APPLICATION LAYER KEY GENERATION

Notice of Pre-AIA or AIA Status The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . Continued Examination Under 37 CFR 1.114 A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection. Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114. Applicant's submission filed on February 25, 2026 has been entered. Claims 1-6 and 13-14 are pending, no claims are amended. Claim Rejections - 35 USC § 103 The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action: A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made. Claims 1-6 and 13-14 are rejected under 35 U.S.C. 103 as being unpatentable over Tian et al (US PGPub No: 2021/0058770) in view of Shah et al (US PGPub No: 2013/0007858), hereafter referred to as Tian and Shah, respectively. With regard to claims 1, 13, and 14, Tian teaches through Shah, an application layer key generation method, comprising: determining a connection mode used when a Bluetooth connection to an external Bluetooth device is established (Tian teaches a Bluetooth connection being established between a communication device and a mobile phone; see paragraph 38, Tian. An encryption mode is determined between the devices; see paragraph 40, Tian); determining an application layer key generation function according to the connection mode (Tian teaches the key negotiation and generation occurs at the application layer; see paragraph 22, Tian. This process involves a number of application layer functions; see paragraphs 45-52, Tian); determining, according to the application layer key generation function, a link layer dynamic parameter used at a link layer; obtaining an application layer key identifier agreed upon with the external Bluetooth device; and generating an application layer key according to the application layer key generation function, the link layer dynamic parameter, and the application layer key identifier (see Shah below). While Tian teaches authentication in a network that supports Bluetooth and supports a number of functions, Tian does not explicitly cite the claimed application layer key generation function in the claimed manner. In the same field of endeavor, Shah also explains how devices can connect via wireless personal area networks, such as Bluetooth; see paragraphs 53 and 65, Shah. For instance, between a base station and a WTRUs (wireless transmit/receive units) (i.e. phones); see paragraph 49 and Figure 1A, Shah. In particular, Shah teaches how a smartphone can communicate using layered communication by establishing communication at an access layer, an access layer comprises a physical/data link (i.e. link layer); see paragraphs 8 and 39, Shah. Shah goes on to explain how each layer can have their own security, layer-specific security can implement key agreements at each layer; see paragraph 39, Shah. Security key agreements at the higher level, such as the application layer, can utilize security keys or other security-related information, such as security association contexts (link layer dynamic parameter) at a lower layer; see paragraph 39, Shah. This technique of layer-specific security where higher levels rely on lower-level security context information is referred to as bootstrapping techniques; see paragraph 39, Shah. This allows the application layer key to be derived from an access layer (link layer) key as a function (key generation function) and can involve the IDs such as application layer ID (application layer key ID); see paragraphs 107-109, Shah. By leveraging credentials to perform authentication, a user is provided seamless authentication in a heterogenous network; see paragraph 28, Shah. Therefore, it would have been obvious to one skilled in the art, before the effective filing date, to have combined the teachings of Shah with those of Tian, to provide seamless authentication to users; see paragraph 28, Shah. With regards to claim 2, Tian teaches through Shah, the method wherein the connection mode is a basic rate/enhanced data rate mode; the determining an application layer key generation function according to the connection mode comprises: determining an f2 function used when a link layer key is generated as the application layer key generation function (Shah teaches application layer key to be derived from an access layer (link layer) key as a function (key generation function) and can involve the IDs such as application layer ID (application layer key ID); see paragraphs 107-109, Shah); the determining a link layer dynamic parameter used at a link layer comprises: determining a random number in each key parameter used by the f2 function in calculating the link layer key as the link layer dynamic parameter (Shah teaches symmetric key structures, which usually use random numbers; see paragraph 111, Shah. In addition, Tian supports RSA in key generation, RSA inherently uses random numbers; see paragraph 42, Tian); and the generating an application layer key comprises: replacing a link layer key identifier in each key parameter used by the f2 function in calculating the link layer key with the application layer key identifier; and calculating, by using the f2 function, each key parameter obtained after replacement, to obtain the application layer key (Shah explains how an identity received can be used (as a replacement in the function); see paragraphs 115-116, and 121, Shah). With regards to claim 3, Tian teaches through Shah, the method wherein the application layer key identifier is different from the link layer key identifier (Shah explains instances where the identities at the