DETAILED ACTION
In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis (i.e., changing from AIA to pre-AIA ) for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
This Office Action is in response to the communication filed on 10/21/2025.
Claims 1-18 and 20-21 are pending for consideration.
Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Response to Arguments
Applicant’s arguments, see Remarks page 2 “The claim as a whole is directed at an improved system for pairing key management that solves specific technical problems in the field of computer security”, filed 10/21/2025, with respect to claim 21 have been fully considered and are persuasive. The 35 USC § 101 of claim 21 has been withdrawn.
Applicant's arguments filed 10/21/2025, with respect to claims 1 and 12 have been fully considered but they are not persuasive. In response to applicant’s argument that there is no teaching, suggestion, or motivation to combine the references, the examiner recognizes that obviousness may be established by combining or modifying the teachings of the prior art to produce the claimed invention where there is some teaching, suggestion, or motivation to do so found either in the references themselves or in the knowledge generally available to one of ordinary skill in the art. See In re Fine, 837 F.2d 1071, 5 USPQ2d 1596 (Fed. Cir. 1988), In re Jones, 958 F.2d 347, 21 USPQ2d 1941 (Fed. Cir. 1992), and KSR International Co. v. Teleflex, Inc., 550 U.S. 398, 82 USPQ2d 1385 (2007). In this case, Applicant argues that the combination of Amiel, in view of Kumar, and in further view of Peddada does not teach “receiving, by a first circuit of a device, a first identifier from a second circuit of the device, the first identifier being an identifier of the second circuit” of claim 1, because the motivation to combine the arts would “increase the risk of key manipulation or leakage" as defined by Kumar. Examiner disagrees. The key derivation of Kumar is based on both the entity ID and the device generated key (Kumar: see Page 1 paragraph 0016 lines 5-7, " For example, a derived base key may be generated based on a combination of a device generated key and entity ID information". The "no entity knows of the contents of the device generated key" refers to the device generated key (Kumar: Page 1 paragraph 0018 lines 4-10, "The device generated key does not need to be provided by any entity (e.g., not provided by the first entity that manufactures a circuit associated with the OTP memory or by the second entity that manufactures the device) and instead may be randomly generated by the circuit or a device that incorporates the circuit and subsequently stored in the OTP memory"; Page 2 paragraph 0025 lines 4-6, "The key deriver 111 may derive the separate base keys based on a device generated key that is not provided by any other entity; "), not the entity ID that is based on the device requesting generation of the derived base key (Kumar: Page 2 paragraph 0018/ lines 1-3, "In some embodiments, the entity IDs may correspond to an identification associated with an entity that is requesting the generation of a derived base key"; Page 6 paragraph 0053 lines 1-6, " As shown in FIG. 7B, the method 780 may begin with the processing logic receiving a request to generate a derived base key (block 781). The processing logic may further identify an entity ID associated with the request (block 782). For example, in some embodiments, the request to generate a derived base key may include an entity ID"). Therefore, the "no external knowledge" component of Kumar's key derivation input is preserved when combined with Amiel's distribution model. The identifier received as input from Amiel would allow the derived base key to be generated.
Applicant’s arguments, see Applicant’s Remarks page 9 “Yoon’s transmitting terminal and receiving terminal are separate devices communicating over a network, not two circuits within the same device, as required in claim 21”, filed 10/21/2025, with respect to the rejection of claim 21 under 35 USC § 103 have been fully considered and are persuasive. Therefore, the rejection has been withdrawn. However, upon further consideration, a new grounds of rejection is made in view of Peddada as applied to claims 1-18 and 20, in view of Murray et al. (U.S. 10,326,797)(hereinafter Murray), and in further view of Yoon et al. (US 9,379,891)(hereinafter Yoon).
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
Claims 1-3, 9-10, 12, and 17-18 are rejected under 35 U.S.C. 103 as being unpatentable over Amiel et al. (US 2013/0291084)(hereinafter Amiel) in view of Kumar (US 2015/0312036)(hereinafter Kumar) and in further view of Peddada et al. (US 11,258,617)(hereinafter Peddada).
