ENCRYPTED INFORMATION SHARING WITH LIGHTWEIGHT DEVICES

DETAILED ACTION This action is in response to the remarks filed on November 11, 2025. Claims 1-20 are pending. Of such, claims 1-6 represent a system, claims 7-13 represent a method, and claims 14-20 represent a non-transitory computer readable medium directed to encrypted information sharing with lightweight devices. Notice of Pre-AIA or AIA Status The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . Response to Arguments Applicant's arguments filed November 11, 2025 have been fully considered but they are not persuasive. On page 1 of the Remarks, the applicant states that the structure of claim 1 contemplates an ongoing communication protocol where successive messages are encrypted and authenticated, not a one-time credential provisioning event as disclosed by the prior art, Le Saint. This argument is not persuasive. Claim 1 does not teach an ongoing communication protocol, rather teach receiving by a sender a public key and then transmitting to a recipient a payload consisting of an encrypted message, public key, and additional elements as disclosed in the claim. Additional correspondence between the recipient and sender are not disclosed and it is improper to import claim limitations from the specification. The prior art, Le Saint, does disclose the concept of receiving a public key and transmitting an encrypted message, public key, and message authentication code as disclosed in the limitations. On pages 2-3 of the Remarks, the applicant states the technical contexts of Le saint and Ginzboorg are fundamentally incompatible because Le Saint describes a client-server provisioning architecture while Ginzboorg discloses an on-going peer-to-peer communication system. This argument is not persuasive. Both Le Saint and Ginzboorg disclose the use of a message authentication code for verifying the integrity of the message sent. However, Le Saint fails to disclose the generation of the message authentication code with the message itself as an input. Ginzboorg (¶ 19) discloses the use of a message as an input to the message authentication code generation. In response to applicant’s argument that Le Saint and Ginzboorg are incompatible, the test for obviousness is not whether the features of a secondary reference may be bodily incorporated into the structure of the primary reference; nor is it that the claimed invention must be expressly suggested in any one or all of the references. Rather, the test is what the combined teachings of the references would have suggested to those of ordinary skill in the art. See In re Keller, 642 F.2d 413, 208 USPQ 871 (CCPA 1981). On page 4 of the Remarks, the applicant argues that the combination of Le Saint and Ginzboorg do not disclose the transmission of a MAC (message authentication code) to a recipient because the MAC according to Le Saint protects the provisioning message structure and not the encrypted credential data itself. This argument is not persuasive. Le Saint discloses the message authentication code protects the ciphered data (claimed message) when transmitting the data (Le Saint, ¶ 204). Further, Le Saint discloses the key itself is also distributed to the recipient that can be used to decrypt the response message, “The server public key can help the user device to derive the response session key that can be used to decrypt the response message.” (Le Saint ¶ 205.). Therefore, the MAC is used to protect the message itself, not just the message structure. Further, Claim 1 does not state that the MAC must protect the contents of the message, rather states the generation of a MAC and further the transmission of the MAC to the recipient. On page 4 of the Remarks, the applicant states Bhattacharyya fails to disclose the claim “a hash function applied to a combination of the public key and the private key” because Bhattacharyya relies on a Diffie-Hellman key exchange protocol to produce a shared secret used when creating the symmetric key. This argument is not persuasive. The applicant discloses in their specification (¶¶ 26 and 40) the use of the Diffie-Hellman key exchange protocol when deriving a symmetric key. Further, Le Saint discloses the use of the public and private key when generating the symmetric key. Bhattacharyya is only introduced to support Le Saint with respect to the hash function when generating the symmetric key. Claim Rejections - 35 USC § 103 In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis (i.e., changing from AIA to pre-AIA ) for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status. The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action: A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made. Claims 1-20 are rejected under 35 U.S.C. 103 as being unpatentable over Le Saint et al. (US 20160218875), hereinafter referred to as Le Saint, in view of Bhattacharyya et al. (US 20200252396), hereinafter referred to as Bhattacharyya, in further view of Ginzboorg et al. (US 20140019763), hereinafter referred to as Ginzboorg. Regarding Claim 1, Le Saint discloses: A system comprising: a memory; and a processor (In ¶ 86, Le Saint discloses “Server computer 300 may include a processor 301 communicatively coupled to a network interface 302, a