access layer (link layer ID) are different than those used at the application level (application layer key ID); see paragraphs 92-93, Shah). With regards to claim 4, Tian teaches through Shah, the method wherein the connection mode is a basic rate/enhanced data rate mode or a low energy mode; the determining an application layer key generation function according to the connection mode comprises: determining an h6 function as the application layer key generation function; the determining a link layer dynamic parameter used at a link layer comprises: obtaining a link layer key generated when the Bluetooth connection to the external Bluetooth device is established; and determining the link layer key as the link layer dynamic parameter; and the generating an application layer key comprises: calculating the application layer key identifier and the link layer key by using the h6 function, to obtain the application layer key Tian teaches a Bluetooth connection being established between a communication device and a mobile phone; see paragraph 38, Tian. An encryption mode is determined between the devices; see paragraph 40, Tian. Tian supports BluFi (see 32-35, Tian), BluFi is Bluetooth LE to WiFi gateway. While Tian teaches authentication in a network that supports Bluetooth and supports a number of functions, Tian does not explicitly cite the claimed application layer key generation function in the claimed manner. In the same field of endeavor, Shah also explains how devices can connect via wireless personal area networks, such as Bluetooth; see paragraphs 53 and 65, Shah. For instance, between a base station and a WTRUs (wireless transmit/receive units) (i.e. phones); see paragraph 49 and Figure 1A, Shah. In particular, Shah teaches how a smartphone can communicate using layered communication by establishing communication at an access layer, an access layer comprises a physical/data link (i.e. link layer); see paragraphs 8 and 39, Shah. Shah goes on to explain how each layer can have their own security, layer-specific security can implement key agreements at each layer; see paragraph 39, Shah. Security key agreements at the higher level, such as the application layer, can utilize security keys or other security-related information, such as security association contexts (link layer dynamic parameter) at a lower layer; see paragraph 39, Shah. This technique of layer-specific security where higher levels rely on lower-level security context information is referred to as bootstrapping techniques; see paragraph 39, Shah. This allows the application layer key to be derived from an access layer (link layer) key as a function (key generation function) and can involve the IDs such as application layer ID (application layer key ID); see paragraphs 107-109, Shah. By leveraging credentials to perform authentication, a user is provided seamless authentication in a heterogenous network; see paragraph 28, Shah. Therefore, it would have been obvious to one skilled in the art, before the effective filing date, to have combined the teachings of Shah with those of Tian, to provide seamless authentication to users; see paragraph 28, Shah. With regards to claim 5, Tian teaches through Shah, the method wherein when the connection mode is a basic rate/enhanced data rate mode, the link layer key is generated by using an f2 function and a link layer key identifier; and the application layer key identifier is the same as or different from the link layer key identifier (Shah teaches application layer key to be derived from an access layer (link layer) key as a function (key generation function) and can involve the IDs such as application layer ID (application layer key ID); see paragraphs 107-109, Shah. Shah further explains instances where the identities at the access layer (link layer ID) are different than those used at the application level (application layer key ID); see paragraphs 92-93, Shah). With regards to claim 6, Tian teaches through Shah, the method wherein when the connection mode is a low energy mode, the link layer key is generated by using an f5 function Tian teaches a Bluetooth connection being established between a communication device and a mobile phone; see paragraph 38, Tian. An encryption mode is determined between the devices; see paragraph 40, Tian. Tian supports BluFi (see 32-35, Tian), BluFi is Bluetooth LE to WiFi gateway. While Tian teaches authentication in a network that supports Bluetooth and supports a number of functions, Tian does not explicitly cite the claimed application layer key generation function in the claimed manner. In the same field of endeavor, Shah also explains how devices can connect via wireless personal area networks, such as Bluetooth; see paragraphs 53 and 65, Shah. For instance, between a base station and a WTRUs (wireless transmit/receive units) (i.e. phones); see paragraph 49 and Figure 1A, Shah. In particular, Shah teaches how a smartphone can communicate using layered communication by establishing communication at an access layer, an access layer comprises a physical/data link (i.e. link layer); see paragraphs 8 and 39, Shah. Shah goes on to explain how each layer can have their own security, layer-specific security can implement key agreements at each layer; see paragraph 39, Shah. Security key agreements at the higher level, such as the application layer, can utilize security keys or other security-related information, such as security association contexts (link layer dynamic parameter) at a lower layer; see paragraph 39, Shah. This technique of layer-specific