DETAILED ACTION
Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Response to Arguments
Applicant’s remarks filed on 09/15/2025 have been fully considered.
Regarding claim[s] 1 – 32 under the various anticipatory and obviousness rejections, applicant’s remarks are moot because the new ground of rejection does not rely on all of the reference[s] applied in the prior rejection of record for any teaching or matter specifically challenged in the argument. Therefore, see the office action below.
The examiner will address all other remarks that do not concern the prior art rejections, if any, in the office action below.
Applicant states on page[s] 15 - 16 of the remarks as filed: “
Without acquiescing to the merits of this allegation, Applicant has amended independent claims 1 and 29 to incorporate features previously recited by dependent claim 14, now cancelled. The Office Action correctly acknowledges Maillard does not disclose “carr[ying] out computing operations on the encrypted device data set of the second electronic device, when determining the security data of the second electronic device” and “carr[ying] out computing operations on the encrypted device data set of the first electronic device, when determining the security data of the first electronic device” as previously recited by dependent claim 14. (Office Action, p. 27.) Instead, the Office Action alleges these features are disclosed by U.S. Patent Application Publication No. 2018/0205551 to Ha et al. (“Ha”). (Office Action, p. 28.) Applicant respectfully disagrees. The Office Action relies on FIG. 5 of Ha for allegedly teaching or suggesting these features. FIG. 5 of Ha. reproduced for convenience, illustrates an electronic system SUG having a first electronic device and a second electronic device 589. (HA, § {[0088]}) According to Ha, the “second electronic device 550 may include a second processor 560, a memory 570, and a second communication module 580.” (Ha, J [0119].) Ha further discloses that “the memory 570 may store the second data DATA2 for the second part for generating the first program PR.” (Ha, § [0128].) Ha explains that “the second processor 560 may, when there is a request made by the first electronic device 510, encrypt the second data DATA2, and transmit the encrypted second data EDATA2 to the first electronic device 510.”(Ha, { [0128].)
In addition, Ha states that “the memory 570 may store the key KEY for decrypting the encrypted second data EDATA2.” (Ha, § [0129].) These passages relied upon in the Office Action merely describe the generation of encrypted data and conventional encryption/decryption processing. In contrast, independent claims 1 and 29 require that the first electronic device “carries out computing operations on the encrypted device data set of the second electronic device, when determining the security data of the second electronic device” and that the second electronic device “carries out computing operations on the encrypted device data set of the first electronic device, when determining the security data of the first electronic device.” These features require that the claimed “computing operations” be performed directly on the “encrypted device data set” itself, such that the encrypted form of the data is utilized “when determining the security data.” Ha does not teach or suggest performing any such computing operations on encrypted data. Instead, Ha merely teaches generating, storing, transmitting, and decrypting encrypted data, with all substantive processing occurring after decryption.”
In response the examiner isn’t persuaded, the examiner points to the prior art of HA. Specifically, at Figure # 5 and 6, paragraph: 0153, The first electronic device 510 may receive the encrypted second data EDATA2 for the second part of the first program PR from the second electronic device 550 through the first communication module 525. For example, the first electronic device 510 may also receive authentication information for the encrypted second data EDATA2.
Then further of paragraph: 0154, The first electronic device 510 may confirm the authentication information for the encrypted second data EDATA2 at operation S657.
Then further of paragraph: 0155, The first electronic device 510 may generate a hash value HASH for the encrypted second data EDATA2 according to a result of the confirmation at operation S659. For example, the first electronic device 510 may generate the hash value HASH by using the first data DATA1 and the encrypted second data EDATA2.
Then further of paragraph: 0156, The first electronic device 510 may transmit the hash value HASH to the second electronic device 550 at operation S661].”
Then further of HA, at paragraph: 0157, The second electronic device 550 may receive the hash value HASH from the first electronic device 510.
Then further of HA, at paragraph: 0158, the second electronic device 550 may determine the integrity of the hash value at operation S663. For example, the second electronic device 550 may compare the encrypted second data EDATA2 with the hash value HASH and determine whether the hash value HASH has integrity according to a result of the comparison.
Then further of HA, at paragraph: 0159, When the hash value HASH does not have integrity, the second electronic device 550 may determine that the first electronic device 510 has been hacked or the encrypted second data EDATA2 transmitted to the first electronic device 510 has been altered. At this time, the second electronic device 550 may not transmit a key KEY to the first electronic device 510.
***The examiner’s response above equally applies to the same or similar remarks made on page[s] 16 of the remarks regarding other base claim[s] 29.