memory 303, a computer readable medium 310, and optionally, a secure element 304.”) configured to: receive, by a sender, a public key of a recipient (In ¶ 12, Le Saint discloses “A server computer can receive a provisioning request message from a user device including a one-time user public key.”); generate, by the sender, a symmetric key using the public key of the recipient and a private key of the sender as inputs to a key generation algorithm (In ¶ 12, Le Saint discloses “A response shared secret can be generated using a static server private key and the one-time user public key.” And further in ¶ 83 discloses “Encryption module 212 may be further configured to derive a session key or storage protection key from a shared secret, such as using a key derivation function (KDF).”), encrypt, by the sender, a message using the symmetric key to generate an encrypted message (In ¶ 12, Le Saint discloses “The provisioning response message can be encrypted using the response session key to generate encrypted provisioning response message, wherein the provisioning response message includes the encrypted credential data.”); and transmit, by the sender, a second public key of the sender, the MAC, and the encrypted message to the recipient in a response, the second public key of the sender corresponding to the private key of the sender (In ¶ 205, Le Saint discloses “The provisioning response message 1210 corresponding to the provisioning request message 1202 may also include three data portions: a clear text portion 1212, a cipher text portion 1214, and a MAC 1216. The clear text portion 1212 can include a server public key (that may be blinded in some embodiments) and encrypted credential data 1218.”). However, Le Saint does not explicitly disclose the hash function to generate the symmetric key. Bhattacharyya discloses: the key generation algorithm comprising a hash function applied to a combination of the public key and the private key (In ¶ 47, Bhattacharyya discloses “At block 410, the device derives a symmetric cryptographic key from the shared secret using a key derivation algorithm, cryptographic hash, or one-way function.”) One in ordinary skill in the art of cryptography would have been motivated, before the effective filing date of the claimed invention to modify Le Saint’s approach by utilizing Bhattacharyya’s approach of hash based key generation as the motivation would be that the receiver would be able to perform a key derivation function to derive the symmetric key used to decrypt the message (See Bhattacharyya, ¶ 57). However, Le Saint does not explicitly disclose the generation of the Message Authentication Code using the encrypted message and key as inputs. Ginzboorg discloses: generate a message authentication code (MAC) using the symmetric key and the encrypted message as inputs to a MAC generation function (In ¶ 19, Ginzboorg discloses “At step 206, the sender creates a message authentication code, suitably using a cryptographic process using the message and message identifier as inputs, and using the shared key K.” and further in ¶ 12 “The MAC is the output of a cryptographic function, suitably a one-way function, keyed with a key K shared among members of the group 104.”); One in ordinary skill in the art of cryptography would have been motivated, before the effective filing date of the claimed invention to modify Le Saint’s approach by utilizing Ginzboorg’s approach of message authentication code generation as the motivation would be that the receiver would be able to authenticate the message and verify that it has arrived from the proper sender (See Ginzboorg, ¶ 10). Regarding Claim 2, the combination of Le Saint, Bhattacharyya, and Ginzboorg disclose: The system of claim 1, wherein the public key of the recipient comprises an elliptic curve cryptography (ECC) public key and the second public key of the sender comprises a second ECC public key (In ¶ 36, Le Saint discloses “Public and private keys may be in any suitable format, including those based on RSA or elliptic curve cryptography (ECC).”). Regarding Claim 3, the combination of Le Saint, Bhattacharyya, and Ginzboorg disclose: The system of claim 1, wherein generating the symmetric key comprises generating the symmetric key using the public key of the recipient and a private key of the sender (In ¶ 12, Le Saint discloses “A response shared secret can be generated using a static server private key and the one-time user public key.”), the private key of the sender corresponding to the second public key (In ¶ 14, Le Saint discloses “The provisioning response message can include a blinded static server public key corresponding to the static server private key.”) Regarding Claim 4, the combination of Le Saint, Bhattacharyya, and Ginzboorg disclose: The system of claim 3, further comprising a second processor configured to: re-calculate a second symmetric key using a private key of the recipient and the second public key (In ¶ 122, Le Saint discloses “ In some embodiments, the response shared secret may be generated from the user private key and the blinded static server public key using any suitable method, such as ECDH” and further in ¶ 124 “ At block 510, a response session key is determined using the response