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Griffin in view of Thomas, Libonate and Sidle to incorporate the teaching of John to utilize the above feature, with the motivation of ability to establish a successful connection between the access device and a remote computer during an connection intermittent environment., as recognized by (John Abstract [0064] and throughout).
Griffin in view of Libonate, Sidle and John teaches do not disclose the below limitations.
Niset discloses wherein the generation of the first the stored program logic further causing the processor to: generate generate (Niset illustrates in Figure 3 concatenating random numbers sequence r with a unique Identifier t included in the request, where the random numbers sequence r corresponds to the first nonce and the unique Identifier t corresponds to identifying the machine 30 corresponds to CID, and the result of the concatenation corresponds so the second nonce, then generating an HMAC result using the result of the concatenation, i.e. second nonce, and a secret key KHMAC, 
[0075] “The request 13 contains the number of random numbers that are requested (s in the figure) and a unique identifier tag number (t in the figure) that will be used to detect possible replay attacks and thus guarantee uniqueness. [0077] b. Upon receipt of the request 13, the HRNG 8 in device 10 will produce the random numbers sequence (r in the figure). Note that the random numbers can be generated at the time of the request, or be generated at an earlier time and stored in a buffer. [0078] c. The device 10 subsequently concatenates the random numbers sequence r with the unique tag t and calculates in block 50 its authentication code HMAC (r,t,K.sub.HMAC) using the machines secret key K.sub.HMAC 21. The HRNG device 10 then sends back to the agent 30 the random numbers sequence r in plaintext along with the resulting HMAC(r, t, K.sub.HMAC). [0079] d. Upon receipt of the random numbers sequence r and the HMAC (r,t,K.sub.HMAC), the agent 30 calculates the HMAC in block 51 of the random numbers sequence r with the unique identifier t using its secret key K.sub.HMAC 20. The results are compared in block 61. If the result corresponds to what was received, the machine can confirm authentication of the HRNG device 10, as well as integrity and uniqueness of the received public random numbers sequence...”,
Consistent with the nonce being a random number describe in the instant application in [0028-0029]).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Griffin to incorporate the teaching of Niset to utilize the above feature, with the motivation of confirming authentication, integrity and uniqueness of the received public random numbers sequence, as recognized by (Niset [0075]).
 
Claims 6, 13 and 18 are rejected under 35 U.S.C. 103 as being unpatentable over Griffin (US 10615969 B1), hereinafter Griffin in view of Thomas et. al. (US 20100306538 A1), hereinafter Thomas, Libonate (US 20150312255 A1), hereinafter Libonate, Sidle (US 20110246773 A1), hereinafter Sidle and John et. al. (US 20190149527 A1), hereinafter John, Niset (US 20150089230 A1), hereinafter Niset and further in view of Yavuz (US 20130326224 A1), hereinafter Yavuz.

Regarding claim 6 (Previously Presented), Griffin in view of Libonate, Sidle, John and Niset teaches the method of claim 5, 
Griffin in view of Thomas, Libonate, Sidle and John do not each the below limitations.
Niset discloses wherein generating the second nonce value comprises computing [a hash of] results of concatenating the first nonce value and the CID (Niset illustrates in Figure 3 concatenating random numbers sequence r with a unique Identifier t included in the request, where the random numbers sequence r corresponds to the first nonce and the unique Identifier t corresponds to identifying the machine 30 corresponds to CID, and the result of the concatenation corresponds so the second nonce, then generating an HMAC result using the result of the concatenation, i.e. second nonce, and a secret key KHMAC, 
[0075] “The request 13 contains the number of random numbers that are requested (s in the figure) and a unique identifier tag number (t in the figure) that will be used to detect possible replay attacks and thus guarantee uniqueness. [0077] b. Upon receipt of the request 13, the HRNG 8 in device 10 will produce the random numbers sequence (r in the figure). Note that the random numbers can be generated at the time of the request, or be generated at an earlier time and stored in a buffer. [0078] c. The device 10 subsequently concatenates the random numbers sequence r with the unique tag t and calculates in block 50 its authentication code HMAC (r,t,K.sub.HMAC) using the machines secret key K.sub.HMAC 21. The HRNG device 10 then sends back to the agent 30 the random numbers sequence r in plaintext along with the resulting HMAC(r, t, K.sub.HMAC). [0079] d. Upon receipt of the random numbers sequence r and the HMAC (r,t,K.sub.HMAC), the agent 30 calculates the HMAC in block 51 of the random numbers sequence r with the unique identifier t using its secret key K.sub.HMAC 20. The results are compared in block 61. If the result corresponds to what was received, the machine can confirm authentication of the HRNG device 10, as well as integrity and uniqueness of the received public random numbers sequence...”,
Consistent with the nonce being a random number describe in the instant application in [0028-0029]).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Griffin in view of Libonate, Sidle and John to incorporate the teaching of Niset to utilize the above feature, with the motivation of confirming authentication, integrity and uniqueness of the received public random numbers sequence, as recognized by (Niset [0075]).
Griffin in view of Thomas, Libonate, Sidle, John and Niset do not disclose the below limitations.
Yavuz discloses generating the second nonce value comprises computing a hash of the results of concatenating the first nonce value and the CID (Yavuz illustrates in Figure 5 (568) generation of the hash of a concatenation of a nonce and a device identifier, [0061] “generates a hash value for the concatenated random nonce and the device identifier of the sender, H(nonce.parallel.device ID) (block 568). ”).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Griffin in view of Libonate, Sidle, John and Niset to incorporate the teaching of Yavuz to utilize the above feature, with the motivation of taking advantage of hashing messages and inputs, e.g. security where an attacker cannot generate forged input data that produces the same hash, as recognized by (Yavuz [0015]).

