DETAILED ACTION
Continued Examination Under 37 CFR 1.114
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection. Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114. Applicant's submission filed on 10/7/2020 has been entered.
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . 
Response to Amendments
The amendment filed 10/7/2020 has been entered. Claims 1 and 3-10 remain pending in the application. 
Response to Arguments
Regarding the rejection of claims 1 under 35 USC 103:
Applicant’s arguments with respect to said claims have been considered but are moot because the arguments do not apply to the present combination of references being used in the current rejection.  
The examiner now uses Wu (US 20130198521 A1) in addition to Steele (US 20140032909 A1) in view of Park (US 20150117640 A1), in further view of Ureche (US 20110314279 A1), and Redberg (US 20140281506 A1) to teach the limitations of claim 1. Claims 1, 3-5 and 8-10 are now rejected in light of applicant’s amendments under 103 over Steele in view of Park, in further view of Wu, Ureche, and Redberg.
Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.


The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.


Claims 1 and 3-10 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA  35 U.S.C. 112, the applicant), regards as the invention.
Claim 1 recites the limitation "a start value" in line 9.  Reciting “a start value” makes it unclear whether this is referring to new start value or “a permanent common start value” in line 7. Subsequent recitation of “the start value” and “this start value” are thus also indefinite. Proper antecedent basis is required.
Claim 1 recites the limitation "a random value" in line 17.  Reciting “a random value” makes it unclear whether this is referring to new random value or “a random value” in line 14. Subsequent recitation of “the random value” are thus also indefinite. Proper antecedent basis is required.
Claim 1 recites the limitation "a session key for the encrypting" and “a session key for the decrypting” and then both are referred to as “the session key” throughout. Changing this to “the encryption session key” and “the decryption session key” would provide clarification. Proper antecedent basis is required.
	Claims 3-10 are rejected as dependent claims using the same rational applied to claim 1.
Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made. 

Claims 1, 3-5 and 8-10 are rejected under 35 U.S.C. 103 as being unpatentable over Steele (US 20140032909 A1) in view of Wu (US 20130198521 A1), in further view of Park (US 20150117640 A1), and Ureche (US 20110314279 A1).
Regarding claim 1, Steele teaches a method for encrypting and decrypting data which is exchanged between a first data processing device and a second data processing device via a communications link, with a [session] key, wherein the first data processing device is connected to the second data processing device via the communications link (Steele, in Para. [0017], discloses using identical keys generated on the first and second entities (i.e. data processing devices) to communicate securely with one another (i.e. communication link)).
Steele further teaches, the method comprising the following steps: a) generating a permanent common start value and providing a formation rule for the [session] key by: -generation a start value in the first data processing device (Steele, in Para. [0018 and 0032], discloses the digital data file (i.e. start value) can be selected from the computing entity (i.e. first data processing device) memory or computer generated).
-    saving the start value in a memory of the first data processing device (Steele, in Para. [0018], discloses the digital data file (i.e. start value) is stored in the memory of the first computing system (i.e. first data processing device)),
-    exchanging this start value between the first and second data processing device (Steele, in Para. [0018], discloses the first entity (i.e. first data processing devices) sharing a digital data file (i.e. start value) with the second entity (i.e. second data processing devices)),
(c) encrypting data of the first data processing device using the [session] key by: - encrypting of the data using the [session] key on the communications server or encrypting the data using the [session] key in the first data processing device (Steele, in Para. [0021], discloses the first computing system (i.e. first data processing device) encrypting and exchanging communication (i.e. data) using a key),
decrypting the data by: - either decrypting the encrypted data with the [session] key by the communications server and outputting the decrypted data to the second data processing device - Or outputting the encrypted data to the second data processing device and decrypting the data in the second data processing device using the [session] key (Steele, in Para, [0021], discloses using the key to decrypt the encrypted communication (i.e. data) that is sent to the second computing system (i.e. second data processing device)).
While Steele teaches outputting data to the second data processing device, Steele fails to explicitly teach deleting the data from the communication server.
However, Wu from the analogous technical fields teaches via a communication link, with a [session key] and the communications link is equipped with a communications server (Wu, in Fig. 1 and in Para. [0020 and 0024], discloses files being stored by a user on a server (i.e. communication server) and being accessed by other users, where both devices are connected to the server (i.e. communication link)).
(f) deleting the data from the communication server after output of the data to the second data processing device (Wu, in Para. [0199], discloses deleting the file (i.e. data) after decrypting and download (i.e. output to second processing device)).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Steele to incorporate the teachings of Wu, with the motivation to improve at rest data security (Wu, Para. [0025]).
While Steele as modified by Wu teaches secure communication between two devices, generating, storing and sharing the start value, encrypting data on the first data processing device, and outputting of the data to the second data processing device, Steele as modified by Wu fails to explicitly teach outputting the formation rule for creating a session key using the start and random value.
