DETAILED ACTION
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
This is in response to the correspondence filed on 02/05/21.  Claims 1-16 are still pending and have been considered below.

Continued Examination Under 37 CFR 1.114
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection.  Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114.  Applicant's submission filed on 02/05/21 has been entered.

Response to Amendment
The amendment to the claims filed on 02/05/21 does not comply with the requirements of 37 CFR 1.121(c) because the claim text found in at least some of the currently amended claims do not have the appropriate markings, as required (ie. Claim 16 does not appear to underline all of the newly introduced text).  Nonetheless, in order to promote expeditious prosecution, the claim amendments will be treated as if they were fully compliant; however, Applicant is kindly requested to review the claim set in its entirety to identify all outstanding issues and make the appropriate corrections in the next correspondence.
Amendments to the claims filed on or after July 30, 2003 must comply with 37 CFR 1.121(c) which states:

	(c) Claims. Amendments to a claim must be made by rewriting the entire claim with all changes (e.g., additions and deletions) as indicated in this subsection, except when the claim is being canceled. Each amendment document that includes a change to an existing claim, cancellation of an existing claim or addition of a new claim, must include a complete listing of all claims ever presented, including the text of all pending and withdrawn claims, in the application. The claim listing, including the text of the claims, in the amendment document will serve to replace all prior versions of the claims, in the application. In the claim listing, the status of every claim must be indicated after its claim number by using one of the following identifiers in a parenthetical expression: (Original), (Currently amended), (Canceled), (Withdrawn), (Previously presented), (New), and (Not entered).
		(1) Claim listing. All of the claims presented in a claim listing shall be presented in ascending numerical order. Consecutive claims having the same status of “canceled” or “not entered” may be aggregated into one statement (e.g., Claims 1–5 (canceled)). The claim listing shall commence on a separate sheet of the amendment document and the sheet(s) that contain the text of any part of the claims shall not contain any other part of the amendment.
		(2) When claim text with markings is required. All claims being currently amended in an amendment paper shall be presented in the claim listing, indicate a status of “currently amended,” and be submitted with markings to indicate the changes that have been made relative to the immediate prior version of the claims. The text of any added subject matter must be shown by underlining the added text. The text of any deleted matter must be shown by strike-through except that double brackets placed before and after the deleted characters may be used to show deletion of five or fewer consecutive characters. The text of any deleted subject matter must be shown by being placed within double brackets if strike-through cannot be easily perceived. Only claims having the status of “currently amended,” or “withdrawn” if also being amended, shall include markings. If a withdrawn claim is currently amended, its status in the claim listing may be identified as “withdrawn—currently amended.”
		(3) When claim text in clean version is required. The text of all pending claims not being currently amended shall be presented in the claim listing in clean version, i.e., without any markings in the presentation of text. The presentation of a clean version of any claim having the status of “original,” “withdrawn” or “previously presented” will constitute an assertion that it has not been changed relative to the immediate prior version, except to omit markings that may have been present in the immediate prior version of the claims of the status of “withdrawn” or “previously presented.” Any claim added by amendment must be indicated with the status of “new” and presented in clean version, i.e., without any underlining.
		(4) When claim text shall not be presented; canceling a claim.
			(i) No claim text shall be presented for any claim in the claim listing with the status of “canceled” or “not entered.”
			(ii) Cancellation of a claim shall be effected by an instruction to cancel a particular claim number. Identifying the status of a claim in the claim listing as “canceled” will constitute an instruction to cancel the claim.
		(5) Reinstatement of previously canceled claim. A claim which was previously canceled may be reinstated only by adding the claim as a “new” claim with a new claim number.

Claim Objections
Claim 1 is objected to because of the following informalities:  line 6 of the instant claim should be amended to recite “from the encrypted .  Appropriate correction is required.
Claims 9 and 16 are objected to because of the following informalities:  the instant claims should be amended to recite “registered user [[with]] that has been granted”.  Appropriate correction is required.
Claim 9 is objected to because of the following informalities:  line 2 of the instant claim should be amended to recite “granted permission [[.]]by an owner”.  Appropriate correction is required.
Claim 12 is objected to because of the following informalities:  line 3 of the instant claim should be amended to recite “granted permission [[.]]by said owner”.  Appropriate correction is required.
Claim 16 is objected to because of the following informalities:  line 7 of the instant claim should be amended to recite “transmitting [[the]] said private key and [[the]] said encrypted”.  Appropriate correction is required.

