Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
DETAILED ACTION
Claims 1-9 and 15-16 are presented for examination.
Notice for all Patent Application as subject to AIA
In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
Claim Objections
Claims 1-9 are objected to because of the following informalities: Claims 1-9 contain the symbols to identifying the network elements, which are not proper for claim structure. Appropriate corrections are required.
Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b) CONCLUSION. The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.
The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph: The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.
Claims 1-9 and 15-16 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor, or for pre-AIA the applicant regards as the invention.
Claim 1 recites the limitations “the authentication” and “the session key”; claim 2 recites the limitations " the random information”, “the information exchange”, “the session key”, and “this key”; claim 3 recites the limitations " the secret device key”, “the device key”, “the session key”, and “the first signature”; claim 4 recites the limitation “the device key”; claim 5 recites the limitation “the session key”; claim 7 recites the limitations " the set of authentication parameters”, “the authentication result”, and “the session key”; and claim 8 recites the limitation “the group key”. There is insufficient antecedent basis for these limitations in the claims.
Claims 15-16 recite the limitation “…device, being configured to perform the method of claim 1 or claim 6,…acting as a node of the network,” which is an apparatus claim and dependent on a method claims 1 and 6; and the method of steps are not positively recited in the claims 15-16, which are intended processes/steps for claimed invention; therefore, the claims 15-16 are being indefinite for failing to particularly point out and distinctly claim the subject matter which applicant regards as the invention.
Other dependent claims, which are not specifically cited above are also rejected because of the deficiencies of their respective parent claims.
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
This application currently names joint inventors. In considering patentability of the claims the examiner presumes that the subject matter of the various claims was commonly owned as of the effective filing date of the claimed invention(s) absent any evidence to the contrary. Applicant is advised of the obligation under 37 CFR 1.56 to point out the inventor and effective filing dates of each claim that was not commonly owned as of the effective filing date of the later invention in order for the examiner to consider the applicability of 35 U.S.C. 102(b)(2)(C) for any potential 35 U.S.C. 102(a)(2) prior art against the later invention.
Claims 1-9 and 15-16 are rejected under AIA 35 U.S.C. 103 as being un-patentable over Sharp et al (U.S. Patent Application Publication No. 2023/0024967 A1) in view of Tardo et al (U.S. Patent Application Publication No. 2003/0233539 A1).
As to claim 1, Sharp et al teach a method of establishing a cryptographic session key for protecting a communication between nodes in a communication network (NW), the method being performed by a device acting as a first node, D, of the network (NW) and comprising: performing a mutual authentication with a trusted authentication service, AS, the authentication involving sending to AS authentication information for authenticating D, and receiving from AS authentication information for authenticating AS (figures 1 & 2s, pars. 0027-0032, providing authentication service to the network nodes).
However, Sharp et al do not explicitly teach that creating a secure cryptographic session key using authentication parameters and using the session key to protect data communication between network nodes.
Tardo et al teach a method of establishing a cryptographic session key for protecting a communication between nodes in a communication network comprising the steps of: creating a secure cryptographic session key using authentication parameters (AP; AP') resulting from the authentication and a cryptographic key (KCDU; KGDU) associated with D and known to AS; and using the session key (Ksu; KGSU) to protect subsequent actual data communication between D and one or more second nodes, C, of the network (NW) (figure 3, pars. 0038-0042, generating and using session key to protect network devices).
It would have been obvious to one of ordinary skill in the art before the effective filling date of the claimed invention to incorporate the teaching of Tardo et al as stated above with the method of Sharp et al for generating and using session key to protect network devices because it would have improved cryptographic operations and provided protection to the network devices by increasing network device security.
As to claim 2, Tardo et al teach that performing the mutual authentication with AS comprises: using a challenge-response based mutual entity authentication protocol, the authentication involving an exchange between D and AS of information enabling each of AS and D to construct the authentication parameters (AP) based thereon, the authentication parameters (AP) representing a unique identifier (IDD) of D and a unique identifier (IDAS) of AS, a use case identifier (U) of a use case for which the session key (Ksu; KGSU) is to be established, first random information (RD) generated by D and communicated to AS, and second random information (RAS) received by D from AS, the random information being included in the information exchanged between D and AS to enable the construction of the authentication parameters, wherein D has a unique symmetric secret device key (KD) and this key or a reference to this key when stored
externally, and the respective unique identifiers (IDD; IDAS) of D and AS are known to each of D and AS; and storing the authentication parameters (AP; AP') including a result (Rslt) of the authentication, the result (Rslt) indicating whether the authentication was successful (figures 3-4, pars. 0037-0040, 0049-0051).
It would have been obvious to one of ordinary skill in the art before the effective filling date of the claimed invention to incorporate the teaching of Tardo et al as stated above with the method of Sharp et al for generating and using session key and random information exchanged between network devices to protect network devices because it would have improved cryptographic operations and provided protection to the network devices by increasing network device security.
As to claim 3, Sharp et al teach that receiving via the network from a second node, C, of the network a request for establishing a secure cryptographic session key (Ksu) being specific to the use case identified by the use case identifier, the request comprising supporting information including the identifier of D and an identifier of C, the use case identifier, and a first cryptographic signature (SAPD) obtainable by applying a defined pseudo-random function (PRF) keyed with the secret device key (KD) and using the authentication parameters (AP) and the identifier (IDc) of C as inputs; verifying the request based on the supporting information and the device key (KD) of D, the verification including checking a validity of the first signature (SAPD) and comparing the authentication parameters retrieved from the supporting information with the authentication parameters previously stored; and proceeding with creating the session key (Ksu) only when the verification confirms both the validity of the first signature (SAPD) and the identity of the retrieved application parameters with the previously stored application parameters (figures 2A-2B, pars. 0037-0048).
