PNG
    media_image1.png
    172
    172
    media_image1.png
    Greyscale
United States Patent and Trademark Office    
        
            
                                
            
        
    

Commissioner for Patents
United States Patent and Trademark Office
P.O. Box 1450
Alexandria, VA 22313-1450
www.uspto.gov











BEFORE THE PATENT TRIAL AND APPEAL BOARD


Application Number: 15/500,530
Filing Date: 31 Jan 2017 
Appellant(s): Haber et al.



__________________
Dan C. Hu
(Reg. No. 40,025)
For Appellant


EXAMINER’S ANSWER





This is in response to the appeal brief filed 11/13/2020 appealing from the Office Action mailed on 08/04/2020.
(1) Grounds of Rejection to be Reviewed on Appeal
Every ground of rejection set forth in the Office action dated 08/04/2020 from which the appeal is taken is being maintained by the examiner except for the grounds of rejection (if any) listed under the subheading “WITHDRAWN REJECTIONS.”  New grounds of rejection (if any) are provided under the subheading “NEW GROUNDS OF REJECTION.”

(2) Response to Argument
Rejection under 35 U.S.C. § 103
Appellant Argues: Gebotys and Li fail to teach “forwarding the masked version of the master key from the first computing device to a key manager computing device,” and “responsive to the forwarding of the masked version of the master key, receiving a new mask from the key manager computer device,” and “obtaining a masked version of the master key by performing an operation on the master key and the random mask, the operation selected from among an exclusive of (XOR), a multiplication, or a division.” Appeal Br. at 7, 10. 
Examiner’s Response:  The examiner disagrees with the appellant. Regarding “forwarding the masked version of the master key from the first computing device to a key manager computing device,” and “responsive to the forwarding of the masked version of the master key, receiving a new mask from the key manager computer device,” appellant argues that Li fails to teach “forwarding the masked version of the master key from the first computing device to a key manager device.” Id. at 9. 
The claim language above includes three concepts: a master key, transmit a masked version of the master key, and then receive a new mask. Gebotys discloses a “master key” and or a part of the master key) is repeatedly XOR masked.  See Gebotys FIG. 2, ¶¶ [0059], [0087] (“The example of the preferred embodiment illustrated in FIG. 1 includes a master key having 128 bits. FIG. 2 shows the manner in which masked key 102 is masked by the key encryption masks. The value of masked key 102 that would otherwise be used in the encryption process is effectively replaced by the output of exclusive or 110. In this manner, the masked key used in the encryption is defined with relation to the previous value of masked key 102. The new masked key value is state-dependent in this way.”). 
In addition, Li discloses “forwarding the masked version of the [master] key to a key manger.” See Li FIG. 1, ¶¶ [0021], [0028], [0082] (“In some embodiments, the set of obfuscated scripting resource source data is configured to include an encryption technique and an encryption key. [C]lient device 102, is configured to collect certain client-related parameters, encrypt the collected client-related parameters using the encryption tools included in the set of obfuscated scripting resource source data, and send the encrypted client-related parameters to server 104. In some embodiments, the set of scripting resource source data can include a selected encryption key. For example, obfuscation parameters can include the substitute parameters (e.g., substitute variable names, substitute function names, substitute numerical values/mathematical expressions, loop structures used in statement sequence substitution, selected invalid code, encryption keys) and other data that are (e.g., randomly or otherwise) generated or selected in performing certain types of obfuscation techniques.”) (emphasis added). Accordingly, one or more obfuscation techniques can be selected, the client device can obfuscate an encryption key, or any other valuable data, and forward that obfuscated data to the server (i.e., a key manager server). 

Regarding “obtaining a masked version of the master key by performing an operation on the master key and the random mask, the operation selected from among an exclusive or (XOR), a multiplication, or a division,” Appellant’s argument focuses on the contention that masked key 102 in FIG. 2 is not a “masked version of the master key” but rather a “round key.” Appeal Brief at 12.  
However, appellant overlooks the fact that Gebotys teaches that the round key is generated from or is a part of the master key. See Gebotys ¶ [0059] (“The example of the preferred embodiment illustrated in FIG. 1 includes a master key having 128 bits. This master key is used to create 44 32-bit round keys (where the first 4 round keys is equivalent to the 128-bit master key according to the AES (or Rijndael) specification). In the example, the round keys are split into 8-bit parts (bytes), treating each with a specific mask. Within each AES round, there are 4 round keys and the masking scheme may utilize different byte masks within a round key, or different word masks of each round key.”) (emphasis added). Accordingly, appellant’s argument is unpersuasive and Gebotys teaches “obtaining a masked version of the master key by performing an operation on the master key and the random mask, the operation selected from among an exclusive or (XOR), a multiplication, or a division.”
In conclusion, the appellant’s argument is not persuasive and the rejection should be maintained.  