Response to Amendment
Status of the instant application:
Claim[s] 1 – 13, 15 – 32 are pending in the instant application.
Claim[s] 14, has been cancelled by applicant in the instant application. Therefore, the obviousness rejection is withdrawn based on cancellation of the claim by applicant.
Regarding claim[s] 1 – 13, 15 – 32 under the various anticipatory and obviousness rejections, applicant’s claim amendments have been considered. Therefore, the rejections are withdrawn. However, there are new prior art rejections issued on the claims to address applicant’s claim amendments in the office action below.
Drawings
Regarding drawings: 3, 4, 7, 8, 10, 11 under the drawing objection, applicant’s replacement drawing sheets filed on 09/15/2025 have been inspected and are in compliance with MPEP 608.01.
Claim Objections
Regarding claim[s] 1 – 32, under the objection for claim language informalities, applicant’s claim amendments have been considered, therefore, the rejections are withdrawn.
Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis (i.e., changing from AIA to pre-AIA ) for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
The factual inquiries for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or non-obviousness.
Claim(s) 1, 9, 10, 11, 12, 13, 15, 29 is/are rejected under 35 U.S.C. 103 as being unpatentable over Maillard et al. [US PAT # 7840805] in view of HA et al. [US PGPUB # 2018/0205551]
As per claim 1. Maillard does teach the method for communication between electronic devices [Maillard, col. 1, lines 10 – 14, the present invention relates to a method of and apparatus for providing secure communication of digital data between devices. More specifically, the present invention relates to preventing illegal copying and redistribution of digitally recorded data.], the method comprising:
providing a first electronic device [Maillard, Figure # 1, DVD Player # 12 or Figure # 4, Device A – 60a or Figure # 7, source device # 12];
providing a second electronic device [Maillard, Figure # 1, Recorder # 18 or Figure # 4, Device A – 60b or Figure # 7, recipient device # 14], wherein
the first electronic device determines security data of the second electronic device on the basis of an encrypted device data set of the second electronic device [Maillard, col. 5, lines 54 – 67, In order to solve such problems, in a preferred embodiment of the present invention, data is communicated between first and second devices, and upon validation of each device by the security module, the security module communicates to the first device a random key generated in the security module and encrypted using the random number generated by the first device, the first device decrypting the key using the random number generated thereby, and communicates to the second device the key encrypted [i.e. applicant’s encrypted device data of the second device] using the random number generated by the second device[i.e. applicant’s security data of the second electronic device], the second device decrypting the key using the random number generated thereby, the key thereafter being used to encrypt data communicated to the security module by the devices and data communicated between the devices.]………………………………………………………………….; and
the second electronic device determines security data of the first electronic device on the basis of an encrypted device data set of the first electronic device [Maillard, col. 5, lines 54 – 67, In order to solve such problems, in a preferred embodiment of the present invention, data is communicated between first and second devices, and upon validation of each device by the security module, the security module communicates to the first device a random key [i.e. applicant’s security data of the first electronic device] generated in the security module and encrypted using the random number generated by the first device [i.e. applicant’s encrypted device data of the first device], the first device decrypting the key using the random number generated thereby, and communicates to the second device the key encrypted [i.e. applicant’s encrypted device data of the second device] using the random number generated by the second device[i.e. applicant’s security data of the second electronic device], the second device decrypting the key using the random number generated thereby, the key thereafter being used to encrypt data communicated to the security module by the devices and data communicated between the devices.]…………………………….
Maillard does not clearly teach the claim limitations of:
“…and carries out computing operations on the encrypted device data set of the second electronic device, when determining the security data of the second device.”
“…and carries out computing operations on the encrypted device data set of the first electronic device, when determining the security data of the first electronic device.”
However, HA does teach the claim limitations of:
“…and carries out computing operations on the encrypted device data set of the second electronic device, when determining the security data of the second device [Figure # 5 and 6, paragraph: 0153, The first electronic device 510 may receive the encrypted second data EDATA2 for the second part of the first program PR from the second electronic device 550 through the first communication module 525. For example, the first electronic device 510 may also receive authentication information for the encrypted second data EDATA2.
Then further of paragraph: 0154, The first electronic device 510 may confirm the authentication information for the encrypted second data EDATA2 at operation S657.
Then further of paragraph: 0155, The first electronic device 510 may generate a hash value HASH for the encrypted second data EDATA2 according to a result of the confirmation at operation S659. For example, the first electronic device 510 may generate the hash value HASH by using the first data DATA1 and the encrypted second data EDATA2.
