Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.

DETAILED ACTION
This is in response to applicant’s amendment filed on 12/01/2020 for Application #16/144,251 filed on 09/27/2018 in which claims 13-19, 24-39 are pending, Claims 1-12, 20-23 are canceled, New Claims 26-39 have been added.

Status of Claims
Claims 13-19, 24-39 are pending, of which Claims 13-19, 26, 30-33, 37-39 are rejected under 35 U.S.C. 103, Claims 24-25 are withdrawn from consideration due to restriction election, Claims 27-29, 34-36 are objected to as being allowable as a whole under prior art if rewritten in independent form including all of the limitations of their base claim and any intervening claims as well as addressing any additional issues described below. 

Prior Art Rejections - 35 USC § 102 and/or 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains.  Patentability shall not be negated by the manner in which the invention was made.

This application currently names joint inventors. In considering patentability of the claims the examiner presumes that the subject matter of the various claims was commonly owned as of the effective filing date of the claimed invention(s) absent any evidence to the contrary.  Applicant is advised of the obligation under 37 CFR 1.56 to point out the inventor and effective filing dates of each claim that was not commonly owned as of the effective filing date of the later invention in order for the examiner to consider the applicability of 35 U.S.C. 102(b)(2)(C) for any potential 35 U.S.C. 102(a)(2) prior art against the later invention.

(s) 13-19, 26, 30-33, 37-39 are rejected under 35 U.S.C. 103 as being unpatentable over KANCHARLA et al. US Patent Application Publication No. 2015/0358161 in view of Norum US Patent No. 10,305,906.

Regarding Claim 13, KANCHARLA et al. discloses:
A computer program product, the computer program product comprising a computer readable storage medium having program instructions embodied therewith, the program instructions executable by a computer device to cause the computer device to: federate a proxy hardware security module from a physical hardware security module; store the proxy hardware security module [(KANCHARLA et al. Abstract Lines 1-3; Par 21 Lines 8-9; Fig 4 Items 402) where KANCHARLA et al. teaches the federating, copying, or duplicating of a physical hardware security module to a backup or proxy hardware security module stored in a cloud];

KANCHARLA et al. does not appear to explicitly disclose:
receive a first one of a plurality of periodic identifying communications from the physical hardware security module; and erase the proxy hardware security module as a result of the computer device not receiving a second one of the plurality of periodic identifying communications

However, Norum discloses:
receive a first one of a plurality of periodic identifying communications from the physical hardware security module; and erase the proxy hardware security module as a result of the computer device not receiving a second one of the plurality of periodic identifying communications [(Norum Column 5 Lines 33-42) where Norum teaches that if periodic identifying or regular heartbeat communications between the hardware security module and computer device are not received or sent as expected that the hardware security module is zeroized or erased].

KANCHARLA et al. and Norum are analogous art because they are from the “same field of endeavor” and are from the same “problem-solving area,”.  Namely, they are both from the field of “information security”.

It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of KANCHARLA et al. and the teachings of Norum by providing if periodic identifying or regular heartbeat communications between the hardware security module and computer device are not received or sent as expected that the hardware security module is zeroized or erased as taught by Norum in the teaching described by KANCHARLA et al.
The motivation for doing so would be to increase the usability and flexibility of KANCHARLA et al. by providing if periodic identifying or regular heartbeat communications between the hardware security module and computer device are not received or sent as expected that the hardware security module is zeroized or erased as taught by Norum in the teaching described by KANCHARLA et al. so as to provide a way to zeroize or erase the hardware security module if the system is compromised.

Regarding Claim 14, most of the limitations of this claim have been noted in the rejection of Claim 13.  Applicant is directed to the rejection of Claim 13 above.  In addition, the combination of KANCHARLA et al. and Norum discloses:
The computer program product of claim 13, wherein the program instructions executable by the computer device cause the computer device to erase the proxy hardware security module as a result of the computer device not receiving a predetermined number of successive ones of the plurality of periodic identifying communications [(Norum Fig 5 Item 508) where Norum teaches that upon receiving an additional threshold number of late/invalid heartbeats, indicating that the expected successive heartbeats were not received, to zeroize or erase the hardware security module].