Regarding claim 1, Amiel teaches receiving, by a first circuit of a device (Amiel: see Page 2 paragraph 0033, “The phone 14, as host device, may accommodate a plurality of secure elements. For example, the phone 14 is coupled to, besides to the ESE 12, at least one SIM type card (not represented), such as a SIM card, a UICC (acronym for Universal Integrated Circuit Card) card, a CSIM (for CDMA Subscriber Identity Module) card, a USIM (for Universal Subscriber Identity Module) card, a RUIM (for Removable User Identification Module) card, a ISIM (for Internet protocol multimedia Services Identity Module) card and/or the like”), a first identifier (Amiel: see Page 3 paragraph 0074, “According to the invention, the message(s) to be sent by the ESE 12 includes at least the identifier of the ESE 12, as secure element identifier and content of the message(s)”) from a second circuit of the device(Amiel: see Page 2 paragraph 0036 lines 1-3, The phone 14 is preferably equipped with an Near Field Communication (or NFC) chip (not represented) and a second antenna 144; Page 2 paragraphs 0040-0041, The ESE 12, as secure element, is preferably coupled to the NFC chip. The secure element may be a portable device and, as such, be removed from the phone 14 and coupled to another host computer, such as another mobile telephone), the first identifier being an identifier of the second circuit (Amiel: see Page 1 paragraph 0020, “According to the invention, a first device being coupled to a secure element, the system comprises the first device, the secure element and at least one other device. The secure element is adapted to send to the first device a secure element identifier”);
However, Amiel fails to teach generating, by the first circuit, at least one key based on the first identifier, a second identifier of the first circuit and a first key; storing, by the first circuit, the at least one key in a memory of the device; transmitting, by the first circuit, the at least one key to the second circuit; and removing, by the first circuit, the at least one key from the memory, wherein the at least one key is generated by the first circuit in response to a request for communication from the second circuit, and wherein the first circuit executes one or more cryptographic operations based on the at least one key.
Nevertheless, Kumar-which is in the same field of endeavor teaches generating, by the first circuit, at least one key based on the first identifier, a second identifier of the first circuit and a first key (Kumar: paragraph 0053, “However, if the processing logic determines that the entity ID associated with the request does match an entity ID stored in the memory, then the processing logic may generate a derived base key based on the entity ID and the device generated key that are stored in the memory (block 785)”);
transmitting, by the first circuit, the at least one key to the second circuit (Kumar: see paragraph 0053, “Furthermore, the processing logic may transmit the derived base key (block 786)”);
wherein the first circuit executes one or more cryptographic operations based on the at least one key (Kumar: see paragraph 0036, “For example, the one-way function may generate and output the derived base key 442 from a combination of the device generated key 411 and the entity ID 412 in response to the key request 441. The one-way function component 440 may include a key tree component to protect the generation or creation of the derived base key 442 by the key tree component from external monitoring attacks such as differential power analysis (DPA) or other such unauthorized attacks that may attempt to gather information that is correlated to the internal operations of a device including the key deriver 420. An example function of the key tree component may include, but is not limited to, a cryptographic hash function”).
Amiel and Kumar fail to teach storing, by the first circuit, the at least one key in a memory of the device, removing, by the first circuit, the at least one key from the memory, and wherein the at least one key is generated by the first circuit in response to a request for communication from the second circuit.
Nevertheless, Peddada-who is in the same field of endeavor- teaches storing, by the first circuit, the at least one key in a memory of the device (Peddada: see Col 14 lines 6-9, “In some examples, the key storage component 765 may be configured as or otherwise support a means for storing the first portion of the split private key in association with the client public key”);
removing, by the first circuit, the at least one key from the memory (Peddada: see Col 14 lines 25-30, “In some examples, the key deletion component 795 may be configured as or otherwise support a means for erasing the short-lived private key from memory in response to generating the symmetric key using the short-lived private key, the erasing resulting in the respective short-lived private key being a one-time use key”),
wherein the at least one key is generated by the first circuit in response to a request for communication from the second circuit (Peddada: see Col 22 lines 38-40, “generating a first key pair including the client public key and a private key based at least in part on receiving the certificate request”).
Amiel, Kumar, and Peddada are analogous art because they are from the same field of endeavor, generation and distribution of cryptographic keys. Before the effective filing date of the claimed invention, it would have been obvious to one of ordinary skill in the art, having the teachings of Amiel, Kumar and Peddada to utilize Amiel’s method for sending a device identifier to another device with Kumar’s method for generating multiple base keys based on a unique device identifier and Peddada’s method for storing and removing the key to generate and transmit keys at the request of a device. The suggestion/motivation for doing so would be to minimize key manipulation or leakage.