Then further of paragraph: 0156, The first electronic device 510 may transmit the hash value HASH to the second electronic device 550 at operation S661].”
“…and carries out computing operations on the encrypted device data set of the first electronic device, when determining the security data of the first electronic device [paragraph: 0157, The second electronic device 550 may receive the hash value HASH from the first electronic device 510.
Then further of paragraph: 0158, the second electronic device 550 may determine the integrity of the hash value at operation S663. For example, the second electronic device 550 may compare the encrypted second data EDATA2 with the hash value HASH and determine whether the hash value HASH has integrity according to a result of the comparison.
Then further of paragraph: 0159, When the hash value HASH does not have integrity, the second electronic device 550 may determine that the first electronic device 510 has been hacked or the encrypted second data EDATA2 transmitted to the first electronic device 510 has been altered. At this time, the second electronic device 550 may not transmit a key KEY to the first electronic device 510].”
It would have been obvious to one of ordinary skilled in the art before the effective filing date of the claimed invention to combine the teachings of Maillard and HA in order for the establishment of the secure connection between the first device and the second device thru the security module that authenticates the devices of Maillard to include trusted execution environment of HA. This would allow for both the first and second device authentication data to be authenticated in a trusted environment free from comprise by the authentication module internal processes before establishment of the secure connection. See paragraphs: 0007 – 0008 of HA.
As per claim 9. Maillard as modified does teach the method according to Claim 1, wherein, after receiving a communication request from the first electronic device [HA, paragraph: 0045, The first electronic device 210 may request the second electronic device 250 to transmit second data DATA2 in order to perform the first function.], the second electronic device sends identification information to the first electronic device [HA, paragraph: 0073, The first processor 320 may also receive authentication information for the second data DATA2 through the first communication module 325. For example, the first processor 320 may confirm the authentication information for the second data DATA2. For example, the authentication information may refer to information for confirming that the second data DATA2 received from the second electronic device 350 is data transmitted from the second electronic device 350. The authentication information may be included in the second data DATA2. For example, the authentication information may include information related to an identification (ID) and/or Internet protocol (IP) address which indicates the second electronic device 350.]; and
wherein the first electronic device sends identification information to the second electronic device [HA, paragraph: 0109, the first processor 520 may transmit the hash value HASH to the second electronic device 550] after receiving a communication request from the second electronic device [HA, paragraph: 0135, The second electronic device 550 may transmit the encrypted second data EDATA2 for the second part to the first electronic device 510 in response to the request made by the first electronic device 510. For example, the second electronic device 550 may transmit the encrypted second data EDATA2 stored in the memory 570 to the first electronic device 510. Further, the second electronic device 550 may encrypt the second data DATA2 stored in the memory 570 and transmit the encrypted second data EDATA2 to the first electronic device 510 at operation S605].
As per claim 10. Maillard does teach the method according to Claim 9, wherein the identification information of a respective electronic device is encrypted by means of a public key infrastructure [Maillard, col.4, lines 12 – 16, In one preferred embodiment of the present invention, a random number is generated by the device, the random number and the certificate containing the device identifier being encrypted by the device using a public key of the security module and communicated to the security module….].
As per claim 11. Maillard does teach the method according to Claim 1, wherein a respective electronic device comprises identification information, the electronic devices mutually verifying their identity on the basis of the identification information [Maillard, Col. 2, lines 38 – 48, The security module may perform device validation by comparing the communicated identifier with at least one stored identifier. The stored identifiers may be stored in a memory of the security module. The identifiers may be stored in the form of a list, the received identifier being compared with the identifiers in the list in order to validate the device. This can provide for fast and efficient validation of the device. Each stored identifier may be associated with a respective one of a valid device or an invalid device. Upon receipt of the identifier, the security module may compare the received identifier with stored identifiers associated with invalid devices, and/or with stored identifiers associated with valid devices].
As per claim 12. Maillard as modified does teach the method according to Claim 1, wherein an encrypted device data set of a respective electronic device stored in a data storage device of the electronic device comprises identification information of the respective electronic device [Maillard, Col. 2, lines 38 – 48, The security module may perform device validation by comparing the communicated identifier with at least one stored identifier. The stored identifiers may be stored in a memory of the security module. The identifiers may be stored in the form of a list, the received identifier being compared with the identifiers in the list in order to validate the device. This can provide for fast and efficient validation of the device. Each stored identifier may be associated with a respective one of a valid device or an invalid device. Upon receipt of the identifier, the security module may compare the received identifier with stored identifiers associated with invalid devices, and/or with stored identifiers associated with valid devices], and
wherein an encrypted device data set of a respective electronic device stored in a computer network comprises identification information of the respective electronic device [HA, paragraph: 0122, The second processor 560 may transmit the encrypted second data EDATA2 for the second part, which is stored in the memory 570, to the first electronic device 510 in response to the request made by the first electronic device 510.
