DETAILED ACTION
Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
This action is in response to the communication filed on October 14, 2025 in response to the first office action on merit.
Remarks
Pending claims for reconsideration are claims 1-19. Applicant has
Amended claims 1, 10, and 19.
Canceled claim 20.
Response to Arguments
In response to argument- Applicant’s arguments with respect to amended claims filed on October 14, 2025 have been considered but they are deemed moot in view of the new grounds of rejection (see 103 rejection below).
Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b) CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.
The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.
Claims 1, 10, and 9 are rejected under 35 U.S.C. 112(b) or pre-AIA 35 U.S.C. 112, second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA 35 U.S.C. 112, the applicant), regards as the invention.
Amended claims 1, 10, and 19 recite the limitation “the public key of the second” on last two lines of the claims, but the “public key of the second” has not been introduced earlier. There is insufficient antecedent basis for this limitation in the claim.
Claims 2-9, 11-18, and 20 inherit the deficiencies of the base claims 1, 10, and 19 respectively therefore are rejected under 35 USC § 112 by virtue of their dependency.
Appropriate correction is requested.
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459 (1966), that are applied for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.
Claims 1-3, 7-10, and 17-20 are rejected under 35 U.S.C. 103 as being unpatentable over Choi et al. (U.S. Patent Application Publication No.: US 2017 /0085543 A1 / or “Choi” hereinafter) in view of Fumihide Goto (U.S. Patent Application Publication No.: US 2010/0332828 A1 / or “Goto” hereinafter) and in further view of Iwata Junichi (JP 2023009346 A / or “Junichi” hereinafter).
Regarding claim 1, Choi discloses “A non-transitory computer-readable data storage medium storing program code executable by a first device to perform processing comprising” (Para 0024 and Para 0173: a device with computer-readable recording medium, processor and memory):
“transmitting, [to a proxy device to forward to a second device], a request message, the request message requesting establishment of a secure session between the first device and the second device, the request message including a public key of a key pair of the first device for the secure session” (Fig. 1: First Communication Device 110 i.e., a “first device” and Second Communication Device / Server 120 i.e., a “second communication device”; and Para 0105: the second communication device 120 provides its public to the first communication device 110);
“receiving, [from the proxy device], a response message forwarded by the [proxy device from the second device], the response message encrypted with the public key and including a cryptographic nonce for the secure session” (Para 0108: the first communication device 110 generates an encrypted certification data CT1, containing a random integer i.e., a “cryptographic nonce”, using a generated secret key sk1, where generation of the sk1 involves the public key of the second communication device 120; Para 0162: the secret key sk1, is induced from the public key of the second communication device; and Para 0112: the second communication device/sever 120 generates the same secret key sk1 using its private key);
“decrypting the response message using a private key of the key pair” (Para 0112-0113: the second communication device/sever 120 generates the same secret key sk1 using its private key and decrypts the message CT1 received from the first communication device 110; and Para 0163-0164);
“generating a session key for the secure session based on the cryptographic nonce and a [pre-shared password known to the first device and the second device]” (Para 0122: generates a session key using multiple values);
[encrypting a challenge response with the session key;
transmitting, to the [proxy device] to forward to the second device, the challenge response as encrypted with the session key;
and communicating with the second device over the secure session upon the second device confirming the challenge response such that the secure session is established],
“wherein the cryptographic nonce is not transmitted between the first device and the second device via the [proxy device] in plaintext, and the pre-shared password is not transmitted between the first device and the second device via the [proxy device]”( Choi, Para 0108: the first communication device 110 generates an encrypted certification data CT1, containing a random integer i.e., a “cryptographic nonce”, using a generated secret key sk1 i.e., the random number is encrypted; and Choi, Para 0054: disclose using of a pre-shared value) ,
“such that the proxy device does not have to be trusted by the first device and the second device, and such that the public key of the first device and the public key of the second device do not have to be verifiable” (Choi, Abstract: disclose using of Diffie-Hellman key exchange method allowing two parties that have no prior knowledge of each other to establish a session key over an insecure communication channel).
Choi further disclose using of a pre-shared value in determining a Diffie-Hellman value (Para 0054).
But Choi fails to specially disclose generating a session key using a pre-shared value and communicating using the session key.