Regarding claim 12, claim 12 is drawn to the product corresponding to the method same as claimed in claim 1. Therefore, product claim 12 corresponds to method claim 1, and is rejected for the same reasons of motivation/combination of references as used above.
Regarding claim 2, Amiel, Kumar, and Peddada teach suppressing the first identifier from the memory of the device (Peddada: see Col 14 lines 25-30, “In some examples, the key deletion component 795 may be configured as or otherwise support a means for erasing the short-lived private key from memory in response to generating the symmetric key using the short-lived private key, the erasing resulting in the respective short-lived private key being a one-time use key”), and newly generating the at least one key after newly receiving, by the first circuit, the first identifier sent by the second circuit (Kumar: see paragraph 0042, “Thus, the first derived base key and the second derived base key may continuously be generated from the device generated key and corresponding entity ID in response to requests to generate the derived base keys”). Motivation to combine Amiel, Kumar and Peddada, in the instant claim, is the same as that in claim 1.
Regarding claim 3, Amiel, Kumar, and Peddada teach suppressing the first identifier from the memory of the device (Peddada: see Col 14 lines 25-30, “In some examples, the key deletion component 795 may be configured as or otherwise support a means for erasing the short-lived private key from memory in response to generating the symmetric key using the short-lived private key, the erasing resulting in the respective short-lived private key being a one-time use key”), and again receiving, by the first circuit, the first identifier sent from the second circuit; and again generating, by the first circuit, the at least one key following again receiving the first identifier (Kumar: see paragraph 0042, “Thus, the first derived base key and the second derived base key may continuously be generated from the device generated key and corresponding entity ID in response to requests to generate the derived base keys”). Motivation to combine Amiel, Kumar, and Peddada, in the instant claim, is the same as that in claim 1.
Regarding claim 9, Amiel, Kumar, and Peddada teach the first key is a key depending on a hardware of the first circuit (Kumar: see paragraph 0016, “The device generated key may be a key that is generated by a circuit and is stored in a memory associated with the circuit that is used by one or more devices”). Motivation to combine Amiel, Kumar and Peddada, in the instant claim, is the same as that in claim 1.
Regarding claim 10, Amiel, Kumar, and Peddada teach the first key is a key derived from a third key, the third key depending on a hardware of the first circuit (Kumar: see paragraph 0016, “The device generated key may be a key that is generated by a circuit and is stored in a memory associated with the circuit that is used by one or more devices”). Motivation to combine Amiel, Kumar and Peddada, in the instant claim, is the same as that in claim 1.
Regarding claim 17, Amiel, Kumar, and Peddada teach the first key is a key depending on a hardware of the first circuit (Kumar: see paragraph 0016, “The device generated key may be a key that is generated by a circuit and is stored in a memory associated with the circuit that is used by one or more devices”). Motivation to combine Amiel, Kumar and Peddada, in the instant claim, is the same as that in claim 1.
Regarding claim 18, Amiel, Kumar, and Peddada teach the first key is a key derived from a third key, the third key depending on a hardware of the first circuit (Kumar: see paragraph 0016, “The device generated key may be a key that is generated by a circuit and is stored in a memory associated with the circuit that is used by one or more devices”). Motivation to combine Amiel, Kumar, and Peddada, in the instant claim, is the same as that in claim 1.
Claims 4, 7, 8, and 20 are rejected under 35 U.S.C. 103 as being unpatentable over Amiel, Kumar, Peddada as applied above, and in further view of Jun et al. (US 9553722) (hereinafter Jun).
Regarding claim 4, Amiel, Kumar, and Peddada teach the invention detailed above.
However, Amiel, Kumar and Peddada fail to teach generating, by the first circuit, a second key based on the first key and the first identifier; and generating, by the first circuit, the at least one key based on the second key and a first data value.
Nevertheless, Jun-who is in the same field of endeavor- teaches generating, by the first circuit, a second key based on the first key and the first identifier (Jun: see Col 7 Lines 46-52, "As such, the key generator 420 may receive a common key and a device key that is selected based on a device key selection signal. In some embodiments, the common key (i.e., first key) may be diversified or modified with a unique device identification and/or the device key selection signal to generate or create a modified common key (i.e., the common key split)"); and generating, by the first circuit, the at least one key based on the second key and a first data value (Jun: see Col 7 lines 52-55, "The primary key may be generated based on a combination of the modified common key (i.e., the common key split) and the selected device key (i.e., the device key split)").
