KEY ESTABLISHMENT USING WIRELESS CHANNEL INFORMATION

DETAILED ACTION Notice of Pre-AIA or AIA Status The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . Response to Amendment The amendments filed on November 14, 2025 have been entered. Claims 1-15 have been amended. Claims 16-20 have been added. Response to Arguments Applicant's arguments filed on November 14, 2025, have been fully considered but are not persuasive. Applicant argued that “Ly does not teach or suggest "generating a security key using channel information of a wireless channel by inputting a plurality of quantized channel parameters to a key derivation function" as recited in amended claim 1.” In response, the Examiner respectfully disagrees. Ginzboorg discloses generating a security key using channel information of a wireless channel by inputting a plurality of quantized channel parameters to a key derivation function (See Parag. [0107-0108]; node 110 and the mobile device 120 are sharing a cryptographic key, for example a symmetric key. That is, the node 110 and the mobile device 120 both have knowledge of an identical sequence of zeroes and ones that is kept secret and thus unknown for any third party ... The node 110 (first endpoint) generates a nonce in action 203. The nonce may be a random number, a pseudo-random number, a non-repeatable number, a non-predictable number or similar. Typically, the nonce (and by the way also the shared cryptographic key of the authentication protocol) may be generated with a cryptographic pseudo-random number generator. The output of a cryptographic pseudo-random number generator should approximate a sequence of true random bits; and in addition it should be unpredictable and not be reused, in order to avoid a replay attack). The Examiner notes that cryptographic pseudo-random number generators are known to generate secret keys in between two devices in wireless by expanding a small, truly random initial “seed” (gathered from environment noise like radio interference) into a long, unpredictable stream of bits). The examiner interprets the claimed “a plurality of quantized channel parameters” to be equivalent to “seed” (gathered from environmental noise like radio interference). Claim Rejections - 35 USC § 103 The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action: A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made. The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459 (1966), that are applied for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows: 1. Determining the scope and contents of the prior art. 2. Ascertaining the differences between the prior art and the claims at issue. 3. Resolving the level of ordinary skill in the pertinent art. 4. Considering objective evidence present in the application indicating obviousness or nonobviousness. Claims 1-20 are rejected under 35 U.S.C. 103 as being unpatentable over Ginzboorg et al. (Pub. No. US 2017/0257762), hereinafter Ginzboorg; in view of Ly et al. (Patent No. US 8,401,193), hereinafter Ly. Claim 1. Ginzboorg discloses a method performed by a first endpoint device, the method comprising: generating a security key using channel information of a wireless channel by inputting a plurality of quantized channel parameters to a key derivation function (See Parag. [0107-0108]; node 110 and the mobile device 120 are sharing a cryptographic key, for example a symmetric key. That is, the node 110 and the mobile device 120 both have knowledge of an identical sequence of zeroes and ones that is kept secret and thus unknown for any third party... The node 110 (first endpoint) generates a nonce in action 203. The nonce may be a random number, a pseudo-random number, a non-repeatable number, a non-predictable number or similar. Typically, the nonce (and by the way also the shared cryptographic key of the authentication protocol) may be generated with a cryptographic pseudo-random number generator. The output of a cryptographic pseudo-random number generator should approximate a sequence of true random bits; and in addition it should be unpredictable and not be reused, in order to avoid a replay attack. See also Parag. [0150]. Examiner’s note: Cryptographic pseudo-random number generators (CSPRNGs) generate secret keys in wireless by expanding a small, truly random initial "seed" (gathered from environmental noise like radio interference) into a long, unpredictable stream of bits); computing a first authentication code over a first training sequence using the security key (See Parag. [0110]; the node 110 may indicate for the mobile device 120, e.g. in the message transmitted in action 204, that it expects to authenticate the mobile device 120 using the training sequence in a future transmission. See Parag. [0119]; the node 110 may determine the cryptographic key shared with the mobile device 120 in action 209. Using the determined cryptographic key, the node 110 may compute a second message authentication code (here called MAC 2) (first authentication code) over the previously generated nonce, in action 210. See Parag. [0120]; The computed MAC 2 may then be embedded into a second training sequence (TS 2) (a first