Where further of HA, at paragraph: 0105, The first processor 520 may receive the encrypted second data EDATA2 for the second part of the first program PR from the second electronic device 550 through the first communication module 525. For example, the first processor 520 may also receive authentication information for the encrypted second data EDATA2. For example, the authentication information may be included in the encrypted second data EDATA2.
Where further of HA, at paragraph: 0106, The first processor 520 may confirm the authentication information for the encrypted second data EDATA2. For example, the authentication information may refer to information for confirming that the encrypted second data EDATA2 received from the second electronic device 550 is data transmitted from the second electronic device 550. For example, the authentication information may include information related to an ID and/or IP address which indicate the second electronic device 550.].
As per claim 13. Maillard as modified does teach the method according to claim 12, wherein an identity of the second electronic device is verified by the first electronic device by the first electronic device carrying out computing operations on each of the encrypted device data sets of the second electronic device stored in the data storage device of the second electronic device and in a computer network, and comparing the encrypted device data sets of the second electronic device [HA, Figure # 5 and 6, paragraph: 0153, The first electronic device 510 may receive the encrypted second data EDATA2 for the second part of the first program PR from the second electronic device 550 through the first communication module 525. For example, the first electronic device 510 may also receive authentication information for the encrypted second data EDATA2.
Then further of Ha, at paragraph: 0154, The first electronic device 510 may confirm the authentication information for the encrypted second data EDATA2 at operation S657.
Then further of HA, at paragraph: 0155, The first electronic device 510 may generate a hash value HASH for the encrypted second data EDATA2 according to a result of the confirmation at operation S659. For example, the first electronic device 510 may generate the hash value HASH by using the first data DATA1 and the encrypted second data EDATA2.
Then further of HA, at paragraph: 0156, The first electronic device 510 may transmit the hash value HASH to the second electronic device 550 at operation S661]; and
an identity of the first electronic device is verified by the second electronic device by the second electronic device carrying out computing operations on each of the encrypted device data sets of the first electronic device stored in the data storage device of the first electronic device and in the computer network and comparing the encrypted device data sets of the first electronic device [HA, paragraph: 0157, The second electronic device 550 may receive the hash value HASH from the first electronic device 510.
Then further of HA, at paragraph: 0158, the second electronic device 550 may determine the integrity of the hash value at operation S663. For example, the second electronic device 550 may compare the encrypted second data EDATA2 with the hash value HASH and determine whether the hash value HASH has integrity according to a result of the comparison.
Then further of HA, at paragraph: 0159, When the hash value HASH does not have integrity, the second electronic device 550 may determine that the first electronic device 510 has been hacked or the encrypted second data EDATA2 transmitted to the first electronic device 510 has been altered. At this time, the second electronic device 550 may not transmit a key KEY to the first electronic device 510].
As per claim 15. Maillard as modified does teach the method according to claim 1, wherein the first electronic device carries out the computing operations on the encrypted device data set of the second electronic device without the first electronic device being able to read in plain text the encrypted device data set of the second electronic device [HA, Figure # 5 and 6, paragraph: 0153, The first electronic device 510 may receive the encrypted second data EDATA2 for the second part of the first program PR from the second electronic device 550 through the first communication module 525. For example, the first electronic device 510 may also receive authentication information for the encrypted second data EDATA2.
Then further of HA, at paragraph: 0154, The first electronic device 510 may confirm the authentication information for the encrypted second data EDATA2 at operation S657.
Then further of HA, at paragraph: 0155, The first electronic device 510 may generate a hash value HASH for the encrypted second data EDATA2 according to a result of the confirmation at operation S659. For example, the first electronic device 510 may generate the hash value HASH by using the first data DATA1 and the encrypted second data EDATA2.
Then further of HA, at paragraph: 0156, The first electronic device 510 may transmit the hash value HASH to the second electronic device 550 at operation S661] or without the first electronic device being able to decrypt the encrypted device data set of the second electronic device; and
the second electronic device carries out the computing operations on the encrypted device data set of the first electronic device without the second electronic device being able to read in plain text the encrypted device data set of the first electronic device [HA, paragraph: 0157, The second electronic device 550 may receive the hash value HASH from the first electronic device 510.