shared secret and other suitable supplementary data such as key derivation data, if any”); and decrypting the encrypted message using the second symmetric key (In ¶ 126, Le saint discloses “the provisioning response message is decrypted using the response session key to obtain response data.)” Regarding Claim 5, the combination of Le Saint, Bhattacharyya, and Ginzboorg disclose the limitations of Claim 1. However, Le Saint does not explicitly disclose the encryption and signing of the keys. Bhattacharyya discloses: encrypt, by the sender, the symmetric key using the public key of the recipient to generate an encrypted symmetric key (In ¶ 89, Bhattacharyya discloses “using the symmetric key to encrypt the data object, and encrypting the symmetric key using the public key, where the encrypted symmetric key is provided to a system with the encrypted data object to enable the system to use the corresponding private key to decrypt the symmetric key”); sign, by the sender, the symmetric key using a private key of the sender to generate a digital signature (In ¶ 48, Bhattacharyya discloses “In some implementations the registered device requests a digital certificate from the particular network entity, confirms a digital signature generated with a private key corresponding to a public key included with the digital certificate, and confirms that the digital certificate is signed by a certificate authority (“CA”) trusted by the registered device.”); and transmit the digital signature and the encrypted symmetric key to the recipient along with the second public key of the sender and the encrypted message (In ¶ 89, Bhattacharyya discloses “where the encrypted symmetric key is provided to a system with the encrypted data object to enable the system to use the corresponding private key to decrypt the symmetric key and use the decrypted symmetric key to decrypt the data object. Further, in some embodiments, the data object is digitally signed using a private key of a public/private key pair corresponding to the computer system that encrypts and/or digitally signs the data object (e.g., a user device).”). One in ordinary skill in the art of cryptography would have been motivated, before the effective filing date of the claimed invention to modify Le Saint’s approach by utilizing Bhattacharyya’s approach of digital signatures and encryption as the motivation would be that the digital signature would provide additional verification steps to ensure the communication (See Bhattacharyya, ¶ 89). Regarding Claim 6, the combination of Le Saint, Bhattacharyya, and Ginzboorg disclose the limitations of Claim 5. However, Le Saint does not explicitly disclose the encryption and signing of the keys. Bhattacharyya discloses: The system of claim 5, further comprising a second processor configured to: validate the digital signature using the second public key of the sender (In ¶ 49, Bhattacharyya discloses “In other examples, the birth certificate is verified by confirming a digital signature provided by the device with a public key provided by the device manufacturer.”); decrypt the encrypted symmetric key using a private key of the recipient to obtain a decrypted symmetric key; and decrypt the encrypted message using the decrypted symmetric key (In ¶ 89, Bhattacharyya discloses “where the encrypted symmetric key is provided to a system with the encrypted data object to enable the system to use the corresponding private key to decrypt the symmetric key and use the decrypted symmetric key to decrypt the data object. Further, in some embodiments, the data object is digitally signed using a private key of a public/private key pair corresponding to the computer system that encrypts and/or digitally signs the data object (e.g., a user device).”). One in ordinary skill in the art of cryptography would have been motivated, before the effective filing date of the claimed invention to modify Le Saint’s approach by utilizing Bhattacharyya’s approach of digital signatures and encryption as the motivation would be that the digital signature would provide additional verification steps to ensure the communication (See Bhattacharyya, ¶ 89). Regarding Claim 7, Le Saint discloses: A method comprising: receiving a public key of a recipient (In ¶ 12, Le Saint discloses “A server computer can receive a provisioning request message from a user device including a one-time user public key.”); generating, by a sender, a symmetric key using the public key of the recipient and a private key of the sender as inputs to a key generation algorithm (In ¶ 12, Le Saint discloses “A response shared secret can be generated using a static server private key and the one-time user public key.” And further in ¶ 83 discloses “Encryption module 212 may be further configured to derive a session key or storage protection key from a shared secret, such as using a key derivation function (KDF).”), encrypting, by a sender, a message using the symmetric key to generate an encrypted message (In ¶ 12, Le Saint discloses “The provisioning response message can be encrypted using the response session key to generate encrypted provisioning response message, wherein the provisioning response message includes the encrypted credential data.”); and transmitting