Training Sequence) in action 211 by the node 110); receiving a response message from the second endpoint device, the response message including a second authentication code (See Parag. [0114]; having computed the first message authentication code, here called MAC 1, the mobile device 120 (second endpoint) may embed the MAC 1 into a first Training Sequence (here called TS 1) in an action 207. The first training sequence, comprising the computed MAC 1 is then transmitted in action 208, from the mobile device 120 to be received by the node 110); validating the second authentication code; and indicating successful key establishment in response to successful validation of the second authentication code (See Parag. [0120]; when the node 110 receives the combined TS 1 and MAC 1 from the mobile device 120, i.e. the response to the previously transmitted challenge, a comparison may be made between the received MAC 1 and the locally computed MAC 2 by the node 110, using the shared cryptographic key, in action 212. See Parag. [0124]; when only the node 110 and the mobile device 120 know the shared cryptographic key, and the received MAC 1 corresponds to the computed MAC 2, the node 110 with certainty could establish that the mobile device 120 actually is the mobile device 120). Ginzboorg doesn’t explicitly disclose transmitting the first training sequence including the first authentication code to a second endpoint device. However, Ly discloses transmitting the first training sequence including the first authentication code to a second endpoint device (See Col. 13 lines 23-29; a secret key verification procedure is to use a hash function. In particular, after the transmitter obtains its secret key, the transmitter may compute a hash value for the secret key, and send the hash value to the receiver. The receiver may verify whether its own hash value is similar to the hash value received from the value). It would have been obvious to one of ordinary skill in the art at the time before the effective filling date of the claimed invention to modify the teaching, taught by Ginzboorg, to include sending the first Training Sequence including the first authentication code to a second endpoint, as taught by Ly. This would be convenient for securing wireless communications (Ly, Col. 1 lines 7-8). Claim 2. Ginzboorg in view of Ly discloses the method of claim 1, Ginzboorg further discloses the method further comprising: performing channel estimation of the wireless channel; extracting channel parameters from the channel estimation (See Parag. [0102]; a training signal is transmitted by the mobile device 120 for the purpose of radio channel estimation and also for cryptographically authenticating the mobile device 120, towards the node 110. Thus the training signal becomes in itself a message that is part of cryptographic authentication protocol running between the parties. See Parag. [0115]; the wireless channel between the node 110 and the mobile device 120 may initially be unknown and time-variant. Thus the node 110 and the mobile device 120 may be synchronised by transmission of a known sequence of bits, called training sequence. From the received signal and knowledge of the transmitted bit sequence, the node 110 may estimate the channel impulse response. The problem of time variance of the channel is solved by repeating the transmission of the training sequence at regular intervals, so that the radio circuits in the node 110 may regularly be adapted to the channel state. Since the channel state changes when the mobile device 120 moves, the degree of mobility that a radio system may support depends on how often the training sequence is transmitted); and quantizing the extracted channel parameters to obtain the channel information (See Parag. [0118-0120]; having combined the first training sequence and MAC 1, the mobile device 120 may transmit the combined first training sequence and MAC 1, to be received by the node 110 in action 208. In other words, the mobile node 120 constructs the first training sequence such that it comprises the first message authentication code (MAC 1). In paralle, the node 110 may determine the cryptographic key shared with the mobile device 120 in action 209. Using the determined cryptographic key, the node 110 may compute a second message authentication code (here called MAC 2) over the previously generated nonce, in action 210. The computed MAC 2 may then be embedded into a second training sequence (TS 2) in action 211 by the node 110. This constructed second training sequence comprising the MAC 2 may be constructed in order to later be able to use it as a comparison with the received first training sequence, received from the mobile device 120 in action 212. Thus; when the node 110 receives the combined TS 1 and MAC 1 from the mobile device 120, i.e. the response to the previously transmitted challenge, a comparison may be made between the received MAC 1 and the locally computed MAC 2 by the node 110, using the shared cryptographic key, in action 212). Claim 3. Ginzboorg in view of Ly discloses the method of claim 1, Ginzboorg further discloses wherein the response message comprises