Then further of HA, at paragraph: 0158, the second electronic device 550 may determine the integrity of the hash value at operation S663. For example, the second electronic device 550 may compare the encrypted second data EDATA2 with the hash value HASH and determine whether the hash value HASH has integrity according to a result of the comparison.
Then further of HA, at paragraph: 0159, When the hash value HASH does not have integrity, the second electronic device 550 may determine that the first electronic device 510 has been hacked or the encrypted second data EDATA2 transmitted to the first electronic device 510 has been altered. At this time, the second electronic device 550 may not transmit a key KEY to the first electronic device 510] or without the second electronic device being able to decrypt the encrypted device data set of the first electronic device.
As per system claim 29 that includes the same or similar claim limitations as method claim # 1, and is similarly rejected.
Claim(s) 2, 22 is/are rejected under 35 U.S.C. 103 as being unpatentable over Maillard et al. [US PAT # 7840805] in view of HA et al. [US PGPUB # 2018/0205551] as applied in the rejection of claim # 1 above, further in view of Palle et al. [US PAT # 105301803]
As per claim 2. Maillard and HA do teach what is taught in the rejection of claim 1 above.
Maillard and HA do not clearly teach the method according to Claim 1, wherein
the first electronic device establishes a communication connection with the second electronic device when security data of the second electronic device lie within a prespecified value range or exceed a prespecified limit value; and
the second electronic device establishes a communication connection with the first electronic device when security data of the first electronic device lie within the prespecified value range or exceed the prespecified limit value.
However, Palle does teach the method according to Claim 1, wherein
the first electronic device establishes a communication connection with the second electronic device when security data of the second electronic device lie within a prespecified value range and/or exceed a prespecified limit value [Figure # 1, and Col. 4, lines 1 – 15, In certain embodiments, the entire transaction between the device 102 and device 108 occurs via a communication channel 114 through the network 106 without the use of a tunnel, as shown in FIG. 1. As used herein, “tunnel” refers to a secure communication channel, such as an HTTPS tunnel. In other embodiments, the entire transaction between device 102 and device 108 occurs via the first tunnel 120. In yet further embodiments, part of the transaction occurs via the first tunnel 120 and part of the transaction occurs via the second tunnel 122. The device 108 may initiate communication through the second tunnel during the transaction. For example, if the value of the transaction exceeds a predetermined threshold, then the device 108 and/or the device 102 can dynamically adjust the security used in the transaction.]; and
the second electronic device establishes a communication connection with the first electronic device when security data of the first electronic device lie within a prespecified value range or exceed a prespecified limit value [Figure # 1, and Col. 4, lines 1 – 15, In certain embodiments, the entire transaction between the device 102 and device 108 occurs via a communication channel 114 through the network 106 without the use of a tunnel, as shown in FIG. 1. As used herein, “tunnel” refers to a secure communication channel, such as an HTTPS tunnel. In other embodiments, the entire transaction between device 102 and device 108 occurs via the first tunnel 120. In yet further embodiments, part of the transaction occurs via the first tunnel 120 and part of the transaction occurs via the second tunnel 122. The device 108 may initiate communication through the second tunnel during the transaction. For example, if the value of the transaction exceeds a predetermined threshold, then the device 108 and/or the device 102 can dynamically adjust the security used in the transaction.].
It would have been obvious to one of ordinary skilled in the art before the effective filing date of the claimed invention to combine the teachings of Maillard as modified and Palle in order for the establishment of the secure connection between the first device and the second device thru the security module that authenticates the devices of Maillard as modified to include encrypting the authentication data of the devices of Palle. This would allow for prevention eavesdropping of the device authentication data before authenticating the devices and establishment of the secure connection. See col. 1, lines 1 – 15 of Palle.
As per claim 22. Mailard does teach the Method according to Claim 2, wherein the first and second electronic devices establish the communication connection with one another only if a security state of the second electronic device determined by the first electronic device and a security state of the first electronic device determined by the second electronic device have a prespecified security state [Maillard, col. 2, lines 7 – 13, Indeed, the use of an independent security module can lead to a highly personalized digital audiovisual system. For instance, the security module may enable data to be transferred from a DVD player to a digital television only if both the player and television are validated by the security module, thus enabling the digital data to be viewed only on the user's personal television.].
Claim(s) 3, 8, 17, 18, 19, 20 is/are rejected under 35 U.S.C. 103 as being unpatentable over Maillard et al. [US PAT # 7840805] in view of HA et al. [US PGPUB # 2018/0205551] as applied in the rejection of claim #1 above, further in view of Okunseinde et al. [US PAT # 8782405]
As per claim 3. Maillard and HA do teach what is taught in the rejection of claim 1 above.