Claim Rejections - 35 USC § 112
The following is a quotation of the first paragraph of 35 U.S.C. 112(a):
(a) IN GENERAL.—The specification shall contain a written description of the invention, and of the manner and process of making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it pertains, or with which it is most nearly connected, to make and use the same, and shall set forth the best mode contemplated by the inventor or joint inventor of carrying out the invention.

The following is a quotation of the first paragraph of pre-AIA  35 U.S.C. 112:
The specification shall contain a written description of the invention, and of the manner and process of making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it pertains, or with which it is most nearly connected, to make and use the same, and shall set forth the best mode contemplated by the inventor of carrying out his invention.

Claims 1-9, 13, 14 and 16 are rejected under 35 U.S.C. 112(a) or 35 U.S.C. 112 (pre-AIA ), first paragraph, as failing to comply with the written description requirement. 

Regarding Claims 1, 4, 13 and 16, Examiner notes that newly introduced limitation of a “virtual computer memory” does not appear to be supported in Applicant’s original disclosure, as filed; specifically, the Specification filed on 04/09/18 appears to be completely silent with respect to the term “virtual” altogether.
Regarding Claims 7 and 14, Examiner notes that the newly introduced limitation of storing the encrypted file on “the cloud”, “the internet” or “another user’s computer memory” does not appear to be supported in Applicant’s original disclosure, as filed; specifically, the Specification filed on 04/09/18 appears to be completely silent with respect to explicitly storing the encrypted file on the cloud, the internet and/or another user’s computer memory.
Therefore, Applicants are kindly requested to amend the claims to only recite features that are fully supported by the original disclosure and/or specifically point out how the original disclosure can be read to explicitly/implicitly support the limitations in question.
The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.


The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.


Claims 1-16 rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA  35 U.S.C. 112, the applicant), regards as the invention.
Claims 1, 7, 10, 13, 14 and 16 recite the limitation of "exclusively" storing the private key and the encrypted file separate from one another, which render the claims indefinite in that it would appear to contradict the remaining limitation(s) of the claimed invention where the private key is transmitted to the user for use in decrypting the encrypted file.
Examiner respectfully submits that if the claims require the private key and the encrypted file to be exclusively/only stored in physically separate location, it would then not be possible to send the private key to the user for decrypting the encrypted file because the private key and the encrypted file will be stored at the same physical location, at least while the decryption process is being performed.
Likewise, if the private key is transmitted to the user for decrypting the encrypted file, the private key and the encrypted file can no longer be considered as being exclusively/only stored at physically separate locations because one of ordinary skill in the art would understand the private key and the encrypted file to be at the same physical location, at least while the decryption process is being performed.
Regarding claims 7 and 14, the phrase "such as" renders the claim indefinite because it is unclear whether the limitations following the phrase are part of the claimed invention.  See MPEP § 2173.05(d).
Claims 1, 4, 13 and 16 recite the limitation "the/said virtual computer memory" throughout the claims.  There is insufficient antecedent basis for this limitation in the claims.  Examiner notes that the preceding claim language does not appear to establish any first instance 
Claim 12 recites the limitation "said owner" in line 3.  There is insufficient antecedent basis for this limitation in the claim.  Examiner notes that the preceding claim language does not appear to establish any first instance of an “owner”; thus, renders the claim indefinite in that it is unclear as to what the limitation in question is in reference to.

Claim Rejections - 35 USC § 102
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –

(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale, or otherwise available to the public before the effective filing date of the claimed invention.