Regarding Claim 15, most of the limitations of this claim have been noted in the rejection of Claim 13.  Applicant is directed to the rejection of Claim 13 above.  In addition, the combination of KANCHARLA et al. and Norum discloses:
The computer product of claim 13, wherein the program instructions executable by the computer device allow changes to the computer device only as a result of the computer device receiving approval of the changes from the physical hardware security module [(KANCHARLA et al. Par 22 Lines 1-14) where KANCHARLA et al. teaches that once the key management and crypto operations of web service providers or the computer device are offloaded to the hardware security module, they can’t be changed or altered by the web service providers or computer device].

Regarding Claim 16, most of the limitations of this claim have been noted in the rejection of Claim 13.  Applicant is directed to the rejection of Claim 13 above.  In addition, the combination of KANCHARLA et al. and Norum discloses:
The computer product of claim 13, wherein the program instructions executable by a computer device cause the computer device to federate secret material from the physical hardware security module [(KANCHARLA et al. Par 21 Lines 18-24)] .

Regarding Claim 17, most of the limitations of this claim have been noted in the rejection of Claim 16.  Applicant is directed to the rejection of Claim 16 above.  In addition, the combination of KANCHARLA et al. and Norum discloses:
The computer product of claim 16, wherein the secret material is an encryption key [(KANCHARLA et al. Par 21 Lines 18-24)].

Regarding Claim 18:
It is a system claim corresponding to the program product claim of claim 13.  Therefore, claim 18 is rejected with the same rationale as applied against claim 13 above.
In addition, Claim 18 discloses:
a processor, a computer readable memory, and a computer readable storage medium containing program instructions executed by the processor [(KANCHARLA et al. Par 85 Lines 1-21)].

Regarding Claim 19:
It is a system claim corresponding to the program product claim of claim 14.  Therefore, claim 19 is rejected with the same rationale as applied against claim 14 above.

Regarding Claim 26, most of the limitations of this claim have been noted in the rejection of Claim 13.  Applicant is directed to the rejection of Claim 13 above.  In addition, the combination of KANCHARLA et al. and Norum discloses:
The computer program product of claim 13, wherein the erasing of the proxy hardware security module results from the computer device not receiving a predetermined number of the plurality of periodic identifying communications within a predetermined period of time [(Norum Column 5 Lines 17-32) where Norum teaches that if periodic identifying or regular heartbeat communications between the hardware security module and computer device are not received or sent a threshold number of times within an established time period as expected, that the hardware security module is zeroized or erased].

Regarding Claim 30:
It is a program product claim corresponding to the program product claim of claim 16.  Therefore, claim 30 is rejected with the same rationale as applied against claim 16 above.

Regarding Claim 31, most of the limitations of this claim have been noted in the rejection of Claim 13.  Applicant is directed to the rejection of Claim 13 above.  In addition, the combination of KANCHARLA et al. and Norum discloses:
The computer program product of claim 13, wherein the federating comprises creating the proxy hardware security module as a virtual copy of the physical hardware security module [(KANCHARLA et al. Par 21 Lines 8-18) where KANCHARLA et al. teaches that each partition of the entire hardware security module is copied as a virtual proxy copy of the entire hardware security module over the network, partition by partition, of the entire hardware security module.

Regarding Claim 32, most of the limitations of this claim have been noted in the rejection of Claim 31.  Applicant is directed to the rejection of Claim 31 above.  In addition, the combination of KANCHARLA et al. and Norum discloses:
The computer program product of claim 31, wherein the federating comprises creating the proxy hardware security module in a cloud computing environment.  [(KANCHARLA et al. Par 22 Lines 1-15 where KANCHARLA et al. teaches that the proxy hardware security modules are created in a could based system or environment].

Regarding Claim 33:
It is a system claim corresponding to the program product claim of claim 26.  Therefore, claim 33 is rejected with the same rationale as applied against claim 26 above.

Regarding Claim 37:
It is a system claim corresponding to the program product claim of claim 16.  Therefore, claim 37 is rejected with the same rationale as applied against claim 16 above.

Regarding Claim 38:
It is a system claim corresponding to the program product claim of claim 31.  Therefore, claim 38 is rejected with the same rationale as applied against claim 31 above.

Regarding Claim 39:
It is a system claim corresponding to the program product claim of claim 32.  Therefore, claim 39 is rejected with the same rationale as applied against claim 32 above.

Allowable Subject Matter
Claims 27-29, 34-36 are objected to as being dependent upon a rejected base claim, but would be allowable as a whole under prior art if rewritten in independent form including all of the limitations of their base claim and any intervening claims as well as addressing any additional issues described above.