a second public key of the sender, the MAC, and the encrypted message to the recipient in a response, the second public key of the sender corresponding to the private key of the sender (In ¶ 205, Le Saint discloses “The provisioning response message 1210 corresponding to the provisioning request message 1202 may also include three data portions: a clear text portion 1212, a cipher text portion 1214, and a MAC 1216. The clear text portion 1212 can include a server public key (that may be blinded in some embodiments) and encrypted credential data 1218.”). However, Le Saint does not explicitly disclose the hash function to generate the symmetric key. Bhattacharyya discloses: the key generation algorithm comprising a hash function applied to a combination of the public key and the private key (In ¶ 47, Bhattacharyya discloses “At block 410, the device derives a symmetric cryptographic key from the shared secret using a key derivation algorithm, cryptographic hash, or one-way function.”) One in ordinary skill in the art of cryptography would have been motivated, before the effective filing date of the claimed invention to modify Le Saint’s approach by utilizing Bhattacharyya’s approach of hash based key generation as the motivation would be that the receiver would be able to perform a key derivation function to derive the symmetric key used to decrypt the message (See Bhattacharyya, ¶ 57). However, Le Saint does not explicitly disclose the generation of the Message Authentication Code using the encrypted message and key as inputs. Ginzboorg discloses: generating, by the sender, a message authentication code (MAC) using the symmetric key and the encrypted message as inputs to a MAC generation function (In ¶ 19, Ginzboorg discloses “At step 206, the sender creates a message authentication code, suitably using a cryptographic process using the message and message identifier as inputs, and using the shared key K.” and further in ¶ 12 “The MAC is the output of a cryptographic function, suitably a one-way function, keyed with a key K shared among members of the group 104.”); One in ordinary skill in the art of cryptography would have been motivated, before the effective filing date of the claimed invention to modify Le Saint’s approach by utilizing Ginzboorg’s approach of message authentication code generation as the motivation would be that the receiver would be able to authenticate the message and verify that it has arrived from the proper sender (See Ginzboorg, ¶ 10). Regarding Claim 8, the combination of Le Saint, Bhattacharyya, and Ginzboorg disclose: The method of claim 7, wherein the public key of the recipient comprises an elliptic curve cryptography (ECC) public key and the second public key of the sender comprises a second ECC public key (In ¶ 36, Le Saint discloses “Public and private keys may be in any suitable format, including those based on RSA or elliptic curve cryptography (ECC).”). Regarding Claim 9, the combination of Le Saint, Bhattacharyya, and Ginzboorg disclose: The method of claim 8, wherein generating the symmetric key comprises generating the symmetric key using the public key of the recipient and a private key of the sender (In ¶ 12, Le Saint discloses “A response shared secret can be generated using a static server private key and the one-time user public key.”), the private key of the sender corresponding to the second public key (In ¶ 14, Le Saint discloses “The provisioning response message can include a blinded static server public key corresponding to the static server private key.”) Regarding Claim 10, the combination of Le Saint, Bhattacharyya, and Ginzboorg disclose: The method of claim 9, further comprising: re-calculating, by the recipient, a second symmetric key using a private key of the recipient and the second public key (In ¶ 122, Le Saint discloses “ In some embodiments, the response shared secret may be generated from the user private key and the blinded static server public key using any suitable method, such as ECDH” and further in ¶ 124 “ At block 510, a response session key is determined using the response shared secret and other suitable supplementary data such as key derivation data, if any”); and decrypting the encrypted message using the second symmetric key (In ¶ 126, Le saint discloses “the provisioning response message is decrypted using the response session key to obtain response data.)” Regarding Claim 11, the combination of Le Saint, Bhattacharyya, and Ginzboorg disclose the limitations of Claim 7 However, Le Saint does not explicitly disclose the encryption and signing of the keys. Bhattacharyya discloses: further comprising: encrypting, by the sender, the symmetric key using the public key of the recipient to generate an encrypted symmetric key (In ¶ 89, Bhattacharyya discloses “using the symmetric key to encrypt the data object, and encrypting the symmetric key using the public key, where the encrypted symmetric key is provided to a system with the encrypted data object to enable the system to use the corresponding private key to decrypt the symmetric key”); signing, by the sender, the symmetric key using a private key of the sender to generate a digital signature (In ¶ 48, Bhattacharyya discloses “In some implementations