Maillard and HA do not clearly teach the method according to Claim 1, wherein
the first electronic device sends a communication request to the second electronic device; and
the second electronic device sends a communication request to the first electronic device.
However, Okunseinde does teach the method according to Claim 1, wherein
the first electronic device sends a communication request to the second electronic device; and
the second electronic device sends a communication request to the first electronic device [col. 3, lines 7 – 16, In yet another aspect of the instant invention, a method is presented for providing transaction-level security. The method includes receiving, at a first device, a request from a second device desiring to transmit at least one object. The request includes at least a portion of security information associated with the object and determining if the first device is capable of providing a level of security represented by the security parameter. The method further includes transmitting an indication to the second device based on determining if the first device is capable of providing the level of security.].
It would have been obvious to one of ordinary skilled in the art before the effective filing date of the claimed invention to combine the teachings of Maillard as modified and Okunseinde in order for the establishment of the secure connection between the first device and the second device thru the security module that authenticates the devices of Maillard as modified to include a type of secure connection appropriate to the data being sent to the other device of Okunseinde. This would allow for the security module to judge the type security for the data that each device must provide before a secure connection is established between the devices. See col. 2, lines 7 – 35 of Okunseinde.
As per claim 8. Millard as modified does teach the method according to Claim 1, wherein the encrypted device data set of a respective electronic device comprises:
information about a version of an operating system of the respective electronic device;
information about a last update of the operating system of the respective electronic device;
information about a configuration of the respective electronic device [Okunseinde, Figure # 3, and col. 9, lines 30 – 42, The handling module 145 next determines (at 320) if the identified remote device 110(2) is capable of providing a desired level of security for the BO 130. In one embodiment, the handling module 145 may determine (at 320) if the remote device 110(2) is capable of providing the desired level of security by requesting such information from the remote device 110(2). For example, the handling module 145 may transmit (at 325) a request to the remote device 110(2), where the request may include information regarding the level of security that is desired to transmit the BO 130. The information that is transmitted (at 325) to the remote device 110(2), in one embodiment, may include information such as that shown in the subsections 240(1-4) of FIG. 2.];
information about hardware components installed in the respective electronic device;
information about a time of manufacture of the respective electronic device;
information about a number of the connections of the respective electronic device to other electronic devices in the past;
a number of error messages of the respective electronic device in the past; or
information about possible connection types of the respective electronic device.
As per claim 17. Maillard as modified does teach the method according to Claim 1, wherein a security state of a respective electronic device is divided into a plurality of security levels [Okunseinde, col. 10, lines 6 – 16, In an alternative embodiment, the handling module 145 may receive (at 330) a list representative of the level of security that the remote device 110(2) is able to provide, where the handling module 145 then determines, based on the received list, whether the remote device 110(2) has the capability to provide the desired level of security. For example, the list provided by the remote device 110(2) may include information indicating that the remote device 110(2) is capable of providing either a HTTPS connection or SSH connection, a DES algorithm capability, no logging capability, and so forth.].
As per claim 18. Maillard as modified does teach the method according to Claim 17, wherein the plurality of security levels of the respective electronic device comprise:
Security Level I (communication with the respective electronic device is completely secure) [Okunseinde, col. 10, lines 6 – 16, In an alternative embodiment, the handling module 145 may receive (at 330) a list representative of the level of security that the remote device 110(2) is able to provide, where the handling module 145 then determines, based on the received list, whether the remote device 110(2) has the capability to provide the desired level of security. For example, the list provided by the remote device 110(2) may include information indicating that the remote device 110(2) is capable of providing either a HTTPS connection or SSH connection, a DES algorithm capability, no logging capability, and so forth.]; and/or
Security Level II (communication with the respective electronic device is only partially secure); or
Security Level III (communication with the respective electronic device 1s entirely insecure).
As per claim 19. Maillard does teach the method according to Claim 17, wherein a communication connection between the two electronic devices is established depending on the respective security state of a respective electronic device [Maillard, col. 5, lines 54 – 67, In order to solve such problems, in a preferred embodiment of the present invention, data is communicated between first and second devices, and upon validation of each device by the security module [i.e. applicant’s…respective security state of a respective electronic device], the security module communicates to the first device a random key [i.e. applicant’s security data of the first electronic device] generated in the security module and encrypted using the random number generated by the first device [i.e. applicant’s encrypted device data of the first device], the first device decrypting the key using the random number generated thereby, and communicates to the second device the key encrypted [i.e. applicant’s encrypted device data of the second device] using the random number generated by the second device[i.e. applicant’s security data of the second electronic device], the second device decrypting the key using the random number generated thereby, the key thereafter being used to encrypt data communicated to the security module by the devices and data communicated between the devices.] or depending on a respective security level.