The following is a statement of reasons for the indication of allowable subject matter.  The examiner has found that the prior art of record does not teach, suggest, or render obvious:
The computer program product of claim 13, wherein the program instructions executable by the computer device cause the computer device to: permit a binding of the proxy hardware security module to the physical hardware security module; and permit the physical hardware security module to prevent any subsequent binding of the computer device to the physical hardware security module; The computer program product of claim 27, wherein the program instructions executable by the computer device cause the computer device to federate, during the binding, an encryption key from the physical hardware security module; The computer program product of claim 27, wherein the program instructions executable by the computer device cause the computer device to provide, during the binding, an encryption key to the proxy hardware security module; The system of claim 18, further comprising program instructions to permit a binding of the proxy hardware security module to the physical hardware security module, and permit the physical hardware security module to prevent any subsequent binding of the computer device to the physical hardware security module; The system of claim 34, further comprising program instructions to federate, during the binding, an encryption key from the physical hardware security module; The system of claim 34, further comprising program instructions to provide, during the binding, an encryption key to the proxy hardware security module.

As recited in dependent Claims 27-29, 34-36 when also incorporating all of the limitations of the base claim and any intervening claims as well as addressing any additional issues described above.

Response to Arguments
Applicant’s arguments filed 12/01/2020 have been fully considered but are not fully persuasive.

On Pages 8-10 of the Applicant’s Response, applicant argues that the combination of KANCHARLA et al. and Norum in the rejection of Claim 13, and similarly of Claim 18 does not teach: “erase the proxy hardware security module as a result of the computer device not receiving a second one of the plurality of periodic identifying communications”.
The examiner respectfully disagrees with applicant’s arguments.  Norum teaches that if periodic identifying or regular heartbeat communications between the hardware security module and computer device are not received or sent as expected that the hardware security module is zeroized or erased at [(Norum Column 5 Lines 33-42).  This clearly covers the limitations of “erase the proxy hardware security module as a result of the computer device not receiving a second one of the plurality of periodic identifying communications”, as argued by applicant.
In this case, the examiner notes that the applicant seems to strongly feel that the zeroing of Norum is not the same as the erasing of the instant invention.  The examiner can easily see why that might appear to be the case to someone that is not of ordinary skill in the art.  But the examiner maintains that in this case, due to the broad wording of the claim, the word zeroing or zeroized would be interpreted as a direct synonym to the word erase erasing, to one of ordinary skill in the art.  In this case, since the examiner himself spent 29 years working in the computer industry before coming to the USPTO, with the majority of that time involved in the development and design of embedded systems, the examiner has heard first hand, scores of engineers of ordinary skill in the art using the words, zeroed and erased, interchangeably, as a direct synonym.  If in applicant’s invention, if there is more detail in the specification on just how the erasing is done, it is possible that more detail can be added to the claim to overcome the prior art on this point, but for now, that is sadly not the case.
So in this case, as a result, the current 35 U.S.C. 103 rejections are maintained on Independent Claims 13 and 18.

On Pages 10-11 of the Applicant’s Response, applicants argue that since Independent Claims 13 and 18 are allowable, then dependent Claims 14-17, 19, 26-39, are allowable as well.
The examiner respectfully disagrees, because since 35 U.S.C. 103 rejections are maintained on Independent Claims 13 and 18, they are also maintained on dependent Claims 14-17, 19, 26-29, except for Claims 27-29, 34-36, these claims 27-29, 34-36 have been flagged in this action as allowable over prior art, provided that they are combined with all of their parent claims, and any other issues described above are addressed.

Since 35 U.S.C. 103 rejections are maintained on Independent Claims 13 and 18, they are also maintained on dependent Claims 14-17, 19, 26, 30-33, 37-39.

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.
Boenisch et al - US_20160105429: Boenisch et al. teaches the control of a Hardware Security Module.
Hamid - US_20130219164: Hamid teaches the use of a cloud based Hardware Security Module.

Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action.

Any inquiry concerning this communication or earlier communications from the examiner should be directed to BRADLEY HOLDER whose telephone number is 571-270-3789.  The examiner can normally be reached on Monday-Friday 10:00AM-7:00PM Eastern Time.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Yin-Chen Shaw can be reached on (571) 272-8593.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/BRADLEY W HOLDER/
Primary Examiner, Art Unit 2498