a second training sequence different than the first training sequence, wherein the response message indicates successful key verification by the second endpoint device (See Parag. [0114]; having computed the first message authentication code, here called MAC 1, the mobile device 120 may embed the MAC 1 into a first Training Sequence (here called TS 1) (second Training Sequence) in an action 207. The first training sequence, comprising the computed MAC 1 is then transmitted in action 208, from the mobile device 120 to be received by the node 110. See Parag. [0120]; when the node 110 receives the combined TS 1 and MAC 1 from the mobile device 120, i.e. the response to the previously transmitted challenge, a comparison may be made between the received MAC 1 and the locally computed MAC 2 by the node 110, using the shared cryptographic key, in action 212. See Parag. [0124]; when only the node 110 and the mobile device 120 know the shared cryptographic key, and the received MAC 1 corresponds to the computed MAC 2, the node 110 with certainty could establish that the mobile device 120 actually is the mobile device 120). Claim 4. Ginzboorg in view of Ly discloses the method of claim 3, Ly further discloses wherein validating the second authentication code comprises: computing a third authentication code over the second training sequence, using the generated security key (See Col. 13 lines 23-29; a secret key verification procedure is to use a hash function. In particular, after the transmitter obtains its secret key, the transmitter may compute a hash value for the secret key, and send the hash value to the receiver. The receiver may verify whether its own hash value is similar to the hash value received from the value. See Col. 6 lines 65-67 and Col. 7 lines 1-4; the transmitter may estimate the channel between the legitimate users using a pilot sequence transmitted by the receiver (block 357). Based on the channel estimate, the transmitter may determine phase of the channel (block 359). Alternatively, phase of the channel may be estimated directly from the received signal (e.g., the received pilot signal)); comparing the computed third authentication code with the second authentication code received from the second endpoint device; and indicating successful key establishment when the third authentication code is equal to the second authentication code (See Col. 13 lines 29-40; if both hash values are the same, then the secret keys are equal and the receiver may send an agreement acknowledgment to the transmitter, and the two secret keys become a shared secret key. Otherwise, the legitimate users must discard the secret key and start a new secret key generation process. Alternatively, the verification of the secret key may involve the transmitter encrypting a message with the secret key and transmitting the encrypted message to the receiver. The receiver may decrypt the encrypted message with its secret key. If the decrypted message is intelligible, then the legitimate users generated the same secret key). It would have been obvious to one of ordinary skill in the art at the time before the effective filling date of the claimed invention to modify the teaching, taught by Ginzboorg, to include computing a third authentication code and indicating successful key establishment when the third authentication code is equal to the second authentication code, as taught by Ly. This would be convenient for securing wireless communications (Ly, Col. 1 lines 7-8). Claim 5. Ginzboorg in view of Ly discloses the method of claim 1, Ly further discloses the wherein the response message comprises the first training sequence encrypted using the security key, wherein the response message indicates successful key verification by the second endpoint device (See Col. 7 lines 17-27; the verification of the secret key may involve the transmitter encrypting a message with the secret key and transmitting the encrypted message to the receiver. The receiver may decrypt the encrypted message with its secret key. If the decrypted message is intelligible, then the legitimate users generated the same secret key. In another example, the legitimate users may each apply a cryptographic hash function to the secret key and exchanging the hash values in a handshake process. The legitimate users can assume that they have generated the same secret key if their hash values agree. See Col. 6 lines 65-67 and Col. 7 lines 1-4; the transmitter may estimate the channel between the legitimate users using a pilot sequence transmitted by the receiver (block 357). Based on the channel estimate, the transmitter may determine phase of the channel (block 359). Alternatively, phase of the channel may be estimated directly from the received signal (e.g., the received pilot signal))). It would have been obvious to one of ordinary skill in the art at the time before the effective filling date of the claimed invention to modify the teaching, taught by Ginzboorg, to include encrypting the first training sequence using the security key, wherein the response message indicates successful key verification by the second endpoint, as taught by Ly. This