Amiel, Kumar, Peddada, and Jun are analogous art because they are from the same field of endeavor, securing computer components and activities. Before the effective filing date of the claimed invention, it would have been obvious to one of ordinary skill in the art, having the teachings of Amiel, Kumar, Peddada, and Jun before him or her to utilize Jun’s modified common key and primary key to produce a key. The suggestion/motivation for doing so would be to enhance system security by ensuring the uniqueness of the key.
Regarding claim 7, Amiel, Kumar, Peddada, and Jun teach the first data value is generated by the first circuit based on the first identifier, the second identifier and an index value (Kumar: paragraph 0033, “For example, a one-way function (e.g., a component that performs a hash-based function) may receive the device generated key and the entity ID information from an OTP memory. ", index value (For example, the entity ID may correspond to a value of a counter or the entity ID information may not be shared with other entities when an entity ID information is updated to include a new entity ID)”). Motivation to combine Amiel, Kumar, Peddada, and Jun, in the instant claim, is the same as that in claim 4.
Regarding claim 8, Amiel, Kumar, Peddada, and Jun teach the first data value is generated by applying a hash algorithm on the first identifier, the second identifier and the index value (Kumar: see paragraph 0033, “For example, a one-way function (e.g., a component that performs a hash-based function) may receive the device generated key and the entity ID information from an OTP memory. ", index value (For example, the entity ID may correspond to a value of a counter...)”). Motivation to combine Amiel, Kumar, Peddada, and Jun, in the instant claim, is the same as that in claim 4.
Regarding claim 20, Amiel, Kumar, Peddada, and Jun teach the second circuit comprises a one-time programmable memory configured to store the at least one key generated by the first circuit (Jun: see Col 12 lines 1-4, “As shown, the integrated circuit of a device 1000 may include an OTP memory 1010, a key generator 1020, device memory 1030, and device components or architecture 1040”). Motivation to combine Amiel, Kumar, Peddada, and Jun, in the instant claim, is the same as that in claim 4.
Claims 5-6 and 13-16 are rejected under 35 U.S.C. 103 as being unpatentable over Amiel, Kumar, Peddada, and Jun as applied above, and in further view of Cambou (US 11,533,300)(hereinafter Cambou).
Regarding claim 5, Amiel, Kumar, Peddada, and Jun teach the invention detailed above.
However, Amiel, Kumar, Peddada, and Jun fail to teach generating the second key is performed by a first cryptographic processor of the first circuit, and wherein generating the at least one key is performed by a second cryptographic processor of the first circuit.
Nevertheless, Cambou-who is in the same field of endeavor- teaches generating the second key is performed by a first cryptographic processor of the first circuit (Cambou: see Col 11 lines 34-42, “...a first processor configured to: ...generate a private key with the generated data stream...”), and wherein generating the at least one key is performed by a second cryptographic processor of the first circuit (Cambou: see Col 11 lines 52-61 “a second processor configured to:... generate the same private key as the user device with the retrieved data values…”).
Amiel, Kumar, Peddada, Jun, and Cambou are analogous art because they are from the same field of endeavor, key generation and system security. Before the effective filing date of the claimed invention, it would have been obvious to one of ordinary skill in the art, having the teachings of Amiel, Kumar, Peddada, Jun, and Cambou before him or her to utilize Cambou’s multiple processors to generate keys. The suggestion/motivation for doing so would be to reduce the attack surface of the processor and increase system scalability.
Regarding claim 6, Amiel, Kumar, Peddada, Jun and Cambou teach a value of the second key is transmitted by the first cryptographic processor to the second cryptographic processor via a dedicated bus coupling together the first and second cryptographic processors (Kumar: paragraph 0064, “The example computer system includes a processing device 902, a main memory 904 (e.g., read-only memory (ROM), flash memory, dynamic random access memory (DRAM) such as synchronous DRAM (SDRAM) or DRAM (RDRAM), etc.), a static memory 1106 (e.g., flash memory, static random access memory (SRAM), etc.), and a data storage device 1118, which communicate with each other via a bus 930”). Motivation to combine Amiel, Kumar, Peddada, Jun, and Cambou in the instant claim, is the same as that in claim 5.