Claims 13 (Previously Presented) and 18 (Currently Amended) are directed to a non-transitory computer-readable storage medium and device, respectively, associated with the method claimed in claim 6. Claims 13 and 18 are similar in scope to claim 6, and are therefore rejected with the same rationale and motivation as claim 6. 
  
Claims 9, 15 and 20 are rejected under 35 U.S.C. 103 as being unpatentable over Griffin (US 10615969 B1), hereinafter Griffin in view of Thomas et. al. (US 20100306538 A1), hereinafter Thomas, Libonate (US 20150312255 A1), hereinafter Libonate and further in view of Combs (US 10061932 B1), hereinafter Combs.

Regarding claim 9 (Currently amended), Griffin in view of Thomas teaches the method of claim 1, 
While Griffin in view of disclose the aforementioned limitations, where Griffin discloses returning the seed, i.e. activation code, to the remote database server, however Griffin in view of do not include transmitting, in addition to the seed, i.e. activation code includes, an identifier and a key. 
Combs discloses wherein returning the first activation code to the remote 23computing device further comprises returning a CID value and at least one customer authentication key (CAK) with the activation code (Combs discloses receiving a ciphertext object, which includes HMAC, i.e. activation code, and unique identifier, and cryptographic key, corresponding to authentication key,
Col. 5 line 41-52 “FIG. 2 illustrates an example XML encapsulation used to describe a ciphertext object in a file. The ciphertext object encoded in XML can include one or more pre-determined fields. As non-limiting examples, the XML schema can include fields for name, unique identifier, location, and ciphertext. Numerous other fields could be used as appropriate, in addition to or instead of those described above. As non-limiting examples, the ciphertext object can include other or additional parameters, such as packet version, role key unique identifier, role key version unique identifier, salt, initialization vector, and hash-based message authentication code (HMAC).”, Col. 16 line 21-33 “The decryption processor can receive the ciphertext object from the encryption processor or from any suitable permanent or temporary data store. In some embodiments, such as that depicted in FIG. 1, the decryption processor can be configured to request a corresponding decryption key from the key server. Alternatively, the recipient may receive the key from the key server, bypassing the decryption processor. In that architecture, the recipient could provide both the ciphertext object and the key to the decryption processor. In that embodiment, the key may be stored on a persistent secure storage device accessible to the recipient, such as a smart card. The key can then be used to decrypt the ciphertext object provided to the recipient.”).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Griffin in view of Thomas to incorporate the teaching of Combs to utilize the above feature, with the motivation of protecting sensitive data and securely copying data between application, as recognized by (Combs Abstract).

Claims 15 (Currently amended) and 20 (Currently amended) are directed to a non-transitory computer-readable storage medium and device, respectively, associated with the method claimed in claim 9. Claims 15 and 20 are similar in scope to claim 9, and is therefore rejected with the same rationale and motivation as claim 9.

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure:
Gesch (US 20190140896 A1) discloses a terminal device transmitting an activation request signal to a data communication network. The activation request signal can contain a selected device type, device ID information, and a public key obtained by the terminal device.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to BASSAM A NOAMAN whose telephone number is (571)272-2705. The examiner can normally be reached Monday-Friday 8:30 AM-5:00PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Eleni A. Shiferaw can be reached on (571) 272-3867. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/BASSAM A NOAMAN/Examiner, Art Unit 2497