However, Goto discloses generating a session key using a pre-shared value (Goto, Para 0041: generates a session key pre-shared value and random numbers of parties involved)
“encrypting a challenge response with the session key” (Goto, Para 0041:);
“transmitting, to the [proxy device] to forward to the second device, the challenge response as encrypted with the session key” (Goto, Para 0042-0045: a message sent);
“and communicating with the second device over the secure session upon the second device confirming the challenge response such that the secure session is established” (Goto, Para 0042-0045: encrypted communication is established).
It would have been obvious to an ordinary person skilled in the art before the effective filing date of the claimed invention to employ the teachings of generating a session key using a pre-shared value and communicating using the session key of Goto to the Apparatus and Method for Exchanging Encryption Key of Choi to create a system where the same session key can be generated between parties using the pre-shared value (Goto, Para 0041) and the ordinary person skilled in the art would have been motivated to combine to install the same session key and perform secure communication using the generated session key (Goto, Para 0045-0046).
Furthermore, Choi and Goto failed to disclose a proxy device acting as a relay device between the first and second communication devices.
However a proxy device acting as a relay device between the first and second communication devices would have been obvious (see, Junichi: Abstract, a remote desktop support system i.e., a proxy relays between two devices).
It would have been obvious to an ordinary person skilled in the art before the effective filing date of the claimed invention to employ the teachings of a proxy device acting as a relay device between the first and second communication devices of Junichi to the system of Choi and Goto to create a system where the proxy enables mutual communication between the devices and the ordinary person skilled in the art would have been motivated to combine to “…mediates connection between access source terminal 130 and communication relay device 120…” (Junichi, Page 3: Para 6).
Regarding claim 2, in view of claim 1, Choi discloses “wherein the processing further comprises generating the key pair of the first device for the secure session, such that the key pair is specific to the secure session between the first device and the second device and not to any other secure session between the first device and the second device or any other device” (Choi, Para 0105: the second communication device 120 provides its public to the first communication device 110).
Regarding claim 3, in view of claim 1, Choi discloses “wherein the public key is unverifiable with any certificate authority” (Choi, Para 0105: the second communication device 120 provides its public to the first communication device 110 and no exchange of first communication device 110 public needed).
Regarding claim 7, in view of claim 1, Choi discloses “wherein the response message further includes the public key of the key pair of the first device for the secure session, and wherein the processing further comprises, upon decrypting the response message, verifying that the public key of the first device for the secure session included in the response message matches the public key of the key pair of the first device for the secure session included in the request message” (Choi, Para 0108: the first communication device 110 generates an encrypted certification data CT1, containing a random integer i.e., a “cryptographic nonce”, using a generated secret key sk1, where generation of the sk1 involves the public key of the second communication device 120; Para 0162: the secret key sk1, is induced from the public key of the second communication device; and Para 0112: the second communication device/sever 120 generates the same secret key sk1 using its private key).
Regarding claim 8, in view of claim 1, Choi discloses “wherein the processing further comprises: selecting a Diffie-Hellman private key of the first device for the secure session, and generating a Diffie-Hellman public key of the first device for the secure session, based on the Diffie-Hellman private key and one or more pre-shared Diffie-Hellman parameters known to the first device and the second device, wherein the request message further includes the Diffie-Hellman public key” (Choi, Para 0008: based on Diffie-Hellman public keys of two parties are shared; and key exchange parameters and random values are shared).
Regarding claim 9, in view of claim 8, Choi discloses “wherein the response message further includes a Diffie-Hellman public key of the second device for the secure session generated based on a Diffie-Hellman private key of the second device for the secure session and the one or more pre- shared Diffie-Hellman parameters, and wherein the session key is generated based further on the Diffie- Hellman private key of the first device for the secure session and the Diffie- Hellman public key of the second device for the secure session” (Choi, Para 0008: based on Diffie-Hellman public keys of two parties are shared; and key exchange parameters and random values are shared and session key is generated).
Regarding claim 10, claim 10 is directed to a method corresponding to the CRM recited in claim 1. Claim 10 is similar in scope to claim 1, and is therefore, rejected under similar rationale.
Regarding claim 17, claim 17 is directed to a method corresponding to the CRM recited in claim 8. Claim 17 is similar in scope to claim 8, and is therefore, rejected under similar rationale.