would be convenient for securing wireless communications (Ly, Col. 1 lines 7-8). Claim 6. Ginzboorg in view of Ly discloses the method of claim 1, Ly further discloses wherein the response message comprises the first training sequence, the method further comprising: determining updated channel information of the wireless channel; generating a second security key using the updated channel information of the wireless channel (See Col. 7 lines 1-10; transmitter may estimate the channel between the legitimate users using a pilot sequence transmitted by the receiver (block 357). Based on the channel estimate, the transmitter may determine phase of the channel (block 359). Alternatively, phase of the channel may be estimated directly from the received signal (e.g., the received pilot signal)… The transmitter may quantize the estimated phase of the channel using a phase quantization diagram. The bits associated with a quantized phase of the channel may then be used as the secret key, a part of the secret key, or provided to a function used to generate the secret key (block 363)); computing a third authentication code over the first training sequence using the second security key (See Col. 13 lines 23-29; a secret key verification procedure is to use a hash function. In particular, after the transmitter obtains its secret key, the transmitter may compute a hash value for the secret key, and send the hash value to the receiver. The receiver may verify whether its own hash value is similar to the hash value received from the value); comparing the computed third authentication code with the second authentication code received from the second endpoint device; and indicating successful key establishment when the third authentication code is equal to the second authentication code (See Col. 13 lines 29-40; if both hash values are the same, then the secret keys are equal and the receiver may send an agreement acknowledgment to the transmitter, and the two secret keys become a shared secret key. Otherwise, the legitimate users must discard the secret key and start a new secret key generation process. Alternatively, the verification of the secret key may involve the transmitter encrypting a message with the secret key and transmitting the encrypted message to the receiver. The receiver may decrypt the encrypted message with its secret key. If the decrypted message is intelligible, then the legitimate users generated the same secret key). It would have been obvious to one of ordinary skill in the art at the time before the effective filling date of the claimed invention to modify the teaching, taught by Ginzboorg, to include generating a second security key and computing a third authentication code over the first Training Sequence using the second security key and indicating successful key establishment when the third authentication code is equal to the second authentication code, as taught by Ly. This would be convenient for securing wireless communications (Ly, Col. 1 lines 7-8). Claim 7. Ginzboorg in view of Ly discloses the method of claim 6, Ly further discloses wherein indicating successful key establishment comprises computing a fourth authentication code over a second training sequence using the second security key, the second training sequence being different than the first training sequence (See Col. 13 lines 23-29; a secret key verification procedure is to use a hash function. In particular, after the transmitter obtains its secret key, the transmitter may compute a hash value for the secret key, and send the hash value to the receiver. The receiver may verify whether its own hash value is similar to the hash value received from the value); and transmitting the second training sequence including the fourth authentication code to the second endpoint device, wherein the second training sequence indicates successful key verification by the first endpoint device (See Col. 13 lines 29-40; if both hash values are the same, then the secret keys are equal and the receiver may send an agreement acknowledgment to the transmitter, and the two secret keys become a shared secret key. Otherwise, the legitimate users must discard the secret key and start a new secret key generation process. Alternatively, the verification of the secret key may involve the transmitter encrypting a message with the secret key and transmitting the encrypted message to the receiver. The receiver may decrypt the encrypted message with its secret key. If the decrypted message is intelligible, then the legitimate users generated the same secret key). It would have been obvious to one of ordinary skill in the art at the time before the effective filling date of the claimed invention to modify the teaching, taught by Ginzboorg, to include computing a fourth authentication code over a second Training Sequence using the second security key and sending the second Training Sequence including the fourth authentication code to the second endpoint, wherein the second Training Sequence indicates successful key verification by the first endpoint, as taught by Ly. This would be convenient for securing wireless communications (Ly, Col. 1 lines 