DETAILED ACTION
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
This office action is in response to the application and a preliminary amendment filed on 02/07/2020. This application is a division (DIV) of the application 16/266702.
Claims 13-20 are currently pending in this application. Claims 1-12 are cancelled.

Information Disclosure Statement
The information disclosure statement (IDS) submitted on 11/20/2020 was filed.  The submission is are in compliance with the provisions of 37 CFR 1.97.  Accordingly, the information disclosure statements are being considered by the examiner except the non-patent literature documents, which are not attached.

Examiner’s Note
The method claims 13-20 recite “means/steps-type” elements, for example, “… steps of: storing … a first data element … decrypting and providing …”, etc. These elements are interpreted with their broadest reasonable interpretation consistent with the supporting description (pages 11, 12, 15 of the specification) as steps (and components used in processing the steps) for storing, decrypting and providing.
If applicant wish to provide further explanation or dispute the examiner’s interpretation of these elements, applicant must identify the corresponding structure with reference to the specification by page and line number, and to the drawing, if any, by reference characters in response to this office action.

Claim Objections
Claims 13-20 are objected to because of the following informalities: the claims include “… storing, in a first file in a sandbox, in an encrypted form  … a first data element; … decrypting and providing the first data element by … in unencrypted form ” (see the claim 13); “… encrypting … the first data element …” (see the claim 14); “… wherein the first data element comprises…” (see the claims 19 and 20). However, “the first data element” with the condition (e.g., in an encrypted form or decrypted form or unencrypted form …) is suggested to use “the encrypted first data element”, “the decrypted first data element”, etc. for clarification. See also the 112(b) rejections section below.
Appropriate corrections are required.

Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(B)  CONCLUSION. — The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention. 

Claims 13-20 are rejected under 35 U.S.C. 112(b) as being indefinite for failing to particularly point out and distinctly claim the subject matter which applicant regards as the invention.

Claim 13 recites “… storing, in a first file in a sandbox, in an encrypted form, by a first security application … a first data element; wherein the data element comprises: … wherein the sandbox comprises a portion of a file system of the user device, the portion being accessible only by the first client application …”, however, it is not clear (1) whether “the portion of the file system” of the sandbox has any relationship with “the first data element” or “the first security application” because they are contents of the sandbox or processing components restricted for the sandbox (or omitting necessary components/methods which cause the claimed limitations unclear); (2) whether “the data element” is the same as “a first data element” or not (note: if they are not the same, “the data element” has an antecedent basis issue).
Claims 14-20 depend from the claim 1, and are analyzed and rejected accordingly.

Claim 14 recites “… encrypting by the first security application the first data element using a first level storage key …”, however, it is not clear “the first data element” is a/the first data element included in the claim 13 (note: the first data element included in the claim 13 has two different formats, encrypted/unencrypted form).
Claim 15 recites “… wherein an encryption procedure used for encrypting the data element is different from an encryption procedure used …”, however, it is not clear whether encryption the data element is different from encrypting the first data element of the claim 14.
Claim 16 recites “… dynamically generating the master key
Claim 17 recites “… the second master key being unable to decrypt any data not encrypted by the second master key”, however, it is not clear whether it is claiming what is not performing or not (e.g., there is not any data not encrypted by the second master key in the claim).
Claim 18 recites “… wherein the first security application comprises at least one obfuscating code segment”, however, it is not clear whether storing, decrypting and providing performed by the first security application (see the claim 13) are processed by the obfuscating code segment or not (note: the obfuscating code segment is not possible to perform storing, etc.).
Claim 19 recites “… the first data element comprises: … for encrypting information … information …“, however, it is not clear whether “information” is the same as “information provided by the server”, “information from the user device” included in the claim 13 or not. Note: the applicant is suggested to use the same term (e.g., an information, the information, etc.) if they are the same, but suggested to use different terms (e.g., a first information, a second information, etc.) if they are different.
 Claim 20 recites “… the first data element comprises: a message … a root-signature list … a malware signature list … a digital certificate … and an identifier of the device …”, however, it is not clear whether a single element (e.g., the first data element) has a plurality of different elements (e.g., the message identifier history, a root-signature list, etc.).

Claim Rejections - 35 USC § 102
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.

The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –

(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale or otherwise available to the public before the effective filing date of the claimed invention.


Claims 13, 18 and 19 are rejected under 35 U.S.C. 102(a)(1) as being anticipated by Barton et al. (US 2014/0095894 A1).

As per claim 13, Barton teaches a computer-implemented method [see figs. 4, 17, 24] for securely storing information exchanged between a user device [e.g., the mobile device 402] and a server [e.g., the gateway server 406] on a network [see fig. 4; par. 0089], the method comprising the steps of:
storing, in a first file in a sandbox, in an encrypted form, by a first security application associated with a data-collection application associated with a first client application executing on said user device, a first data element [figs. 4, 24; par. 0091, lines 1-12; par. 0096, lines 1-11; par. 
wherein the data element comprises: (i) information provided by the server to the user device or (ii) data that is used for the delivery of information from the user device to the server [fig. 4; par. 0089, lines 1-15 of Barton teaches wherein the data element (e.g., the data/information between the mobile device and the gateway server) comprises: (i) information (e.g., the keys, certificates, policies, etc.) provided by the server to the user device or (ii) data (e.g., log on information) that is used for the delivery of information from the user device to the server];
wherein the sandbox comprises a portion of a file system of the user device, the portion being accessible only by the first client application [fig. 17; par. 0345, lines 1-14; par. 0550, lines 1-16 of Barton teaches wherein the sandbox comprises a portion of a file system (e.g., the file system 1738) of the user device (e.g., the mobile device), the portion being accessible only by the 
upon request from the data-collection application, decrypting and providing the first data element by said first security application to said data-collection application in unencrypted form [fig. 24; par. 0341, lines 1-21; par. 0345, lines 14-21 of Barton teaches upon request (e.g., the read operation 2410) from the data-collection application (e.g., the managed application receiving data/information), decrypting and providing the first data element by said first security application (e.g., the application, code or layer performing encryption/decryption operation) to said data-collection application in unencrypted form (e.g., after decryption operation)].

As per claim 18, Barton teaches the method of claim 13. 
Barton further teaches wherein the first security application comprises at least one obfuscating code segment [fig. 20; par. 0297, lines 1-8 of Barton teaches wherein the first security application (e.g., the application, code or layer performing security operation) comprises at least one obfuscating code segment (e.g., the obfuscation method/code)].

As per claim 19, Barton teaches the method of claim 13. 
Barton further teaches wherein the first data element comprises: a public key of the server, for encrypting information to be transmitted via the first client application to the server; a private key of the data-collection application, for generating a signature for the information to transmitted; the private key of the data-collection application, for decrypting information received by the client application; the public key of the server, for validating information received from the server using a signature transmitted by the server; or a digital certificate associated with the client application [fig. 4; par. 0089, lines 1-15 of Barton teaches wherein the first data element comprises: a public key of the server, for encrypting information to be transmitted via the first client application to the server (e.g., the public key used in the PKI operation); a private key of the data-collection application, for generating a signature for the information to transmitted (e.g., the private key used in the PKI operation); the private key of the data-collection application, for decrypting information received by the client application; the public key of the server, for validating information received from the server using a signature transmitted by the server; or a digital certificate associated with the client application (e.g., the certificates)].

Allowable Subject Matter
Claims 14-17 and 20 are objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims and amended to overcome the claim objections and 112(b) rejections (if any) stated above.

Conclusion

Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Farid Homayounmehr can be reached on 571-272-3739.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.






/MAUNG T LWIN/Primary Examiner, Art Unit 2495