Regarding claim 18, claim 18 is directed to a method corresponding to the CRM recited in claim 9. Claim 18 is similar in scope to claim 9, and is therefore, rejected under similar rationale.
Regarding claim 19, claim 19 is directed to a device corresponding to the CRM recited in claim 1. Claim 19 is similar in scope to claim 1, and is therefore, rejected under similar rationale.
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459 (1966), that are applied for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.
Claims 4-6, and 11-16 are rejected under 35 U.S.C. 103 as being unpatentable over Choi and Goto, and Junichi and in further view of Steven Charles Rhoads (U.S. Patent Application Publication No.: US 2007/0101140 A1 / or “Rhoads” hereinafter).
Regarding claim 4, in view of claim 1, Choi discloses generates a session key using multiple values with help of Diffie-Hellman key exchange method (Choi, Para 0122; and Abstract).
Goto discloses generating a session key using a pre-shared value (Goto, Para 0041).
Junichi discloses a proxy device acting as a relay device between the first and second communication devices (see, Junichi: Abstract).
But Choi, Goto and Junichi fail to specially disclose signature validation.
However, Rhoads discloses “wherein the response message is electronically signed with a private key of a key pair of the second device for the secure session and further includes a public key of the key pair of the second device for the secure session, and wherein the processing further comprises, upon decrypting the response message, verifying an electronic signature of the response message using the public key of the key pair of the second device for the secure session included in the response message” (Rhoads, Abstract: digital signature is validated).
It would have been obvious to an ordinary person skilled in the art before the effective filing date of the claimed invention to employ the teachings of signature validation of Rhoads to the system of Choi, Goto, and Junichi to create a system where the digital signatures are compare to validate that a recipient has received the send message (Rhoads, Para 0033) and the ordinary person skilled in the art would have been motivated to combine where the “…signatures, certificates and the like, that are used to assure a receiving party that public key Z' is transmitted from a trusted source” (Rhoads, Para 0025).
Regarding claim 5, in view of claim 4, Choi discloses “wherein the challenge response includes either or both of the public key of the key pair of the first device for the secure session and the public key of the key pair of the second device for the secure session” (Choi, Para 0105: the second communication device 120 provides its public to the first communication device 110 and no exchange of first communication device 110 public needed).
Regarding claim 6, in view of claim 4, Choi, Goto and Junichi in view of Rhoads disclose “wherein the processing further comprises electronically signing the request message with the private key of the key pair of the first device for the secure session prior to transmitting the request message to the proxy device to forward to the second device” (Rhoads, Abstract: digital signature is validated).
Regarding claim 11, in view of claim 10, Choi discloses generates a session key using multiple values with help of Diffie-Hellman key exchange method (Choi, Para 0122; and Abstract).
Goto discloses generating a session key using a pre-shared value (Goto, Para 0041).
Junichi discloses a proxy device acting as a relay device between the first and second communication devices (see, Junichi: Abstract).
But Choi, Goto and Junichi fail to specially disclose signature validation.
However, Rhoads discloses “wherein the response message includes a public key of a key pair of the second device for the secure session, and wherein the method further comprises electronically signing, by the second device, the response message with a private key of the key pair of the second device for the secure session, prior to transmitting the response message to the proxy device to forward to the first device” (Rhoads, Abstract: digital signature is validated).
It would have been obvious to an ordinary person skilled in the art before the effective filing date of the claimed invention to employ the teachings of signature validation of Rhoads to the system of Choi, Goto and Junichi to create a system where the digital signatures are compare to validate that a recipient has received the send message (Rhoads, Para 0033) and the ordinary person skilled in the art would have been motivated to combine where the “…signatures, certificates and the like, that are used to assure a receiving party that public key Z' is transmitted from a trusted source” (Rhoads, Para 0025).
Regarding claim 12, in view of claim 11, Choi discloses “wherein the challenge response includes the public key of the key pair of the second device for the secure session, and wherein the method further comprises verifying, by the second device, that the public key of the second device for the secure session included in the challenge response matches the public key of the key pair of the second device for the secure session included in the response message” (Choi, Para 0105: the second communication device 120 provides its public to the first communication device 110 and no exchange of first communication device 110 public needed; and Para 0162: the secret key sk1, is induced from the public key of the second communication device).