7-8). Claim 8. Ginzboorg discloses a first endpoint device for wireless communication (See Parag. [0115]; wireless channel between the node 110 and the mobile device 120. See Parag. [0092]; the node 110 is represented by a network node, radio network node or base station, such as e.g., a Radio Base Station (RBS) or Base Transceiver Station (BTS)), comprising: at least one memory; and at least one processor coupled with the at least one memory (See Fig. 8) and configured to cause the first endpoint device to: generate a security key using channel information of a wireless channel by inputting a plurality of quantized channel parameters to a key derivation function (See Parag. [0107-0108]; node 110 and the mobile device 120 are sharing a cryptographic key, for example a symmetric key. That is, the node 110 and the mobile device 120 both have knowledge of an identical sequence of zeroes and ones that is kept secret and thus unknown for any third party... The node 110 (first endpoint) generates a nonce in action 203. The nonce may be a random number, a pseudo-random number, a non-repeatable number, a non-predictable number or similar. Typically, the nonce (and by the way also the shared cryptographic key of the authentication protocol) may be generated with a cryptographic pseudo-random number generator. The output of a cryptographic pseudo-random number generator should approximate a sequence of true random bits; and in addition it should be unpredictable and not be reused, in order to avoid a replay attack. See also Parag. [0150]. Examiner’s note: Cryptographic pseudo-random number generators (CSPRNGs) generate secret keys in wireless by expanding a small, truly random initial "seed" (gathered from environmental noise like radio interference) into a long, unpredictable stream of bits); compute a first authentication code over a first training sequence using the security key (See Parag. [0110]; the node 110 may indicate for the mobile device 120, e.g. in the message transmitted in action 204, that it expects to authenticate the mobile device 120 using the training sequence in a future transmission. See Parag. [0119]; the node 110 may determine the cryptographic key shared with the mobile device 120 in action 209. Using the determined cryptographic key, the node 110 may compute a second message authentication code (here called MAC 2) (first authentication code) over the previously generated nonce, in action 210. See Parag. [0120]; The computed MAC 2 may then be embedded into a second training sequence (TS 2) (a first Training Sequence) in action 211 by the node 110); receive a response message from the second endpoint device, the response message including a second authentication code (See Parag. [0114]; having computed the first message authentication code, here called MAC 1, the mobile device 120 (second endpoint) may embed the MAC 1 into a first Training Sequence (here called TS 1) in an action 207. The first training sequence, comprising the computed MAC 1 is then transmitted in action 208, from the mobile device 120 to be received by the node 110); validate the second authentication code; and indicate successful key establishment in response to successful validation of the second authentication code (See Parag. [0120]; when the node 110 receives the combined TS 1 and MAC 1 from the mobile device 120, i.e. the response to the previously transmitted challenge, a comparison may be made between the received MAC 1 and the locally computed MAC 2 by the node 110, using the shared cryptographic key, in action 212. See Parag. [0124]; when only the node 110 and the mobile device 120 know the shared cryptographic key, and the received MAC 1 corresponds to the computed MAC 2, the node 110 with certainty could establish that the mobile device 120 actually is the mobile device 120). Ginzboorg doesn’t explicitly disclose transmit the first training sequence including the first authentication code to a second endpoint device. However, Ly discloses transmit the first training sequence including the first authentication code to a second endpoint device (See Col. 13 lines 23-29; a secret key verification procedure is to use a hash function. In particular, after the transmitter obtains its secret key, the transmitter may compute a hash value for the secret key, and send the hash value to the receiver. The receiver may verify whether its own hash value is similar to the hash value received from the value). It would have been obvious to one of ordinary skill in the art at the time before the effective filling date of the claimed invention to modify the teaching, taught by Ginzboorg, to include sending the first Training Sequence including the first authentication code to a second endpoint, as taught by Ly. This would be convenient for securing wireless communications (Ly, Col. 1 lines 7-8). Claim 9. Ginzboorg discloses a second endpoint (node 110) device for wireless communication (See Parag. [0115]; wireless channel between the node 110 and the mobile device 120. See Parag. [0092]; the node 110 is represented by a network node, radio network node or base station, such as e.g., a Radio Base Station (RBS) or