the registered device requests a digital certificate from the particular network entity, confirms a digital signature generated with a private key corresponding to a public key included with the digital certificate, and confirms that the digital certificate is signed by a certificate authority (“CA”) trusted by the registered device.”); and transmitting the digital signature and the encrypted symmetric key to the recipient along with the second public key of the sender and the encrypted message (In ¶ 89, Bhattacharyya discloses “where the encrypted symmetric key is provided to a system with the encrypted data object to enable the system to use the corresponding private key to decrypt the symmetric key and use the decrypted symmetric key to decrypt the data object. Further, in some embodiments, the data object is digitally signed using a private key of a public/private key pair corresponding to the computer system that encrypts and/or digitally signs the data object (e.g., a user device).”). One in ordinary skill in the art of cryptography would have been motivated, before the effective filing date of the claimed invention to modify Le Saint’s approach by utilizing Bhattacharyya’s approach of digital signatures and encryption as the motivation would be that the digital signature would provide additional verification steps to ensure the communication (See Bhattacharyya, ¶ 89). Regarding Claim 12, the combination of Le Saint, Bhattacharyya, and Ginzboorg disclose the limitations of Claim 11. However, Le Saint does not explicitly disclose the encryption and signing of the keys. Bhattacharyya discloses: further comprising: validating the digital signature using the second public key of the sender(In ¶ 49, Bhattacharyya discloses “In other examples, the birth certificate is verified by confirming a digital signature provided by the device with a public key provided by the device manufacturer.”);; decrypting the encrypted symmetric key using a private key of the recipient to obtain a decrypted symmetric key and decrypting the encrypted message using the decrypted symmetric key(In ¶ 89, Bhattacharyya discloses “where the encrypted symmetric key is provided to a system with the encrypted data object to enable the system to use the corresponding private key to decrypt the symmetric key and use the decrypted symmetric key to decrypt the data object. Further, in some embodiments, the data object is digitally signed using a private key of a public/private key pair corresponding to the computer system that encrypts and/or digitally signs the data object (e.g., a user device).”). One in ordinary skill in the art of cryptography would have been motivated, before the effective filing date of the claimed invention to modify Le Saint’s approach by utilizing Bhattacharyya’s approach of digital signatures and encryption as the motivation would be that the digital signature would provide additional verification steps to ensure the communication (See Bhattacharyya, ¶ 89). Regarding Claim 13, the combination of Le Saint, Bhattacharyya, and Ginzboorg disclose: The method of claim 7, further comprising generating a message authentication code (MAC) using the symmetric key (In ¶ 204, Le Saint discloses “The MAC 1222 may be generated using the same key or a different key than the key used to generate the cipher text.”) and transmitting the MAC to the recipient along with the second public key of the sender and the encrypted message (In ¶ 205, Le Saint discloses “The provisioning response message 1210 corresponding to the provisioning request message 1202 may also include three data portions: a clear text portion 1212, a cipher text portion 1214, and a MAC 1216. The clear text portion 1212 can include a server public key (that may be blinded in some embodiments) and encrypted credential data 1218.”). Regarding Claim 14, Le Saint discloses: A non-transitory computer-readable storage medium for tangibly storing computer program instructions capable of being executed by a computer processor, the computer program instructions defining steps of (In ¶ 222, Le Saint discloses “It should be understood that any of the embodiments of the present invention can be implemented in the form of control logic using hardware (e.g. an application specific integrated circuit or field programmable gate array) and/or using computer software with a generally programmable processor in a modular or integrated manner.”): receiving a public key of a recipient (In ¶ 12, Le Saint discloses “A server computer can receive a provisioning request message from a user device including a one-time user public key.”); generating, by a sender, a symmetric key using the public key of the recipient and a private key of the sender as inputs to a key generation algorithm (In ¶ 12, Le Saint discloses “A response shared secret can be generated using a static server private key and the one-time user public key.” And further in ¶ 83 discloses “Encryption module 212 may be further configured to derive a session key or storage protection key from a shared secret, such as using a key derivation function (KDF).”); encrypting, by a sender, a message using the symmetric key to generate an encrypted message (In ¶ 12, Le Saint discloses “The provisioning response