Appellant Argues: Gebotys and Li fail to teach “generate an ephemeral instantiation of the data processing instance to utilize the random mask and the data key to encrypt, decrypt, or authenticate the data; and utilize another ephemeral instantiation of a data processing instance that utilizes another random mask and another data key to encrypt, decrypt, or authenticate further data” of claim 6.  Appeal Br. at 13 (emphasis original).  
Examiner’s Response:  The examiner disagrees with the appellant. Li teaches a session dependent, instance-specific and random obfuscation parameters to conceal and/or to encrypt data.  See Li ¶ [0090] (“[T]he obfuscation parameters can be generated randomly, which allows for the production of different obfuscation results in different instances of obfuscating the same scripting resource source data.”) (emphasis added). Furthermore, Li explains such random obfuscation parameters are time-dependent (i.e., ephemeral).   Id. at ¶¶ [0096], [0098] (“The page request also establishes a session token for a new online session. An encryption token can be generated for the session token corresponding to the page request. In some embodiments, the encryption token is randomly generated.”) (emphasis added). 
Accordingly, Gebotys and Li teach “generate an ephemeral instantiation of the data processing instance to utilize the random mask and the data key to encrypt, decrypt, or authenticate the data; and utilize another ephemeral instantiation of a data processing instance that utilizes another random mask and another data key to encrypt, decrypt, or authenticate further data” of claim 6. In conclusion, the appellant’s argument is not persuasive and the rejection should be maintained.  


Appellant Argues: Gebotys and Li fail to teach “wherein the new mask is based on an XOR of a further randomly selected mask, the master key, and the random mask at the key manager computing device” of claim 16.  Appeal Br. at 14.  
Examiner’s Response:  The examiner disagrees with the appellant. Gebotys iteratively applies random masks to a master key and creates a state-dependent masked key. See Gebotys FIG. 2 and ¶¶ [0087] – [0088] (“FIG. 2 shows the manner in which masked key 102 is masked by the key encryption masks. The value of masked key 102 that would otherwise be used in the encryption process is effectively replaced by the output of exclusive or 110. In this manner, the masked key used in the encryption is defined with relation to the previous value of masked key 102. The new masked key value is state-dependent in this way. FIG. 2 also shows that the members of the set of key encryption masks 0 . . . n are able to be rotated as they are applied to masked key 102 (at exclusive or 110).”) (emphasis added). 
With respect to “virtual key management module,” the Appellant explains that “[t]he virtual key management module P, which may be in a system that is separate from a system that includes the data owner U, or which may be in the same system as the data owner U, may facilitate the maintenance of the various encryption keys across different instantiations A; of the data processing instance 104.” See Specification at ¶ [0028] (emphasis added). Accordingly, “the key manager computing device” can refer to a “virtual key management module” that executes on a user device or on a separate server computing device. Therefore, Gebotys teaches “wherein the new mask is based on an XOR of a further randomly selected mask, the master key, and the random mask at the key manager computing device” of claim 16.

Appellant Argues: In view of the patentability of independent claims 1, 11 and 20 and dependent claims 16, dependent claims 7, 12, 15, 17-19, and 21-22 are also patentable over the prior art for the reasons set forth above, as well as for the additional recitations contained therein. Appeal Br. at 15-16. 

Examiner’s Response:  The examiner disagrees for the reasons noted above, as the explanation explains how Gebotys in view of Li teach the argued features.
For the above reasons, it is believed that the rejections should be sustained.