Base Transceiver Station (BTS)), comprising: at least one memory; at least one processor coupled with the at least one memory (See Fig. 8) and configured to cause the second endpoint device to: receive a first training sequence including a first authentication code from a first endpoint device (See Parag. [0114]; having computed the first message authentication code, here called MAC 1, the mobile device 120 may embed the MAC 1 into a first Training Sequence (here called TS 1) in an action 207. The first training sequence, comprising the computed MAC 1 (a first authentication code) is then transmitted in action 208, from the mobile device 120 (first endpoint) to be received by the node 110); generate a security key using channel information of a wireless channel by inputting a plurality of quantized channel parameters to a key derivation function (See Parag. [0107-0108]; node 110 and the mobile device 120 are sharing a cryptographic key, for example a symmetric key. That is, the node 110 and the mobile device 120 both have knowledge of an identical sequence of zeroes and ones that is kept secret and thus unknown for any third party... The node 110 (first endpoint) generates a nonce in action 203. The nonce may be a random number, a pseudo-random number, a non-repeatable number, a non-predictable number or similar. Typically, the nonce (and by the way also the shared cryptographic key of the authentication protocol) may be generated with a cryptographic pseudo-random number generator. The output of a cryptographic pseudo-random number generator should approximate a sequence of true random bits; and in addition it should be unpredictable and not be reused, in order to avoid a replay attack. See also Parag. [0150]. Examiner’s note: Cryptographic pseudo-random number generators (CSPRNGs) generate secret keys in wireless by expanding a small, truly random initial "seed" (gathered from environmental noise like radio interference) into a long, unpredictable stream of bits); validate the first authentication code using the generated security key; indicate successful key establishment in response to successful validation of the first authentication code (See Parag. [0120]; when the node 110 receives the combined TS 1 and MAC 1 from the mobile device 120, i.e. the response to the previously transmitted challenge, a comparison may be made between the received MAC 1 and the locally computed MAC 2 by the node 110, using the shared cryptographic key, in action 212. See Parag. [0124]; when only the node 110 and the mobile device 120 know the shared cryptographic key, and the received MAC 1 corresponds to the computed MAC 2, the node 110 with certainty could establish that the mobile device 120 actually is the mobile device 120); compute a second authentication code over a second training sequence (See Parag. [0110]; the node 110 may indicate for the mobile device 120, e.g. in the message transmitted in action 204, that it expects to authenticate the mobile device 120 using the training sequence in a future transmission. See Parag. [0119]; the node 110 may determine the cryptographic key shared with the mobile device 120 in action 209. Using the determined cryptographic key, the node 110 may compute a second message authentication code (here called MAC 2) (a second authentication code) over the previously generated nonce, in action 210. See Parag. [0120]; The computed MAC 2 may then be embedded into a second training sequence (TS 2) (a second Training Sequence) in action 211 by the node 110). Ginzboorg doesn’t explicitly disclose transmit, to the first endpoint device, a response message comprising the second authentication code. However, Ly discloses transmit, to the first endpoint device, a response message comprising the second authentication code (See Col. 13 lines 23-29; a secret key verification procedure is to use a hash function. In particular, after the transmitter obtains its secret key, the transmitter may compute a hash value for the secret key, and send the hash value to the receiver. The receiver may verify whether its own hash value is similar to the hash value received from the value). It would have been obvious to one of ordinary skill in the art at the time before the effective filling date of the claimed invention to modify the teaching, taught by Ginzboorg, to include sending a response message including the second authentication code, as taught by Ly. This would be convenient for securing wireless communications (Ly, Col. 1 lines 7-8). Claim 10. The applicant is directed to the rejections to claim 2 set forth above, as it is rejected based on the same rationale. Claim 11. The applicant is directed to the rejections to claim 4 set forth above, as it is rejected based on the same rationale. Claim 12. The applicant is directed to the rejections to claim 3 set forth above, as it is rejected based on the same rationale. Claim 13. The applicant is directed to the rejections to claim 5 set forth above, as it is rejected based on the same rationale. Claim 14. Ginzboorg in view of Ly discloses the second endpoint device of claim 9, Ginzboorg further discloses wherein the response message