SYSTEM FOR ADVANCED USER AUTHENTICATED KEY MANAGEMENT FOR 6G-BASED INDUSTRIAL APPLICATIONS

DETAILED ACTION Notice of Pre-AIA or AIA Status The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . Response to Arguments Applicant’s arguments with respect to claims 1-5 of the 102 rejection have been considered but are moot because the new ground of rejection does not rely on any reference applied in the prior rejection of record for any teaching or matter specifically challenged in the argument. In addition, the 112 rejections and claim objection in the non-final rejection have been overcome by applicant’s amendments. Claim Rejections - 35 USC § 103 In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis (i.e., changing from AIA to pre-AIA ) for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status. The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action: A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made. Claims 1-4 are rejected under 35 U.S.C. 103 as being unpatentable over Wazid et al. (Designing Authenticated Key Management Scheme in 6G-Enabled Network in a Box Deployed for Industrial Applications – Applicant’s IDS) in view of Sutrala et al. (US 2020/0120081). Regarding claim 1, Wazid teaches a system for advanced user authentication key management for 6G-based industrial applications (see title), the system comprising a memory storing computer readonable instructions and a processor configured to execute the instructions to: perform registration of a smart industrial device, a content server, and a user by using a trusted authority and an ID of the trusted authority (1) Smart Industrial Device Registration: The registration process of deployed smart industrial devices is performed by a TA (i.e., trusted authority)…2) Content Server Registration: In this phase, the registration of a content server CSj is performed by the trusted authority TA…3) User Registration: In this phase, the registration of a user Ui is performed by the TA – see page 4 under “Registration phase”. Trusted Authority has IDTA – see Table 1 on page 4). compute a Hamming distance between a biometric information of the user provided in the registration and a currently recognized biometric information of the user (User Login Phase…User Ui imprints biometrics BIO’U…to calculate biometric secret key…provided that the Hamming distance between the real biometrics BIOi provided during the user registration phase and the current BIO’U is less than or equal to a predefined error tolerance threshold – see page 5 under “User Login Phase”). perform mutual authentication among the user, the content server, and the smart industrial device (This phase is required for mutual authentication among a registered user Ui, a content server CSj, and an accessed smart industrial device SDk. – see page 5 under “User Authentication and Key Agreement Phase”). Wazid does not explicitly teach that the trusted authority uses its ID in the registration process. Wazid does however teach that the trusted authority has IDTA (see Table 1 on page 4). It would be inherent that the IDTA would be used in the registration process because the system would need to know which trusted authority the devices/users are being registered to. Wazid does not teach: based on the Hamming distance being less than a pre-defined error tolerance threshold, restore a biometric secret key of the user through a reproduction function (RepB) of a fuzzy extractor by using reproduction parameters generated in the registration. Sutrala teaches using a fuzzy extractor reproduction function to reproduce a key value using corresponding reproduction parameters for a given reading if the difference between the initial reading for a given biometric source (e.g. fingerprint for the right index finger) and the subsequently provided reading for that same source is within a particular tolerance threshold (e.g., if the Hamming distance between BIORindex and BIORindex’ is less than or equal to an error tolerance et) – see [0028]. During an initial registration phase…the fuzzy extractor technique may be used to generator a biometric key value and reproduction parameter pair for each biometric reading – see [0026]. It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the teachings of Wazid by restoring a biometric key though a reproduction function of a fuzzy extractor by using reproduction parameters generated during registration, in order to protect the biometric key as well as backup the biometric key, based upon the beneficial teachings provided by Sutrala. These modifications would result in increased security to the system. Regarding claim 2, Wazid teaches wherein the processor is further configured to execute the instructions to perform registration by selecting a private key dTA of the trusted authority with a collision-resistant one-way cryptographic hash function h(ˑ) (The TA picks a “collision-resistant on-way cryptographic hash function h(ˑ)” – see page 4 under “Registration Phase”. The pseudoidentities, which are used in registration are computed with dTA, which is the private key of the trusted authority – see “Smart Industrial Device Registration”, “Content Server Registration”, and “User Registration”, all on page 4). Regarding claim 3, Wazid teaches wherein the processor is further configured to execute the instructions to: select a unique ID and a random secret key for a smart device, compute a pseudo ID of the smart device, a public key of the random secret key, and a temporary credential according to a registration timestamp, and transmit the pseudo ID, the public key, and the temporary credential to the content server for registration ((RSD1: The TA picks a unique identity IDSDk and a random secret key dSDk …for smart device SDk…For SDk , the TA computes the pseudo identity of SDk as RIDSDk…, the public key of dSDk,…and the temporal credential, the registration timestamp of SDk. The TA also sends RIDSDk to CSj (i.e., content server) – see page 4 under “Registration Phase: 1) Smart Device Registration”) select a unique ID and a secret key to compute a pseudo ID of the content server, and compute and store a public key and a pseudo random number in a secret and tamper resistant database to register the content server (The TA chooses a unique identity IDCSj and a random secret key dCS for CSj to compute the pseudo identity of CSj…, public key QCS. The credentials…are then stored in CSj’s secure/tamper resistant database by the TA – see page 4 under “Registration Phase: 2) Content Server Registration”). select a user unique ID, a password, and a long -term random password to compute a masked password through a secure channel, and compute a pseudo ID and generate a temporary ID to compute and transmit a secret key for the user and a temporary credential to a user mobile device to perform user registration (Ui chooses his/her unique identity IDu, a password Pwu, and a long-term random secret…to calculate the masked password RPWUi… then sends IDui and RPWUi to the TA through a secure channel…the TA computes the pseudoidentity RIDU…, generates temporary TIDU, and a random secret key dU…The TA computes temporal credential of Ui…then sends…to MDU (i.e., user mobile device) through a secure channel – see page 4 under “Registration Phase: 3) User Registration”). Regarding claim 4, Wazid teaches the processor is further configured to execute the instructions to: Select a an smart device accessed with a pseudo ID RDz, and transmit a login message to the content server via an open channel (Ui…imprints biometrics BIO’U at the sensor of his/her mobile device MDU to calculate biometric secret key…provided that the Hamming distance between the real biometrics BIOi provided during the user registration phase and current BIO’Ui is less than or equal to a predefined error tolerance threshold….then picks an accessed smart device DSk with its pseudoidentity RIDSDK and sends the login message…via an open channel – see page 5 under “User Login Phase”). Conclusion Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP § 706.07(a). Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a). A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any nonprovisional extension fee (37 CFR 1.17(a)) pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. Any inquiry concerning this communication or earlier communications from the examiner should be directed to LISA C LEWIS whose telephone number is (571)270-7724. The examiner can normally be reached Monday - Thursday 7am-2pm. Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Farid Homayounmehr can be reached at 571-272-3739. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. /LISA C LEWIS/Primary Examiner, Art Unit 2495