However, Park from the analogous technical field teaches -providing a formation rule in the communications server which generates a session key from at least the start value and a random value generated in the communications server (Park, in Fig. 5 elements R1 and R2 and in the associated text in Para, [0011], discloses a key derivation executable code (i.e. formation rule) which uses the first seed value (i.e. start value) generated on the computing device (i.e. first data processing device) and the second seed value (i.e. random value) generated on the server (i.e. communication server), using a random number generation executable code, to generate session keys),
(b) generating a session key for the encryption of the data: - generating a random value in the communications server (Park, in Para. [0011], discloses using a random number generation executable code to generate the second seed value (i.e. random value) on the server (i.e. communication server), which is then used in combination with the first seed value (i.e. start value) and key derivation executable codes (i.e. formation rule) to generate session keys which are used for encryption and decryption),
- saving the random value in the communications server (Park, in Para. [0052], discloses that the seed value R2 (i.e. random value) is on the server (i.e. communication server)),
- either outputting of the start value by the first data processing device to the communications server and generating a session key from the start value and the random value by the communications server using the formation rule - Or outputting the random value and the formation rule by the communications server to the first data processing device and generating a session key from the start value and the random value by the first data processing device using the formation rule (Park, in Para. [0011], discloses that the first seed value (i.e. start value) is shared with the server (i.e. communication server) and the second seed value (i.e. random value) is shared with the computing device (i.e. data processing device) and then both the computing device (i.e. data processing device) and the server (i.e. communication server) execute the key derivation codes (i.e. formation rule) to generate the session keys),
outputting the encrypted data to the communications server (Park, in Fig. 5 and the text in Para. [0017], discloses encrypted communication (i.e. output of encrypted data) between the computing device (i.e. data processing device) and the server (i.e. communication server)),
- deleting the session key for the encryption of the data after encrypting the data (Park, in Para. [0065], discloses automatically discarding the session key once it has been used for encryption),
(d) generating a session key for the decryption of the data: - either outputting the start value from the second data processing device to the communications server and generating the session key from the start value and the random value saved on the communications server by the communications server using the formation rule - Or outputting the random value and the formation rule from the communications server to the second data processing device and generating the session key from the start value and the random value by the second data processing device using the formation rule (Park, in Para. [0011], discloses that the first seed value (i.e. start value) is shared with the server (i.e. communication server) and the second seed value (i.e. random value) is shared with the computing device (i.e. data processing device) and then both the computing device (i.e. data processing device) and the server (i.e. communication server) execute the key derivation codes (i.e. formation rule) to generate session keys),
- deleting the session key for the decryption of the data (Park, in Fig. 6 step S650 and in Para. [0065], discloses automatically discarding the session key once it has been used in decryption).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Steele to incorporate the teachings of Park, with the motivation to enhance the security of a software scheme and ensure system security (Park, Para. [0007]).
While Steele as modified by Wu and Park teaches the limitations of claim 1 as described above, Steele as modified by Wu and Park fails to explicitly teach saving encrypted data on the server and deleting the random value.
However, Ureche from the analogous technical fields teaches: -saving the encrypted data on the communications server (Ureche, in claim 14, discloses encrypted data stored on a first computer (i.e. server)).
Ureche further teaches, -deleting the random value after decrypting the data (Ureche, in claim 14 and in Fig. 5, discloses performing the unseal operation (i.e. decrypting) on the protected volume (i.e. encrypted data) and then deleting the random number (i.e. random value)).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Steele as modified by Wu and Park to further incorporate the teachings of Ureche, with the motivation to prevent the first computer (i.e. server) to obtain the random value again and thus decrypt again (Ureche, Para. [0091]).
Regarding claim 3, Steele as modified by Wu, Park, and Ureche teaches the method according to claim 1. 
Park further teaches, characterized in that the start value is formed according to a random principle (Park, in Para. [0011], discloses the first computing device (i.e. first data processing unit) generating the first seed value (i.e. start value) using executing a random number generation code)).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Steele as modified by Wu, Park, and Ureche to further incorporate the teachings of Park, with the motivation to enhance the security of a software scheme and ensure system security (Park, Para, [0007]),
Regarding claim 4, Steele as modified by Wu, Park, and Ureche teaches the method according to claim 1. 
Park further teaches, characterized in that first a session key is formed on the communications server using the formation rule, before the unencrypted data is output from the first data processing device to the communications server. (Park, in Para. [0011], discloses generating a session key on the server (i.e. communication server) followed by encrypting/decrypting the communication (i.e. communication comes after key generation)).
It would have been obvious to one of ordinary skills the art before the effective filing date of the claimed invention to have modified Steele as modified by Wu, Park, and Ureche to further incorporate the teachings of Park, with the motivation to enhance the security of a software scheme and ensure system security (Park, Para. [0007]).
Regarding claim 5, Steele as modified by Wu, Park, and Ureche teaches the method according to claim 1. 