Claim(s) 1-3, 7-12, 14 and 15 is/are rejected under 35 U.S.C. 102(a)(1) as being anticipated by Pensak et al. (6,289,450).
Claim 1:  Pensak et al. discloses a method for securely retrieving a private key associated with an encrypted file comprising the steps of:
receiving over a computer network a request from a user to retrieve the private key(log-in to server, viewing user requests access by asking for decryption key) [column 7, lines 5-15 | column 8, lines 20-30];
(determine if authoring user is authorized to register documents, determine if viewing user is authorized access) [column 7, lines 5-15 | column 8, lines 30-40];
if authorized, retrieving the private key from a private key computer memory said private key being exclusively stored at a different physical location separate from the file which has been encrypted with said private key(sever stores keys…document stored at the authoring user’s computer and never transmitted to server) [column 7, lines 45-55]; and transmitting the private key exclusively to the virtual computer memory of the user, said virtual computer memory being erased and overwritten immediately after said private key is utilized(immediately destroys or removes key from user’s machine after encrypting/decrypting document) [column 7, lines 25-35 | column 8, lines 35-45].
Claim 2:  Pensak et al. discloses the method of claim 1, wherein the user is an owner of the encrypted file [column 6, lines 30-40].
Claim 3:  Pensak et al. discloses the method of claim 1, wherein the user is a registered user with that has been granted permission by an owner to retrieve the said private key and decrypt said encrypted file [column 6, lines 30-40].
Claim 7:  Pensak et al. discloses the method of claim 1, wherein the user's request is to retrieve the private key and the encrypted file [column 8, lines 20-30], said encrypted file being stored in the user's computer memory or on remote database such as the cloud, the internet, another user's computer memory, or an external device [column 7, lines 45-55]; wherein the encrypted file is stored in an encrypted file computer memory and said private key being exclusively stored separate from said encrypted file, and wherein said encrypted file computer memory is at a different physical location from said private key computer memory [column 3, lines 10-20].
Claim 8:  Pensak et al. discloses the method of claim 7, wherein the user is an owner of the encrypted file [column 6, lines 30-40].
Claim 9:  Pensak et al. discloses the method of claim 7, wherein the user is a registered user with that has been granted permission by an owner to retrieve said private key and decrypt said encrypted file [column 6, lines 30-40].
Claim 10:  Pensak et al. discloses a system for securely retrieving a private key associated with an encrypted file comprising;
a registration server for verifying an identity of a user [column 3, lines 45-55 | column 8, lines 30-40]; 
a private key server operably connected to the registration server [column 3, lines 10-20]; 
and a private key computer memory operably connected to the key server and configured to store the private key, said private key being exclusively stored separate from said encrypted file, wherein said private key computer memory is at a different physical location from said encrypted file [column 7, lines 45-55].
Claim 11:  Pensak et al. discloses the system of claim 10, wherein the registration server is configured to receive a request to retrieve the private key from an owner of the encrypted file [column 7, lines 25-35 | column 8, lines 20-30].
Claim 12:  Pensak et al. discloses the system of claim 10, wherein the registration server is configured to receive a request to retrieve the private key from a registered user that has been granted permission by said owner to retrieve said private key and decrypt said encrypted file [column 6, lines 30-40 | column 8, lines 20-30].
Claim 14:  Pensak et al. discloses the system of claim 10 further comprising: an encrypted file stored in a user's computer memory or in a remote database server such as the cloud, the internet, 
Claim 15:  Pensak et al. discloses the system of claim 14, wherein the registration server is configured to receive a request by an owner or a registered user that has been granted permission by said owner to retrieve the private key and the encrypted file [column 7, lines 25-35 | column 8, lines 20-30].