As per claim 20. Maillard does teach the method according to Claim 19, wherein the first electronic device and the second electronic device establish a direct and unrestricted communication connection when
a security state of the second electronic device determined by the first electronic device on the basis of the encrypted device data set of the second electronic device matches a security state of the second electronic device prespecified for the direct and unrestricted communication connection [Maillard, col. 5, lines 54 – 67, In order to solve such problems, in a preferred embodiment of the present invention, data is communicated between first and second devices, and upon validation of each device by the security module, the security module communicates to the first device a random key [i.e. applicant’s encrypted device data of the first device] generated in the security module and encrypted using the random number generated by the first device, the first device decrypting the key using the random number generated thereby, and communicates to the second device the key encrypted [i.e. applicant’s encrypted device data of the second device] using the random number generated by the second device, the second device decrypting the key using the random number generated thereby, the key thereafter being used to encrypt data communicated to the security module by the devices and data communicated between the devices [i.e. applicant’s matching security state of the first and second electronic device]]; and
a security state of the first electronic device determined by the second electronic device on the basis of the encrypted device data set of the first electronic device matches a security state of the first electronic device prespecified for the direct and unrestricted communication connection [HA, paragraph: 0157, The second electronic device 550 may receive the hash value HASH from the first electronic device 510.
Then further of HA, at paragraph: 0158, the second electronic device 550 may determine the integrity of the hash value at operation S663. For example, the second electronic device 550 may compare the encrypted second data EDATA2 with the hash value HASH and determine whether the hash value HASH has integrity according to a result of the comparison.
Then further of HA, at paragraph: 0159, When the hash value HASH does not have integrity, the second electronic device 550 may determine that the first electronic device 510 has been hacked or the encrypted second data EDATA2 transmitted to the first electronic device 510 has been altered. At this time, the second electronic device 550 may not transmit a key KEY to the first electronic device 510].
Claim(s) 4, 5 is/are rejected under 35 U.S.C. 103 as being unpatentable over Maillard et al. [US PAT # 7840805] in view of HA et al. [US PGPUB # 2018/0205551] as applied in the rejection of claim # 1 above, further in view of Saito et al. [US PAT # 6272635]
As per claim 4. Maillard and HA do teach what is taught in the rejection of claim 1 above.
Maillard and HA do not clearly teach the method according to Claim 1, wherein the encrypted device data set of an electronic device is stored in a data storage device of the respective electronic device.
However, Saito does teach the method according to Claim 1, wherein the encrypted device data set of an electronic device is stored in a data storage device of the respective electronic device [col. 13, lines 1 – 5, Encrypted original data Cm0ks1 [i.e. applicant’s encrypted device data set of..etc.] that primary users 13 have obtained from external information providers 15 or 16 directly or via database 11 is combined with original copyright label Lc0 and stored in storage devices such as a hard disk drive or non-volatile memory inside primary users 13 terminals.].
It would have been obvious to one of ordinary skilled in the art before the effective filing date of the claimed invention to combine the teachings of Maillard as modified and Saito in order for the establishment of the secure connection between the first device and the second device thru the security module that authenticates the devices of Maillard as modified to include key control center that controls key operations of Saito. This would allow for the security module to employ an independent device to facilitate the appropriate keys for the first and second device thereby freeing the first and second device computationally from key operations to implement the secure connection. See col. 2, lines 41 – 64 of Saito.
As per claim 5. Maillard as modified does teach the method according to Claim 4, wherein
the second electronic device sends the encrypted device data set to the first electronic device after receiving a communication request from the first electronic device [HA, paragraph: 0175, The second electronic device 350 may transmit the second data DATA2 stored in the memory 370 to the first electronic device 310 in response to the request made by the first electronic device 310.]; and
the first electronic device sends the encrypted device data set to the second electronic device after receiving a communication request from the second electronic device [Maillard, col. 5, lines 54 – 67, In order to solve such problems, in a preferred embodiment of the present invention, data is communicated between first and second devices, and upon validation of each device by the security module, the security module communicates to the first device a random key generated in the security module and encrypted using the random number generated by the first device, the first device decrypting the key using the random number generated thereby, and communicates to the second device the key encrypted using the random number generated by the second device [i.e. applicant’s encrypted device data of the second device], the second device decrypting the key using the random number generated thereby, the key thereafter being used to encrypt data communicated to the security module by the devices and data communicated between the devices].