Regarding claim 13, Amiel, Kumar, Peddada, Jun and Cambou teach a first cryptographic processor configured to generate a second key (Cambou: see Col 11 lines 34-42, “...a first processor configured to: ...generate a private key with the generated data stream...”) based on the first key and the first identifier (Jun: see Col 7 Lines 46-52, "As such, the key generator 420 may receive a common key and a device key that is selected based on a device key selection signal. In some embodiments, the common key (i.e., first key) may be diversified or modified with a unique device identification and/or the device key selection signal to generate or create a modified common key (i.e., the common key split)"); and a second cryptographic processor configured to generate the at least one key based on the second key and a first data value (Cambou: see Col 11 lines 52-61 “a second processor configured to:... generate the same private key as the user device with the retrieved data values…”), wherein the first and the second cryptographic processors are coupled by a dedicated bus (Kumar: paragraph 0064, “The example computer system includes a processing device 902, a main memory 904 (e.g., read-only memory (ROM), flash memory, dynamic random access memory (DRAM) such as synchronous DRAM (SDRAM) or DRAM (RDRAM), etc.), a static memory 1106 (e.g., flash memory, static random access memory (SRAM), etc.), and a data storage device 1118, which communicate with each other via a bus 930”). Motivation to combine Amiel, Kumar, Peddada, Jun, and Cambou in the instant claim, is the same as that in claim 5.
Regarding claim 14, Amiel, Kumar, Peddada, Jun and Cambou teach the first cryptographic processor is configured to directly transmit a value of the second key to the second cryptographic processor (Kumar: paragraph 0064, “The example computer system includes a processing device 902, a main memory 904 (e.g., read-only memory (ROM), flash memory, dynamic random access memory (DRAM) such as synchronous DRAM (SDRAM) or DRAM (RDRAM), etc.), a static memory 1106 (e.g., flash memory, static random access memory (SRAM), etc.), and a data storage device 1118, which communicate with each other via a bus 930”). Motivation to combine Amiel, Kumar, Peddada, Jun, and Cambou in the instant claim, is the same as that in claim 5.
Regarding claim 15, Amiel, Kumar, Peddada, Jun and Cambou teach the first circuit is configured to generate the first data value based on the first identifier, the second identifier and an index value (Kumar: paragraph 0033, “For example, a one-way function (e.g., a component that performs a hash-based function) may receive the device generated key and the entity ID information from an OTP memory. ", index value (For example, the entity ID may correspond to a value of a counter or the entity ID information may not be shared with other entities when an entity ID information is updated to include a new entity ID)”). Motivation to combine Amiel, Kumar, Peddada, Jun, and Cambou in the instant claim, is the same as that in claim 5.
Regarding claim 16, Amiel, Kumar, Peddada, Jun and Cambou teach the first circuit is configured to generate the first data value by applying a hash algorithm on the first identifier, the second identifier and the index value (Kumar: paragraph 0033, “For example, a one-way function (e.g., a component that performs a hash-based function) may receive the device generated key and the entity ID information from an OTP memory. ", index value (For example, the entity ID may correspond to a value of a counter or the entity ID information may not be shared with other entities when an entity ID information is updated to include a new entity ID)”. Motivation to combine Amiel, Kumar, Peddada, Jun, and Cambou in the instant claim, is the same as that in claim 5.
Claim 11 is rejected under 35 U.S.C. 103 as being unpatentable over Amiel, Kumar, Peddada, and in further view of Koyuncu (US 2022/0075863)(hereinafter Koyuncu).
Amiel, Kumar, and Peddada teach the invention as detailed above.
However, Amiel, Kumar and Peddada fail to teach the at least one key comprises a pair of asymmetric keys.
Nevertheless, Koyuncu-who is in the same field of endeavor- teaches the at least one key comprises a pair of asymmetric keys (Koyuncu: see paragraph 0040, “In some implementations, the plurality of keys includes a pair of asymmetric keys having a public key and a private key”).
Kumar, Peddada, and Koyuncu are analogous art because they are from the same field of endeavor, utilizing hardware identifiers to protect computer components. Before the effective filing date of the claimed invention, it would have been obvious to one of ordinary skill in the art, having the teachings of Kumar, Peddada, and Koyuncu before him or her to utilize Koyuncu’s asymmetric keys for pairing devices. The suggestion/motivation for doing so would be to ensure the integrity of the connection via a hardware derived key pair.
Claim 21 is rejected under 35 U.S.C. 103 as being unpatentable over Peddada in view of Murray et al. (U.S. 10,326,797)(hereinafter Murray), and in further view of Yoon et al. (US 9,379,891)(hereinafter Yoon).
