DETAILED ACTION
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Information Disclosure Statement
The information disclosure statement (IDS) submitted by applicant dated 05/23/2024 has been considered by the examiner.
Claim Rejections - 35 USC § 101
35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.
Claims 12 and 15 are rejected under 35 U.S.C. 101 because the claimed invention is directed to non-statutory subject matter.
As per claims 12 and 15, the claims recite a computer program which is software, which does not fall under one of the four statutory categories.
Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis (i.e., changing from AIA to pre-AIA ) for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
Claims 1-2 and 9-12 are rejected under 35 U.S.C. 103 as being unpatentable over Belapurkar et al. US 2003/0070069 (hereinafter Belapurkar), in view of Nixon et al. US 2016/0043866 (hereinafter Nixon).
As per claim 1, Belapurkar teaches a first apparatus associated with a system including a machine, the first apparatus comprising: at least one processor; at least one memory including computer program code; and a first storage configured to store a first symmetric cryptographic key established and shared between the machine of the system and a backend system (Belapurkar paragraph [0040], shared secret key);
the at least one memory and the computer program code being configured to, with the at least one processor, cause the first apparatus at least to: receive a user identifier uniquely associated with a user (Belapurkar paragraph [0041], receive user id);
derive a second symmetric cryptographic key specific at least to the user based at least on the received user identifier and the stored first symmetric cryptographic key (Belapurkar paragraph [0041]-[0044], derive data based on the user id and the shared secret key);
attempt to authenticate the user to the machine of the system based at least on the derived second symmetric cryptographic key (Belapurkar paragraph [0045], [0047]-[0050], attempt to authenticate user based on the derived data); and
in response to successfully authenticating the user, grant the user access to the machine of the system (Belapurkar paragraph [0050]-[0051], provide access).
Belapurkar does not explicitly disclose industrial machine of an industrial system;
store a key when commissioning the industrial machine, the key being specific to the industrial system.
Nixon teaches industrial machine of an industrial system (Nixon Fig. 1, paragraph [0039], [0044]-[0045], industrial machine of an industrial system);
store a key when commissioning the industrial machine, the key being specific to the industrial system (Nixon paragraph [0131], provisioning key to device).
Thus it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to substitute the devices of the invention of Belapurkar with the industrial devices of Nixon because the results would have been predictable and resulted in authenticating and granting access to an industrial machine of an industrial system. It would have also been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the invention of Belapurkar of having a shared secret with the teachings of Nixon to include provisioning a key to a device during manufacturing because the results would have been predictable and resulted in the shared key being provisioned to the industrial machine during manufacturing of the machine.
As per claim 2, Belapurkar in view of Nixon teaches the first apparatus according to claim 1, wherein the authentication of the user based at least on the derived second symmetric cryptographic key comprises at least one of: authentication based on using the derived second symmetric cryptographic key as a password in a password -based authentication protocol, authentication based on using the derived second symmetric cryptographic key as a basis for determining a password for a password -based authentication protocol, authentication based on using the derived second symmetric cryptographic key in transport level security, TLS, authentication, or authentication based on using the derived second symmetric cryptographic key in determining a token or an authentication header for a HTTPS REST API call (Belapurkar paragraph [0045], [0050], authenticate user based on derived data).
As per claim 9, Belapurkar in view of Nixon teaches the first apparatus according to claim 1, wherein the industrial system comprises includes an operational technology, OT, system (Nixon Fig. 1, paragraph [0039], [0044]-[0045]).
As per claim 10, Belapurkar in view of Nixon teaches the first apparatus according to claim 1, wherein the industrial system comprises an off-line industrial system (Nixon Fig. 1, paragraph [0039], [0044]-[0045], [0097], [0126]).
As per claims 11 and 12, the claims claim a method and a program essentially corresponding to the apparatus claim 1 above, and they are rejected, at least for the same reasons.
Claim 3 is rejected under 35 U.S.C. 103 as being unpatentable over Belapurkar in view of Nixon, and further in view of Schuberth USPN 11,805,128.
As per claim 3, Belapurkar in view of Nixon teaches the first apparatus according to claim 1, wherein the authentication of the user based at least on the derived second symmetric cryptographic key comprises authentication based on using the derived second symmetric cryptographic key (Belapurkar paragraph [0045], [0050], authenticate user based on derived data).
Belapurkar in view of Nixon does not explicitly disclose challenge-response authentication.
Schuberth teaches challenge-response authentication (Schuberth col 5 lines 30-35, col 5 line 59 – col 6 line 2, challenge response authentication).