indicates a key verification failure by the second endpoint device, wherein the at least one processor is further configured to cause the second endpoint device to: determine updated channel information of the wireless channel in response to unsuccessful validation of the first authentication code; generate a second security key using the updated channel information of the wireless channel; compute the second authentication code over the first training sequence using the second security key, wherein the response message includes the first training sequence (See Parag. [0183-0184]; If the two message authentication codes do not correspond to each other, the channel estimation/the tuning of the receiving circuits does not correspond the actual channel and the decoding of the further message fails as well as the authentication of the mobile device 120. Hence, the authentication of the mobile device 120 is only finished after the further message was decoded correctly by the node 110. When the computed 504 second message authentication code does not correspond to the received 506 first message authentication code (i.e. the further message could not be correctly decoded), the mobile device 120 may be rejected. Possibly, in case of rejection according to some embodiments, a new nonce may be generated and a new challenge transmitted. The reason why the mobile device 120 may fail to present a correct message authentication code may be that the channel is bad and/or the challenge message is distorted before reaching the mobile device 120. In such case, repeating the authentication process for a predetermined number of times may be beneficial); Claim 15. Ginzboorg in view of Ly discloses the second endpoint device of claim 14, Ly further discloses wherein the at least one processor is further configured to cause the second endpoint device to: receive a second response message from the first endpoint device, the second response message including a third authentication code (See Col. 13 lines 23-29; a secret key verification procedure is to use a hash function. In particular, after the transmitter obtains its secret key, the transmitter may compute a hash value for the secret key, and send the hash value to the receiver. The receiver may verify whether its own hash value is similar to the hash value received from the value); validate the third authentication code; and indicate successful key establishment in response to successful validation of the third authentication code (See Col. 13 lines 29-40; if both hash values are the same, then the secret keys are equal and the receiver may send an agreement acknowledgment to the transmitter, and the two secret keys become a shared secret key. Otherwise, the legitimate users must discard the secret key and start a new secret key generation process. Alternatively, the verification of the secret key may involve the transmitter encrypting a message with the secret key and transmitting the encrypted message to the receiver. The receiver may decrypt the encrypted message with its secret key. If the decrypted message is intelligible, then the legitimate users generated the same secret key). It would have been obvious to one of ordinary skill in the art at the time before the effective filling date of the claimed invention to modify the teaching, taught by Ginzboorg, to include receiving a second message comprising a third authentication code and indicating successful key establishment when the third authentication code is equal to the second authentication code, as taught by Ly. This would be convenient for securing wireless communications (Ly, Col. 1 lines 7-8). Claim 16. Ginzboorg discloses a method performed by a second endpoint device, the method comprising: receiving a first training sequence including a first authentication code from a first endpoint device (See Parag. [0114]; having computed the first message authentication code, here called MAC 1, the mobile device 120 may embed the MAC 1 into a first Training Sequence (here called TS 1) in an action 207. The first training sequence, comprising the computed MAC 1 (a first authentication code) is then transmitted in action 208, from the mobile device 120 (first endpoint) to be received by the node 110); generating a security key using channel information of a wireless channel by inputting a plurality of quantized channel parameters to a key derivation function (See Parag. [0107-0108]; node 110 and the mobile device 120 are sharing a cryptographic key, for example a symmetric key. That is, the node 110 and the mobile device 120 both have knowledge of an identical sequence of zeroes and ones that is kept secret and thus unknown for any third party... The node 110 (first endpoint) generates a nonce in action 203. The nonce may be a random number, a pseudo-random number, a non-repeatable number, a non-predictable number or similar. Typically, the nonce (and by the way also the shared cryptographic key of the authentication protocol) may be generated with a cryptographic pseudo-random number generator. The output of a cryptographic pseudo-random number generator should approximate a sequence of true random