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claim(s) 4, 5, 6, 13 and 16 is/are rejected under 35 U.S.C. 103 as being unpatentable over Pensak et al. (6,289,450) in view of Chen et al. (2007/0297610).
Claim 4:  Pensak et al. discloses the method of claim 1, but does not explicitly disclose wherein the user’s authorization to retrieve the private key is verified by steps comprising: receiving a biometric identifier from the user from any available non-device specific biometric enabled device; verifying an identity of the user by comparing the received biometric identifier with a stored biometric identifier associated with the user; and if the user is verified as an owner of the 
However, Chen et al. discloses a similar invention [page 1, paragraph 0004] and further discloses wherein the user’s authorization to retrieve the private key is verified by steps comprising: receiving a biometric identifier from the user from any available non-device specific biometric enabled device(mobile device can be, without limitation, any of the listed devices, or the likes) [page 2, paragraph 0023 | pages 4-5, paragraph 0044]; verifying an identity of the user by comparing the received biometric identifier with a stored biometric identifier associated with the user(key server performs suitable authentication procedure by extracting authentication data from the received authentication request and processing the authentication data to determining its validity) [page 5, paragraph 0045 | page 7, paragraph 0072]; and if the user is verified as an owner of the encrypted file or a registered user granted permission by an owner to retrieve the private key and decrypt said encrypted file, transmitting said private key to the virtual computer memory of the user [page 7, paragraph 0073], said virtual computer memory being erased and overwritten immediately after said private key is utilized [Pensak et al.: column 6, lines 30-40 | column 7, lines 25-35 | column 8, lines 35-45].
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to further modify the disclosure of Pensak et al. with the additional features of Chen et al., in order to reduce the vulnerability of protected data stored on a mobile device, as suggested by Chen et al. [page 1, paragraphs 0003-0004].
Claim 5:  Pensak et al. and Chen et al. disclose the method of claim 4, and Pensak et al. further discloses wherein the user is an owner of the encrypted file [column 6, lines 30-40] [Chen et al.: pages 3-4, paragraph 0034 | page 8, paragraphs 0079-0080].
Claim 6:  Pensak et al. and Chen et al. disclose the method of claim 4, and Pensak et al. further discloses wherein the user is a registered user that has been granted permission by said owner to retrieve said private key and decrypt said encrypted file [column 6, lines 30-40] [Chen et al.: page 4, paragraph 0044 | page 7, paragraph 0072].
Claim 13:  Pensak et al. discloses the system of claim 10, but does not explicitly disclose wherein the registration server is configured to verify the user’s authorization to retrieve said private key by comparing a biometric identifier accessed across all platforms and received from the user from any available non-device specific, biometric enabled device, with a stored biometric identifier of the user and, if the user is verified as an owner of the encrypted file or a registered user that has been granted permission by said owner to retrieve said private key and decrypt said encrypted file, transmitting said private key exclusively to the virtual computer memory of the user.
However, Chen et al. discloses a similar invention [page 1, paragraph 0004] and further discloses wherein the registration server is configured to verify the user’s authorization to retrieve said private key by comparing a biometric identifier accessed across all platforms and received from the user from any available non-device specific, biometric enabled device [page 2, paragraph 0023 | pages 4-5, paragraph 0044], with a stored biometric identifier of the user [page 5, paragraph 0045 | page 7, paragraph 0072] and, if the user is verified as an owner of the encrypted file or a registered user that has been granted permission by said owner to retrieve said private key and decrypt said encrypted file, transmitting said private key exclusively to the Pensak et al.: column 6, lines 30-40 | column 7, lines 25-35 | column 8, lines 35-45].
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to further modify the disclosure of Pensak et al. with the additional features of Chen et al., in order to reduce the vulnerability of protected data stored on a mobile device, as suggested by Chen et al. [page 1, paragraphs 0003-0004].
Claim 16:  Pensak et al. discloses the system of claim 14, but does not explicitly disclose wherein the registration server is configured to verify the user’s authorization to retrieve the private key and the encrypted file by comparing a biometric identifier, accessed across all platforms and received from the user from any available non-device specific biometric enabled device, with a stored biometric identifier of the user and, if the user is verified as an owner of the encrypted file or a registered user that has been granted permission by said owner to retrieve said private key and said encrypted file, said private key being exclusively transmitted to the virtual computer memory of the user, said virtual computer memory being erased and overwritten immediately after said private key is utilized.
However, Chen et al. discloses a similar invention [page 1, paragraph 0004] and further discloses wherein the registration server is configured to verify the user’s authorization to retrieve the private key and the encrypted file by comparing a biometric identifier, accessed across all platforms and received from the user from any available non-device specific biometric enabled device [pages 4-5, paragraph 0044], with a stored biometric identifier of the user [page 5, paragraph 0045 | page 7, paragraph 0072] and, if the user is verified as an owner of the encrypted file or a registered user that has been granted permission by said owner to retrieve said private key and said encrypted file, said private key being exclusively transmitted to the virtual Pensak et al.: column 6, lines 30-40 | column 7, lines 25-35 | column 8, lines 35-45 | figure 1].
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to further modify the disclosure of Pensak et al. with the additional features of Chen et al., in order to reduce the vulnerability of protected data stored on a mobile device, as suggested by Chen et al. [page 1, paragraphs 0003-0004].

Response to Arguments
Applicant’s arguments with respect to the claim(s) have been considered but are moot because the new ground of rejection does not rely on any reference applied in the prior rejection of record for any teaching or matter specifically challenged in the argument.
Examiner respectfully submits that contrary to Applicant’s assertions throughout the Remarks filed on 02/05/21, Examiner did not note that any features should be recited in the rejected claims and/or otherwise suggest amending the claims to include any features that Applicant previously argued in the Remarks filed on 05/29/20.  In particular, pages 7-9 of the Office action mailed on 08/07/20 simply identified that Applicant’s previous arguments were directed to features that are not recited in the rejected claims, no more no less.

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to EDWARD ZEE whose telephone number is (571)270-1686.  The examiner can normally be reached on Monday-Friday 9AM-5PM EST.

If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Joseph Hirl can be reached on (571)272-3685.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.



/EDWARD ZEE/Primary Examiner, Art Unit 2435