message can be encrypted using the response session key to generate encrypted provisioning response message, wherein the provisioning response message includes the encrypted credential data.”); and transmitting a second public key of the sender, the MAC, and the encrypted message to the recipient in a response, the second public key of the sender corresponding to the private key of the sender (In ¶ 205, Le Saint discloses “The provisioning response message 1210 corresponding to the provisioning request message 1202 may also include three data portions: a clear text portion 1212, a cipher text portion 1214, and a MAC 1216. The clear text portion 1212 can include a server public key (that may be blinded in some embodiments) and encrypted credential data 1218.”). However, Le Saint does not explicitly disclose the hash function to generate the symmetric key. Bhattacharyya discloses: the key generation algorithm comprising a hash function applied to a combination of the public key and the private key (In ¶ 47, Bhattacharyya discloses “At block 410, the device derives a symmetric cryptographic key from the shared secret using a key derivation algorithm, cryptographic hash, or one-way function.”) One in ordinary skill in the art of cryptography would have been motivated, before the effective filing date of the claimed invention to modify Le Saint’s approach by utilizing Bhattacharyya’s approach of hash based key generation as the motivation would be that the receiver would be able to perform a key derivation function to derive the symmetric key used to decrypt the message (See Bhattacharyya, ¶ 57). However, Le Saint does not explicitly disclose the generation of the Message Authentication Code using the encrypted message and key as inputs. Ginzboorg discloses: generating, a message authentication code (MAC) using the symmetric key and the encrypted message as inputs to a MAC generation function (In ¶ 19, Ginzboorg discloses “At step 206, the sender creates a message authentication code, suitably using a cryptographic process using the message and message identifier as inputs, and using the shared key K.” and further in ¶ 12 “The MAC is the output of a cryptographic function, suitably a one-way function, keyed with a key K shared among members of the group 104.”); One in ordinary skill in the art of cryptography would have been motivated, before the effective filing date of the claimed invention to modify Le Saint’s approach by utilizing Ginzboorg’s approach of message authentication code generation as the motivation would be that the receiver would be able to authenticate the message and verify that it has arrived from the proper sender (See Ginzboorg, ¶ 10). Regarding Claim 15, the combination of Le Saint, Bhattacharyya, and Ginzboorg disclose: The non-transitory computer-readable storage medium of claim 14, wherein the public key of the recipient comprises an ECC public key and the second public key of the sender comprises a second ECC public key. (In ¶ 36, Le Saint discloses “Public and private keys may be in any suitable format, including those based on RSA or elliptic curve cryptography (ECC).”). Regarding Claim 16, the combination of Le Saint, Bhattacharyya, and Ginzboorg disclose: The non-transitory computer-readable storage medium of claim 15, wherein generating the symmetric key comprises generating the symmetric key using the public key of the recipient and a private key of the sender (In ¶ 12, Le Saint discloses “A response shared secret can be generated using a static server private key and the one-time user public key.”), the private key of the sender corresponding to the second public key (In ¶ 14, Le Saint discloses “The provisioning response message can include a blinded static server public key corresponding to the static server private key.”) Regarding Claim 17, the combination of Le Saint, Bhattacharyya, and Ginzboorg disclose: The non-transitory computer-readable storage medium of claim 16, the steps further comprising: re-calculating, by the recipient, a second symmetric key using a private key of the recipient and the second public key (In ¶ 122, Le Saint discloses “ In some embodiments, the response shared secret may be generated from the user private key and the blinded static server public key using any suitable method, such as ECDH” and further in ¶ 124 “ At block 510, a response session key is determined using the response shared secret and other suitable supplementary data such as key derivation data, if any”); and decrypting the encrypted message using the second symmetric key (In ¶ 126, Le saint discloses “the provisioning response message is decrypted using the response session key to obtain response data.)” Regarding Claim 18, the combination of Le Saint, Bhattacharyya, and Ginzboorg disclose the limitations of Claim 14 However, Le Saint does not explicitly disclose the encryption and signing of the keys. Bhattacharyya discloses: The non-transitory computer-readable storage medium of claim 14, the steps further comprising: encrypting, by the sender, the symmetric key using the public key of the recipient to generate an encrypted symmetric key (In ¶ 89, Bhattacharyya discloses “using the symmetric key to encrypt the data object, and encrypting the