Claim(s) 6, 25 is/are rejected under 35 U.S.C. 103 as being unpatentable over Maillard et al. [US PAT # 7840805] in view of HA et al. [US PGPUB # 2018/0205551] as applied in the rejection of claim # 1 above, further in view of Jovanovich et al. [US PAT # 5703950]
As per claim 6. Maillard and HA do teach what is taught in the rejection of claim 1 above.
Maillard and HA do not clearly teach the method according to Claim 1, wherein the encrypted device data set of a respective electronic device is stored in one or more data storage devices of a computer network.
However, Jovanovich does teach the method according to Claim 1, wherein the encrypted device data set of a respective electronic device is stored in one or more data storage devices of a computer network [col. 3, lines 58 – 62, The host computer 10 further includes an encryption processing unit 14 and a configuration data storage/processing unit 16. The configuration data storage/processing unit 16 stores or compiles the frequency configuration data for all of the possible remote units 20.].
It would have been obvious to one of ordinary skilled in the art before the effective filing date of the claimed invention to combine the teachings of Maillard as modified and Jovanovich in order for the establishment of the secure connection between the first device and the second device thru the security module that authenticates the devices of Maillard as modified to include authenticating the devices based on location of device of Jovanovich. This would allow for the determination by the security module to determine whether the devices need to establish a secure communication channel for data communication or not. See col. 3, lines 21 – 34 of Jovanovich.
As per claim 25. Maillard as modified does teach the method according to Claim 1, wherein the encrypted device data sets of the electronic devices are updated [Jovanovich, col. 3, lines 45 – 48, Ordinarily, the remote unit 20 would be entirely independent of the host computer 10, but may occasionally communicate with the host computer as necessary to receive certain technical support, such as software revisions and updates, or to modify the stored operating frequency information.].
Claim(s) 7 is/are rejected under 35 U.S.C. 103 as being unpatentable over Maillard et al. [US PAT # 7840805] in view of HA et al. [US PGPUB # 2018/0205551] and Jovanovich et al. [US PAT # 5703950] as applied in the rejection of claim # 6 above, further in view of Smith et al. [US PGPUB # 2019/0349190]
As per claim 7. Maillard and HA and Jovanovich do teach what is taught in the rejection of claim 6 above.
Maillard and HA and Jovanovich do not clearly teach the method according to Claim 6, wherein the encrypted device data set of the respective electronic device is stored in the blockchain.
However, Smith does teach the method according to Claim 6, wherein the encrypted device data set of the respective electronic device is stored in the blockchain [paragraph: 0316, Example 13 includes the subject matter of any of examples 1 to 12. In example 13, the distributed ledger includes transaction data signed by a group key and a private key for a participant.].
It would have been obvious to one of ordinary skilled in the art before the effective filing date of the claimed invention to combine the teachings of Maillard as modified and Smith in order for the establishment of the secure connection between the first device and the second device thru the security module that authenticates the devices of Maillard as modified to include real-time authentication and connection establishment of Smith. This would allow for the authentication module to authenticate and enforce network establishment policies before the secure connection is setup between the first and second device. See paragraph: 0197 of Smith.
Claim(s) 16 is/are rejected under 35 U.S.C. 103 as being unpatentable over Maillard et al. [US PAT # 7840805] in view of HA et al. [US PGPUB # 2018/0205551] as applied in the rejection of claim 1 above, further in view of Abendroth et al. [US PAT # 8261076]
As per claim 16. Maillard and HA do teach what is taught in the rejection of claim 1 above.
Maillard and HA do not clearly teach the method according to Claim 1, wherein the security data comprises one or more security code values.
However, Abendroth does teach the method according to Claim 1, wherein the security data comprises one or more security code values [col. 2, lines 21 – 34, Accordingly, in a method for agreeing a shared key between a first communication device and a second communication device, security parameters are agreed between the two communication devices. On the basis of the agreed security parameters, a first security value is determined by the second communication device and transmitted to the first communication device. …………Assuming a successful authentication, the first communication device and the second communication device each determine a shared key on the basis of the agreed security parameters and the third security value.].
It would have been obvious to one of ordinary skilled in the art before the effective filing date of the claimed invention to combine the teachings of Maillard as modified and Abendroth in order for the establishment of the secure connection between the first device a