Regarding claim 13, in view of claim 12, Choi discloses “wherein the challenge response includes the public key of the key pair of the first device for the secure session, and wherein the method further comprises verifying, by the second device, that the public key of the first device for the secure session included in the challenge response matches the public key of the first device for the secure session included in the request message” (Choi, Para 0105: the second communication device 120 provides its public to the first communication device 110 and no exchange of first communication device 110 public needed; and Para 0162: the secret key sk1, is induced from the public key of the second communication device).
Regarding claim 14, in view of claim 11, Choi discloses “further comprising generating the key pair of the second device for the secure session, such that the key pair is specific to the secure session between the second device and the first device and not to any other secure session between the second device and the first device or any other device” (Choi, Para 0108: the first communication device 110 generates an encrypted certification data CT1, containing a random integer i.e., a “cryptographic nonce”, using a generated secret key sk1, where generation of the sk1 involves the public key of the second communication device 120; Para 0162: the secret key sk1, is induced from the public key of the second communication device; and Para 0112: the second communication device/sever 120 generates the same secret key sk1 using its private key).
Regarding claim 15, in view of claim 14, Choi discloses “wherein the public key of the second device for the secure session is unverifiable with any certificate authority” (Choi, Para 0105: the second communication device 120 provides its public to the first communication device 110 and no exchange of first communication device 110 public needed).
Regarding claim 16, in view of claim 10, Choi discloses generates a session key using multiple values with help of Diffie-Hellman key exchange method (Choi, Para 0122; and Abstract).
Goto discloses generating a session key using a pre-shared value (Goto, Para 0041).
Junichi discloses a proxy device acting as a relay device between the first and second communication devices (see, Junichi: Abstract).
But Choi, Goto and Junichi fails to specially disclose signature validation.
However, Rhoads discloses “wherein the request message is electronically signed with a private key of the key pair of the first device for the secure session, and wherein the method further comprises verifying, by the second device, an electronic signature of the request message using the public key of the key pair of the first device for the secure session included in the request message” (Rhoads, Abstract: digital signature is validated).
It would have been obvious to an ordinary person skilled in the art before the effective filing date of the claimed invention to employ the teachings of signature validation of Rhoads to the system of Choi, Goto and Junichi to create a system where the digital signatures are compare to validate that a recipient has received the send message (Rhoads, Para 0033) and the ordinary person skilled in the art would have been motivated to combine where the “…signatures, certificates and the like, that are used to assure a receiving party that public key Z' is transmitted from a trusted source” (Rhoads, Para 0025).
Relevant Prior Arts
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.
Bajic et al. (US 20100191971 A1) discloses :
[0023] In one embodiment, the pre-shared secret is defined as a string 8 to 64 characters long, and is used for deriving session keys using a well-known SHA-1 function. SHA-1 produces a 160-bit output called a "message digest." Only 128 bit of the output need be used for the session key.
Le Saint et al. (U.S. 2020/0092269 A1) discloses :
[0038] A "shared secret" may include any data value or other information known only to authorized parties in a secure communication. A shared secret can be generated in any suitable manner, from any suitable data. For example, a Diffie-Hellman based algorithm, such as Elliptic-Curve Diffie- Hellman (ECDH) may be used to generate a shared secret from a private key and a public key. In some cases, a shared secret may be used to generate a session key.
Vahlis et al. (CA 2898609) discloses “…The advertising nonce may be encrypted with the provisioning key. A communication channel between the mobile device and the access point may be established based on a session nonce, the advertising nonce, and the provisioning key. A session key may be generated based in part on the advertising nonce and a message counter….” (Abstract).
Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP § 706.07(a). Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action.
Contact Information
Any inquiry concerning this communication or earlier communications from the examiner should be directed to ABDULLAH ALMAMUN whose telephone number is (571) 270-3392. The examiner can normally be reached on 8 AM - 5 PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Lynn Feild can be reached on (571) 272-2092. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system. Status information for published applications may be obtained from either Private PAIR or Public PAIR. Status information for unpublished applications is available through Private PAIR only. For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/ABDULLAH ALMAMUN/Examiner, Art Unit 2431
/LYNN D FEILD/Supervisory Patent Examiner, Art Unit 2431