symmetric key using the public key, where the encrypted symmetric key is provided to a system with the encrypted data object to enable the system to use the corresponding private key to decrypt the symmetric key”); signing, by the sender, the symmetric key using a private key of the sender to generate a digital signature (In ¶ 48, Bhattacharyya discloses “In some implementations the registered device requests a digital certificate from the particular network entity, confirms a digital signature generated with a private key corresponding to a public key included with the digital certificate, and confirms that the digital certificate is signed by a certificate authority (“CA”) trusted by the registered device.”); and transmitting the digital signature and the encrypted symmetric key to the recipient along with the second public key of the sender and the encrypted message (In ¶ 89, Bhattacharyya discloses “where the encrypted symmetric key is provided to a system with the encrypted data object to enable the system to use the corresponding private key to decrypt the symmetric key and use the decrypted symmetric key to decrypt the data object. Further, in some embodiments, the data object is digitally signed using a private key of a public/private key pair corresponding to the computer system that encrypts and/or digitally signs the data object (e.g., a user device).”). One in ordinary skill in the art of cryptography would have been motivated, before the effective filing date of the claimed invention to modify Le Saint’s approach by utilizing Bhattacharyya’s approach of digital signatures and encryption as the motivation would be that the digital signature would provide additional verification steps to ensure the communication (See Bhattacharyya, ¶ 89). Regarding Claim 19, the combination of Le Saint, Bhattacharyya, and Ginzboorg disclose the limitations of Claim 18. However, Le Saint does not explicitly disclose the encryption and signing of the keys. Bhattacharyya discloses: The non-transitory computer-readable storage medium of claim 18, the steps further comprising: validating the digital signature using the second public key of the sender (In ¶ 49, Bhattacharyya discloses “In other examples, the birth certificate is verified by confirming a digital signature provided by the device with a public key provided by the device manufacturer.”);; decrypting the encrypted symmetric key using a private key of the recipient to obtain a decrypted symmetric key; and decrypting the encrypted message using the decrypted symmetric key (In ¶ 89, Bhattacharyya discloses “where the encrypted symmetric key is provided to a system with the encrypted data object to enable the system to use the corresponding private key to decrypt the symmetric key and use the decrypted symmetric key to decrypt the data object. Further, in some embodiments, the data object is digitally signed using a private key of a public/private key pair corresponding to the computer system that encrypts and/or digitally signs the data object (e.g., a user device).”). One in ordinary skill in the art of cryptography would have been motivated, before the effective filing date of the claimed invention to modify Le Saint’s approach by utilizing Bhattacharyya’s approach of digital signatures and encryption as the motivation would be that the digital signature would provide additional verification steps to ensure the communication (See Bhattacharyya, ¶ 89). Regarding Claim 20, the combination of Le Saint, Bhattacharyya, and Ginzboorg disclose: The non-transitory computer-readable storage medium of claim 14, the steps further comprising generating a message authentication code (MAC) using the symmetric key (In ¶ 204, Le Saint discloses “The MAC 1222 may be generated using the same key or a different key than the key used to generate the cipher text.”) and transmitting the MAC to the recipient along with the second public key of the sender and the encrypted message. (In ¶ 205, Le Saint discloses “The provisioning response message 1210 corresponding to the provisioning request message 1202 may also include three data portions: a clear text portion 1212, a cipher text portion 1214, and a MAC 1216. The clear text portion 1212 can include a server public key (that may be blinded in some embodiments) and encrypted credential data 1218.”). Conclusion The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. Yamada, Atsushi (US 9912479) discloses a key encapsulation method using a symmetric key when generating an encrypted message to transmit. THIS ACTION IS MADE FINAL. Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a). A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any nonprovisional extension fee (37 CFR 1.17(a)) pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. Any inquiry concerning this communication or earlier communications from the examiner should be directed to SHADI H KOBROSLI whose telephone number is (571)272-1952. The examiner can normally be reached M-F 9am-5pm ET. Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Rupal Dharia can be reached at 571-272-3880. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. /SHADI H KOBROSLI/Examiner, Art Unit 2492 /RUPAL DHARIA/Supervisory Patent Examiner, Art Unit 2492