As to claim 4, Sharp et al teach that creating the secure cryptographic session key comprises: deriving a use-case-specific key (Kcdu) of C using the device key (KD) of D, the stored authentication parameters, and the identifier (IDc) of C received in the supporting information; and deriving from the obtained use-case-specific key (Kcdu) of C and the stored authentication parameters the session key (Ksu) specifically for the use case identified by the use case identifier (U) (figures 1 & 2s, pars. 0024, 0027, 0042, 0046).
As to claim 5, Sharp et al teach that the request further comprises a counter, Cnt with Cnt = N + 1, wherein N indicates a total number N of authentications performed in the past; the authentication parameters are defined SO as to include a representation of Cnt; and D uses Cnt for creating the session key (pars, 0027 & 0030, considered previous authentication/verification procedures).
As to claim 6, Sharp et al teach a method of establishing a cryptographic session key for protecting a communication between nodes in a communication network, the method being performed by a device acting as a second node, C, of the network and comprising: registering C with a trusted authentication service, AS, for a specific use case, the registration involving receiving a cryptographic client key, KCDU, from AS, the client key being specifically associated with C and with the use case; receiving authentication parameters, AP, related to a mutual authentication of a first node D of the network to AS (figures 1 & 2s, pars. 0025-0032, providing authentication service to the network nodes, which accounts verify by the manager).
However, Sharp et al do not explicitly teach that creating a secure cryptographic session key using authentication parameters and using the session key to protect data communication between network nodes.
Tardo et al teach a method of establishing a cryptographic session key for protecting a communication between nodes in a communication network comprising the steps of: creating a secure cryptographic session key, Ksu, independently of D, using AP and KCDU; and using Ksu to protect subsequent actual data communication between C and D (figure 3, pars. 0038-0042, generating and using session key to protect registered or account verified network devices).
It would have been obvious to one of ordinary skill in the art before the effective filling date of the claimed invention to incorporate the teaching of Tardo et al as stated above with the method of Sharp et al for generating and using session key to protect network devices because it would have improved cryptographic operations and provided protection to the network devices by increasing network device security.
As to claim 7, Sharp et al teach that receiving a token from AS, the token comprising: the set of authentication parameters, AP, related to the mutual authentication of D with AS, a first cryptographic signature, SAPD, signing with a unique symmetric secret device key, KD, associated with D, information representing both AP and an identifier of C, IDc, and a second cryptographic signature, SAPC, signing with KCDU information comprising both AP and IDc; verifying the validity of SAPC using KCDU and IDc; and when SAPC is found to be valid and the authentication result, Rslt, contained in the received AP is True, deriving the session key Ksu using KCDU and the authentication parameters (AP) contained in TCDU as follows: Ksu = HMACKCDU (IDc||IDD||L) with label L = where Rslt is True or False and indicates the result of the mutual authentication between D and AS (figure 1, pars. 0027, 0029, 0078).
As to claims 8-9, Tardo et al teach that registering C with AS for a specific use case further comprises receiving from AS a one-to-many use-case- specific group key (KGDU) for enabling a subsequent creation of a group session key at multiple second nodes C belonging to a group, G, for protected one-to-many communication between D and the one or more second nodes C in the group, the group key (KGDU) being specifically associated with the use case; and further teach that receiving a token, EAP, from AS, the token being encrypted, keyed with KCDU, and representing: identifiers of each of C, D, G, AS, and the use case; first random information generated by D and communicated to AS; and second random information communicated by AS to D, the random information being included in the information exchanged between D and AS to enable the construction of the authentication parameters during their mutual authentication; and a result of the mutual authentication; and using the received token to derive based thereon the group session key (figures 4-5, pars. 0046-0052).
It would have been obvious to one of ordinary skill in the art before the effective filling date of the claimed invention to incorporate the teaching of Tardo et al as stated above with the method of Sharp et al for generating and using session key and random information exchanged between network devices to protect network devices because it would have improved cryptographic operations and provided protection to the network devices by increasing network device security.
As to claims 15-16, they are also rejected for the same reasons set forth to rejecting claims 1 and 6 above, since claims 15-16 are merely an apparatus for the method of operations defined in the claims 1 and 6, and claims 15-16 do not teach or define any new limitations than above rejected claims 1 and 6.
Additional References
The examiner as of general interest cites the following references.
a. Bahr et al, U.S. Patent Application Publication No. 2016/0269231 A1.
b. Wood et al, U.S. Patent No. 6,892,307 B1.
c. Purpura, U.S. Patent No. 6,421,768 B1.
Content Information
Any inquiry concerning this communication or earlier communications from the examiner should be directed to Bharat Barot whose telephone number is (571)272-3979. The examiner can normally be reached on 7:00AM-3:30PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Kamal B Divecha can be reached on (571)272-5863. The fax phone number for the organization where this application or proceeding is assigned is (571)273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system. Status information for published applications may be obtained from either Private PAIR or Public PAIR. Status information for unpublished applications is available through Private PAIR only. For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/BHARAT BAROT/Primary Examiner, Art Unit 2453June 18, 2026