Thus it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the invention of Belapurkar in view of Nixon of authenticating a user with the teachings of Schuberth to include a challenge response authentication in order to enhance the security of the system by providing an additional authentication of the user based on a challenge and response.
Claims 6-8 are rejected under 35 U.S.C. 103 as being unpatentable over Belapurkar in view of Nixon, and further in view of Ramesh Kumar et al. US 2019/0386981 (hereinafter Ramesh Kumar).
As per claim 6, Belapurkar in view of Nixon teaches the first apparatus according to claim 1, the second symmetric cryptographic key (Belapurkar paragraph [0041]-[0044], derive data based on the user id and the shared secret key).
Belapurkar in view of Nixon does not explicitly disclose wherein data is derived based additionally on contextual information.
Ramesh Kumar teaches wherein data is derived based additionally on contextual information (Ramesh Kumar paragraph [0039], derive data based on shared secret and time).
Thus it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the invention of Belapurkar in view of Nixon of deriving data based on a user id and a shared secret with the teachings of Ramesh Kumar to include deriving data based on a shared secret and time in order to include a validity period for the derived data.
As per claim 7, Belapurkar in view of Nixon and Ramesh Kumar teaches the first apparatus according to claim 6, wherein the contextual information comprises at least one of a validity period for the second symmetric cryptographic key or a role for the user (Belapurkar paragraph [0041]-[0044], derive data based on the user id and the shared secret key; Ramesh Kumar paragraph [0039], derive data based on shared secret and time).
As per claim 8, Belapurkar in view of Nixon and Ramesh Kumar teaches the first apparatus according to claim 7, wherein the derived second symmetric cryptographic key is additionally specific at least to the validity period or the role, respectively (Belapurkar paragraph [0041]-[0044], derive data based on the user id and the shared secret key; Ramesh Kumar paragraph [0039], derive data based on shared secret and time).
Claims 13-15 are rejected under 35 U.S.C. 103 as being unpatentable over Kumar et al. US 2022/0141212 (hereinafter Kumar), in view of Belapurkar et al. US 2003/0070069 (hereinafter Belapurkar) and Nixon et al. US 2016/0043866 (hereinafter Nixon).
As per claim 13, Kumar teaches a second apparatus associated with a backend system, the second apparatus comprising: at least one processor; at least one memory including computer program code; and a second storage configured to store data (Kumar Fig. 1, Fig. 5, paragraph [0018], [0024]);
an industrial machine of an industrial system (Kumar Fig. 1, paragraph [0018]);
the at least one memory and the computer program code configured to, with the at least one processor, cause the second apparatus at least to: obtain a user identifier uniquely associated with a user (Kumar paragraph [0032]-[0033], obtain user id);
derive a symmetric cryptographic key specific at least to the user (Kumar paragraph [0034], derive data); and
provide the user access to the derived symmetric cryptographic key (Kumar paragraph [0036], provide derived data to user).
Kumar does not explicitly disclose a first symmetric cryptographic key established and shared between machine of system and a backend system;
derive a second symmetric cryptographic key specific at least to user based at least on obtained user identifier and the stored first symmetric cryptographic key.
Belapurkar teaches a first symmetric cryptographic key established and shared between machine of system and a backend system (Belapurkar paragraph [0040], shared secret key);
derive a second symmetric cryptographic key specific at least to user based at least on obtained user identifier and the stored first symmetric cryptographic key (Belapurkar paragraph [0048]-[0050], derive data based on user id and shared secret).
Thus it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the invention of Kumar of deriving data with the teachings of Belapurkar to include a shared secret and deriving data based on a user id and the shared secret in order to enhance the security of the system and increase the entropy of the derived data by deriving the data based on the plurality inputs.
Kumar in view of Belapurkar does not explicitly disclose store a key when commissioning industrial machine, key being specific to the industrial system.
Nixon teaches store a key when commissioning industrial machine, key being specific to the industrial system (Nixon paragraph [0131], provisioning key to device).
Thus it would have also been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the invention of Kumar in view of Belapurkar of having a shared secret with the teachings of Nixon to include provisioning a key to a device during manufacturing because the results would have been predictable and resulted in the shared key being provisioned to the industrial machine during manufacturing of the machine.
As per claims 14 and 15, the claims claim a method and a program essentially corresponding to the apparatus claim 13 above, and they are rejected, at least for the same reasons.
Allowable Subject Matter
Claims 4-5 are objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims.
Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to HENRY TSANG whose telephone number is (571)270-7959. The examiner can normally be reached M-F 9am - 5pm EST.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Farid Homayounmehr can be reached at (571) 272-3739. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/HENRY TSANG/Primary Examiner, Art Unit 2495