Regarding claim 21, Peddada teaches store the pairing key in a memory of the device (Peddada: see Col 14 Lines 6-9, "In some examples, the key storage component 765 may be configured as or otherwise support a means for storing the first portion of the split private key in association with the client public key");
remove the pairing key from the memory (Peddada: see Col 14 Lines 25-30, " In some examples, the key deletion component 795 may be configured as or otherwise support a means for erasing the short-lived private key from memory in response to generating the symmetric key using the short-lived private key, the erasing resulting in the respective short-lived private key being a one-time use key").
However, Peddada fails to teach a circuit configured to: generate a pairing key in response to a request for communication from a second circuit of a device hosting the circuit, the pairing key generated in accordance with a first identifier of the circuit, a second identifier of the second circuit, and a first key; transmit the pairing key to the second circuit; and execute a cryptographic operation based on the pairing key.
Nevertheless, Murray-which is in the same field of endeavor- teaches A circuit (Murray: see Col 2 lines 12-15, "The first device has a secure element that stores a device secret, instantiates a first connection protocol module, and instantiates a first connection protocol key generator") configured to: generate a pairing key (Murray: see Col 8 lines 45-52, "The system 100 can also instantiate a first connection protocol key generator 123 and a second connection protocol key generator 141, on the first device 120 and the cloud architecture 140 respectively. The first connection protocol key generator 123 and the second connection protocol key generator 141 both can be configured to generate a pairing key using the seed") in response to a request for communication from a second circuit of a device hosting the circuit, (Murray: see Col 9 lines 63-67 - Col 10 line 1, "The pairing key can be generated by the second connection protocol key generator 141, in part using the device secret mapped to the identification of the first device, and transmitted from the cloud architecture 140 to the second device 130 in response to receiving the device identifier from the second device 130").
Peddada and Murray are analogous art because they are from the same field of endeavor, cryptographic operation key generation. Before the effective filing date of the claimed invention, it would have been obvious to one of ordinary skill in the art, having the teachings of Peddada and Murray to utilize Murray’s inter-device request with Peddada’s storage and removal of the pairing key. The suggestion/motivation for doing so would be to enforce existing standards of secure storage and key rotation in cryptographic key generation and management.
Peddada and Murray fail to teach the pairing key generated in accordance with a first identifier of the circuit, a second identifier of the second circuit, and a first key; transmit the pairing key to the second circuit; and execute a cryptographic operation based on the pairing key.
Nevertheless, Yoon-which is in the same field of endeavor- teaches the pairing key generated in accordance with a first identifier of the circuit, a second identifier of the second circuit, and a first key (Yoon: see Col 3 lines 4-9, “The transmitting terminal 102 is a terminal for encrypting a message and transmitting the encrypted message to the receiving terminal 104. The transmitting terminal 102 generates a secret key for message encryption using its own ID (i.e., transmitting-side ID), a receiving-side ID, and a transmitting-side private key calculated from the transmitting-side ID”); transmit the pairing key to the second circuit (Yoon: see Col 5 lines 27-29, “In this step, a transmitting-side or receiving-side private key is issued on the basis of the transmitting-side ID or receiving-side ID received by the key-issuing server 108”); and execute a cryptographic operation based on the pairing key (Yoon: see Col 1 lines 60-64, “...extracting, at the receiving terminal, a secret key from at least a part of the session key; and decrypting, at the receiving terminal, an encrypted message using a previously set decryption algorithm and the secret key”).
Peddada, Murray, and Yoon are analogous art because they are from the same field of endeavor, cryptographic operation key generation. Before the effective filing date of the claimed invention, it would have been obvious to one of ordinary skill in the art, having the teachings of Peddada, Murray, and Yoon to utilize Murray’s inter-device request method with Yoon’s key derivation technique and Peddada’s method of storing and removing the key from memory to generate a pairing key and manage the lifecycle of the pairing key. The suggestion/motivation for doing so would be to create a secret between the devices that would reduce an adversary’s ability to reproduce the key or access the key in the device’s memory.
Conclusion
THIS ACTION IS MADE FINAL. Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any nonprovisional extension fee (37 CFR 1.17(a)) pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action.
/KELAH JANAE MCFARLAND-BARNES/Examiner, Art Unit 2431
/TRANG T DOAN/Primary Examiner, Art Unit 2431