security where higher levels rely on lower-level security context information is referred to as bootstrapping techniques; see paragraph 39, Shah. This allows the application layer key to be derived from an access layer (link layer) key as a function (key generation function) and can involve the IDs such as application layer ID (application layer key ID); see paragraphs 107-109, Shah. By leveraging credentials to perform authentication, a user is provided seamless authentication in a heterogenous network; see paragraph 28, Shah. Therefore, it would have been obvious to one skilled in the art, before the effective filing date, to have combined the teachings of Shah with those of Tian, to provide seamless authentication to users; see paragraph 28, Shah. The obviousness motivation applied to independent claims 1 and 13-14 are applicable to their respective dependent claims, if any. Response to Arguments Applicant's arguments filed January 28, 2026 have been fully considered but they are not persuasive. The RCE filed February 25, 2026 was entered with no claim amendments. The RCE submission however did indicate the amendment (arguments only) filed after final may be considered. Those after final arguments were considered in the advisory action. The examiner discussed the RCE and after final amendments with the applicant’s representative (Jason Drake 70,286) on March 16, 2026 at which point confirmation was received that the arguments filed after final were to be considered in this RCE. The following are the responses to the arguments filed after final. The first argument presented by the applicant focuses on the limitation of, "...generating an application layer key according to the application layer key generation function, the link layer dynamic parameter, and the application layer key identifier." Applicant argues that Shah fails to teach this limitation. The examiner has reviewed applicant's arguments but disagrees. Applicant's summation that security keys are from lower layers rather than the application layer is a simplification of the reference while not appreciating the full teachings of the Shah reference. Furthermore, applicant's assertion that application layer key derivation cannot involve the application layer ID is also unsupported and seem conclusionary. As stated before, Shah explains how each layer can have their own security, layer-specific security can implement key agreements at each layer; see paragraph 39, Shah. Security key agreements at the higher level, such as the application layer, can utilize security keys or other security-related information, such as security association contexts (link layer dynamic parameter) at a lower layer; see paragraph 39, Shah. In the realm of handoffs (such as the Shah prior art), connections are being handed off from one network to another, meaning the link layer is changing (it is dynamic). The technique of layer-specific security where higher levels rely on lower-level security context information is referred to as bootstrapping techniques; see paragraph 39, Shah. This allows the application layer key to be derived from an access layer (link layer) key as a function (key generation function) and can involve the IDs such as application layer ID (application layer key ID); see paragraphs 107-109, Shah. Therefore, applicant's arguments remain unpersuasive. Applicant next argues that the application layer identity is used for determining the access layer suitable identity in Shah, rather than deriving the application layer key K_app. Applicant goes on with the rationale that even if the application layer identity can exist prior to the K_app, the conclusion that K_app to be derived can involve the application layer ID cannot be drawn. The examiner again disagrees. As stated before, the application layer identity can include various information including OpenID URL or an email address login identity (both of which can exist prior to establishing the application layer key (K_app)); see paragraph 89, Shah. In addition, as explained above, the technique of layer-specific security where higher levels rely on lower-level security context information is referred to as bootstrapping techniques; see paragraph 39, Shah. This allows the application layer key to be derived from an access layer (link layer) key as a function (key generation function) and can involve the IDs such as application layer ID (application layer key ID); see paragraphs 107-109, Shah. With the understanding that application layer identity can exist prior to K_app, we can see how K_app can be derived from an access layer (link layer) key as a function (key generation function) and can involve the IDs such as application layer ID (application layer key ID); see paragraphs 107-109, Shah. As such, applicant’s arguments are again not deemed persuasive. The final arguments presented by the applicant focus on the dependent claims being allowable since the applicant feels the independent claims are allowable. The examiner respectfully disagrees. The rejections of the independent claims are being maintained, as such, the dependent claims remain rejected as well. Conclusion Any inquiry concerning this communication or earlier communications from the examiner should be directed to AZIZUL Q CHOUDHURY whose telephone number is (571)272-3909. The examiner can normally be reached M-F. Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, EMMANUEL MOISE can be reached at (571) 272-3865. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. /AZIZUL CHOUDHURY/Primary Examiner, Art Unit 2455