Claim Chart (Claim 1 only)
Claim 1
Gebotys (US 20060256963)
Li (US 20140344569)
A non-transitory computer readable medium having stored thereon machine readable instructions that when executed cause at least a first computing device to: 
Gebotys ¶¶ [0041] – [0042], [0084]. In accordance with another aspect of the invention, there is provided a computing device including a memory medium for storing program code executable on the computing device, the memory medium of the computing device storing program code executable on the computing device for carrying out one or more of the above methods. [This method] is therefore well-suited to a mobile computing device implementation in which memory and power constraints are significant in cryptographic operations. [For “processor,” see also [0044]].). 

perform key splitting without using a homomorphic encryption technique, the key splitting comprising: 
Gebotys ¶¶ [0027] – [0028]. In accordance with another aspect of the invention, there is provided a computing device-implemented method for successively masking a key value, the successively masked values being for use in successive iterations of cryptographic operations utilizing a substitution table, the method including the initial steps of: splitting the key value into a set of split key values.

obtaining a master key; 
Gebotys FIG. 2, ¶ [0059]. The example of the preferred embodiment illustrated in FIG. 1 includes a master key having 128 bits.


obtaining a random mask; 

 Gebotys ¶ [0029]. [D]efining a set of random mask values.





obtaining a masked version of the master key by performing an operation on the master key and the random mask, the operation selected from among an exclusive or (XOR), a multiplication, or a division; 
Gebotys FIG. 2, ¶¶ [0059], [0087]. The example of the preferred embodiment illustrated in FIG. 1 includes a master key having 128 bits. This master key is used to create 44 32-bit round keys (where the first 4 round keys is equivalent to the 128-bit master key according to the AES (or Rijndael) specification). In the example, the round keys are split into 8-bit parts (bytes), treating each with a specific mask. Within each AES round, there are 4 round keys and the masking scheme may utilize different byte masks within a round key, or different word masks of each round key. FIG. 2 shows the manner in which masked key 102 is masked by the key encryption masks. The value of masked key 102 that would otherwise be used in the encryption process is effectively replaced by the output of exclusive or 110.

receiving a new mask from the key manager computing device; 
Gebotys ¶¶ [0021], [0029]. [E]ach iteration of the cryptographic operations includes the step of defining a successive masked key value by masking the previous masked key value using a key encryption mask selected from the set of key encryption masks. [D]efining a set of random mask values. [Note that key manager device can be a virtual device, see specification at [0028]]. 

determining a data key based on an XOR of the new mask and the random mask;
Gebotys ¶¶ [0021], [0029]. [E]ach iteration of the cryptographic operations includes the step of defining a successive masked key value by masking the previous masked key value using a key encryption mask selected from the set of key encryption masks. [D]efining a set of random mask values. [See FIG. 2 and [0087] for XOR of the masked key with successive masks.]

forwarding the masked version of the [master] key from the first computing device to a key manager computing device; responsive to the forwarding of the masked version of the [master] key; 

Li FIG. 1, ¶¶ [0021], [0028], [0082]. In some embodiments, the set of obfuscated scripting resource source data is configured to include an encryption technique and an encryption key. [C]lient device 102, is configured to collect certain client-related parameters, encrypt the collected client-related parameters using the encryption tools included in the set of obfuscated scripting resource source data, and send the encrypted client-related parameters to server 104. In some embodiments, the set of scripting resource source data can include a selected encryption key. For example, obfuscation parameters can include the substitute parameters (e.g., substitute variable names, substitute function names, substitute numerical values/mathematical expressions, loop structures used in statement sequence substitution, selected invalid code, encryption keys) and other data that are (e.g., randomly or otherwise) generated or selected in performing certain types of obfuscation techniques.
use, by a data processing instance in the first computing device, the data key in encrypting, decrypting, or authenticating data

Li FIG. 4, ¶¶ [0119] – [0120]. The set of scripting resource source data including the computer code implementing the encryption technique with the encryption key is obfuscated. At 412, the obfuscated set of scripting resource source data is sent to the client device, wherein the obfuscated set of scripting resource source data is configured to collect one or more client-related parameters at the client device and encrypt the collected one or more client-related parameters using the selected encryption technique and the encryption key.



For the above reasons, it is believed that the rejections should be sustained.








Respectfully submitted,

/EDWARD X LONG/Examiner, Art Unit 2439                                                                                                                                                                                                        


Conferees:
/KARI L SCHMIDT/Primary Examiner, Art Unit 2439            



/LUU T PHAM/Supervisory Patent Examiner, Art Unit 2439                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                       


Requirement to pay appeal forwarding fee.  In order to avoid dismissal of the instant appeal in any application or ex parte reexamination proceeding, 37 CFR 41.45 requires payment of an appeal forwarding fee within the time permitted by 37 CFR 41.45(a), unless appellant had timely paid the fee for filing a brief required by 37 CFR 41.20(b) in effect on March 18, 2013.