bits; and in addition it should be unpredictable and not be reused, in order to avoid a replay attack. See also Parag. [0150]. Examiner’s note: Cryptographic pseudo-random number generators (CSPRNGs) generate secret keys in wireless by expanding a small, truly random initial "seed" (gathered from environmental noise like radio interference) into a long, unpredictable stream of bits); validating the first authentication code using the generated security key; indicating successful key establishment in response to successful validation of the first authentication code (See Parag. [0120]; when the node 110 receives the combined TS 1 and MAC 1 from the mobile device 120, i.e. the response to the previously transmitted challenge, a comparison may be made between the received MAC 1 and the locally computed MAC 2 by the node 110, using the shared cryptographic key, in action 212. See Parag. [0124]; when only the node 110 and the mobile device 120 know the shared cryptographic key, and the received MAC 1 corresponds to the computed MAC 2, the node 110 with certainty could establish that the mobile device 120 actually is the mobile device 120); computing a second authentication code over a second training sequence (See Parag. [0110]; the node 110 may indicate for the mobile device 120, e.g. in the message transmitted in action 204, that it expects to authenticate the mobile device 120 using the training sequence in a future transmission. See Parag. [0119]; the node 110 may determine the cryptographic key shared with the mobile device 120 in action 209. Using the determined cryptographic key, the node 110 may compute a second message authentication code (here called MAC 2) (a second authentication code) over the previously generated nonce, in action 210. See Parag. [0120]; The computed MAC 2 may then be embedded into a second training sequence (TS 2) (a second Training Sequence) in action 211 by the node 110). Ginzboorg doesn’t explicitly disclose transmitting, to the first endpoint device, a response message comprising the second authentication code. However, Ly discloses transmitting, to the first endpoint device, a response message comprising the second authentication code (See Col. 13 lines 23-29; a secret key verification procedure is to use a hash function. In particular, after the transmitter obtains its secret key, the transmitter may compute a hash value for the secret key, and send the hash value to the receiver. The receiver may verify whether its own hash value is similar to the hash value received from the value). It would have been obvious to one of ordinary skill in the art at the time before the effective filling date of the claimed invention to modify the teaching, taught by Ginzboorg, to include sending a response message including the second authentication code, as taught by Ly. This would be convenient for securing wireless communications (Ly, Col. 1 lines 7-8). Claim 17. The applicant is directed to the rejections to claim 2 set forth above, as it is rejected based on the same rationale. Claim 18. The applicant is directed to the rejections to claim 4 set forth above, as it is rejected based on the same rationale. Claim 19. The applicant is directed to the rejections to claim 14 set forth above, as it is rejected based on the same rationale. Claim 20. The applicant is directed to the rejections to claim 15 set forth above, as it is rejected based on the same rationale. Conclusion The prior art made of record and not relied upon is considered pertinent to applicant's disclosure (see PTO-form 892). The following Patents and Papers are cited to further show the state of the art at the time of Applicant’s invention with respect to key establishment using wireless channel information. Gan et al. (Pub. No. US 2026/0046623); “Communication Methods and Communication Devices;” Teaches a method comprises: on the basis of a shared key, a first device generates a first key; the first device receives a second random number of a second device; on the basis of the first key, the first device generates first authentication information of the first device; and the first device sends a first message to the second device, the first message comprising the first authentication information, and the first authentication information being generated according to one or more of the following information: device information, service-related information, an identifier of a device forwarding the first message, and a first random number and a second random number of the first device. (see Abstract). THIS ACTION IS MADE FINAL. Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a). A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. Any inquiry concerning this communication or earlier communications from the examiner should be directed to GHIZLANE MAAZOUZ whose telephone number is (571)272-8118. The examiner can normally be reached Telework M-F 7:30-5 PM. Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Philip J Chea can be reached on 571-272-3951. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. /GHIZLANE MAAZOUZ/Examiner, Art Unit 2499 /PHILIP J CHEA/Supervisory Patent Examiner, Art Unit 2499