Steele further teaches wherein the data exchange takes place over a communications link designed as a secure channel of communication between the first data processing device and the communications server, and between the communications server and the second data processing device (Steele, in Para. [0020], discloses using secure socket layer between the one or more computing systems).
Regarding claim 8, Steele as modified by Wu, Park, and Ureche teaches the method according to claim 1. 
Steele further teaches wherein the start value in a memory of the first data processing device and in a memory of the second data processing device is permanently saved and remains constant for several communication processes (Steele, in Para. [0018], discloses that the digital data file (i.e. start value) is saved in the memory of the first computing system (i.e. first data processing unit) and the second computing system (i.e. second data processing device)).
Regarding claim 9, Steele as modified by Wu, Park, and Ureche teaches the method according to claim 1.
Park further teaches wherein the formation rule is a key derivation function (Park, in Para. [0061], discloses using a key derivation executable code (i.e. key derivation function)).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Steele as modified by Wu, Park, and Ureche to further incorporate the teachings of Park, with the motivation to enhance the security of a software scheme and ensure system security (Park, Para. [0007]).
Claims 6-7 are rejected under 35 U.S.C. 103 as being unpatentable over Steele as modified by Wu, Park, and Ureche further in view of Karamchedu (US 20040030918 A1).
Regarding claim 6, Steele as modified by Wu, Park, and Ureche teaches the method according to claim 1. 
While Steele as modified by Wu, Park, and Ureche teaches the elements of claim 1, Steele as modified by Wu, Park, and Ureche does not explicitly teach sending a message from the first data processing device to the second data processing device when the encrypted data is on the communication server.
However, Karamchedu from the analogous technical field teaches: wherein the first data processing device outputs a message to the second data processing device if data of the first data processing device that is intended for the second data processing device is encrypted with a session key and saved on the communications server (Karamchedu, in Para. [0035 and 0037], discloses that once the message (i.e. data) has been sent by the sending client (i.e. first data processing device) to the storage server (i.e. communication server) and securely (i.e. encrypted) stored by the storage server, the sending client (i.e. first data processing device) sends a notification to the recipient (i.e. second data processing device)).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Steele as modified by Wu, Park, and Ureche to incorporate the teachings of Karamchedu, with the motivation to improve security with respect to the transmission and storage of message and data (Karamchedu, Para. [0007]),
Regarding claim 7, Steele as modified by Wu, Park, and Ureche teaches the method according to claim 1. 
While Steele as modified by Wu, Park, and Ureche teaches the elements of claim 1, Steele as modified by Wu, Park, and Ureche does not explicitly teach sending a message from the communication server to the second data processing device when the encrypted data is on the communication server.
However, Karamchedu from the analogous technical field teaches: wherein the start value in a memory of the first data processing device and in a memory of the second data processing device Is permanently saved and remains constant for several communication processes (Karamchedu, in Para, [0033 and 0035], discloses that once the message (i.e. data) has been sent by the sending client (i.e. first data processing device) to the storage server (i.e. communication server) and securely (i.e. encrypted) stored by the storage server, the storage server (i.e. communication server) generates a notification to the recipient (i.e. second data processing device)).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Steele as modified by Wu, Park, and Ureche to incorporate the teachings of Karamchedu, with the motivation to improve security with respect to the transmission and storage of message and data (Karamchedu, Para. [0007]).  
Claim 10 is rejected under 35 U.S.C. 103 as being unpatentable over Steele as modified by Wu, Park, Ureche, and further in view of Redberg (US 20140281506 A1).
Regarding claim 10, Steele as modified by Wu, Park, and Ureche teaches the method according to claim 1.
While Steele as modified by Wu, Park and Ureche teaches a start value, Steele as modified by Wu, Park and Ureche fails to explicitly teach encrypting the start value with the start value key before providing it to the second data processing device via a different communication channel.
However, Redberg from the analogous technical fields teaches wherein a start value key for encrypting the start value is generated, the start value is encrypted using the start value key before it is output, the start value key is input into the second data processing device along a channel of communication other than the communications link, and the encrypted start value is decrypted using the start value key (Redberg, in Para. [0030], discloses generating a secret key (i.e. start value key), using it to encrypt the seed (i.e. start value) and then sending the encrypted seed (i.e. start value) and the secret key (i.e. start value key) via two separate channels (i.e. communication link and other channel of communication) to a device (i.e. second data processing device) where the secret key (i.e. start value key) is used to decrypt the seed (i.e. start value)).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Steele as modified by Wu, Park and Ureche to incorporate the teachings of Redberg, with the motivation to facilitate a secure/encrypted seed (Redberg, Para. [0040]).
Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to JESSICA JANA SOUTH whose telephone number is (571)272-3208.  The examiner can normally be reached on M-Th 9:00-18:00 (Flex).
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Lynn Feild can be reached on (571) 272-2092.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.






/JESSICA J SOUTH/Examiner, Art Unit 2431                                                                                                                                                                                                        
/TRANG T DOAN/Primary Examiner, Art Unit 2431