Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .




DETAILED ACTION
This action is in response to the Amendment filed on 02/17/2021.
Claims 10-15 and 21-26 are under examination.


Claim Rejections - 35 USC § 103  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 10-12, 15, 21-23 and 26 are rejected under 35 U.S.C. 103 as being unpatentable over Van Foreest et al. (US 20170237551 A1) and Thom et al. (US 2012/0297200 A1) .
Regarding claim 10, Van Foreest et al. discloses A method for performing a secure function using a white-box implementation in a data processing system [abs, “performing the encryption operation uses a white-box implementation of the encryption operation that forms part of the first software client”], the method comprising: inputting an encoded [par. 0100, “the device 200 may be arranged to receive a transformed version of these one or more encryption keys and to provide the transformed version of these one or more encryption keys as an input to the white-box implementation of the encryption operation 212”]; storing the encoded encryption key in the unsecure execution environment [par. 0100, “If the encryption operation uses, or is based on, a symmetric encryption algorithm, then the at least one encryption key may be the same as the corresponding one or more decryption keys DK”, par. 0103, “The CA client 204 also comprises, or stores, a rights object (or DRM license), represented in FIG. 2 as RO(DK). The rights object comprises the one or more decryption keys DK in a protected form (e.g. in an encrypted form) or other information that enables the DRM client 206 to obtain the one or more decryption keys DK (e.g. a URL of a DRM server from which decryption keys may be downloaded”, par. 0110, “the white-box implementations of the decryption operation 210 and encryption operation 212 are part of a transcryption module 300 that is separate from the CA client 204 (with the CA client providing the transformed version of the one or more decryption keys to the transcryption module 300). Thus, a more "standard" CA client 204 may be used together with the transcryption module 300”, par. 0091, “the device 200 executes the CA client 204 in an unprotected hardware processing environment, such as a main processor of a SoC device of the device 200”]; and using the encoded encryption key to perform the secure function using the white-box implementation [par. 0100, “The white-box implementation 212 then performs the encryption operation on the intermediate version T.sub.j(C) based on at least one encryption key…”], wherein the encoded encryption key is never in plaintext in the data processing system [par. 0107, “the CA client 204 may comprise a key manager module 214 (which may also be implemented as a white-box implementation). The key manager module 214 may be arranged to receive key information (for example, via one or more entitlement control messages and/or one or more entitlement management messages) and to generate the transformed version T.sub.i(CWn) of the one or more decryption keys CWn based on the received key information... Preferably, at no point is a cleartext value of the one or more decryption keys CWn generated by the key manager module 214”].
Van Foreest et al. does not explicitly disclose using the encoded encryption key in a trusted execution environment (TEE) to perform the secure function.
However Thom teaches using the encryption key in a trusted execution environment (TEE) to perform the secure function [par. 0007, “The encrypted key blob and the client certificate may be provisioned to the client on the first machine. The client may submit the encrypted key blob to the trusted execution environment on the first machine to perform key actions (e.g., encrypt data, sign an email document, protect a software product, log onto a machine, etc.)... If the encrypted key blob is validated, then the trusted execution environment may allow the user to perform a key action”].
Before the effective filing date of the claimed invention, it would have been obvious to a person having ordinary skill in the art to incorporate the teaching of Thom et al. into the teaching of Van Foreest et al. to use the encoded encryption key in a trusted execution environment (TEE) to perform the secure function with the motivation to provide for confidential and secure creation of client keys to perform key actions as taught by Thom et al. [Thom et al.: par. 0022].
Regarding claim 11, the rejection of claim 10 is incorporated.
Foreest et al. further discloses encoding the encryption key further comprises encoding the encryption key using one of a fixed mask, a linear function, or an affine function [par. 0052, “the bijective functions T are linear transformations…”, par. 0095, “The transformed version of the at least one decryption key CWn shall be referred to herein as T.sub.i(CWn)... The one or more transforms T.sub.i are transforms of the type set out in section 2 above for the purpose of implementing white-box protection”, par. 0100, “the device 200 may be arranged to receive a transformed version of these one or more encryption keys and to provide the transformed version of these one or more encryption keys as an input to the white-box implementation of the encryption operation 212, in a similar manner to that in which the white-box implementation of the decryption operation 210 obtains the transformed version of the one or more decryption keys”].
Regarding claim 12, the rejection of claim 10 is incorporated.
Foreest et al. further discloses the secure function further comprises encrypting a data value [par. 0100, “The white-box implementation 212 then performs the encryption operation on the intermediate version T.sub.j(C) based on at least one encryption key…”].
Regarding claim 15, the rejection of claim 10 is incorporated.
Foreest et al. further discloses the data processing system is implemented in an integrated circuit [par. 0091, “SOC device”, par. 0131, “the above-mentioned functionality may be implemented as hardware, such as on one or more field-programmable-gate-arrays (FPGAs), and/or one or more application-specific-integrated-circuits (ASICs),”].
Regarding claim 21, it recites limitations similar to claim 10. The reason for the rejection of claim 10 is incorporated herein.
Regarding claim 22, it recites limitations similar to claim 11. The reason for the rejection of claim 11 is incorporated herein.
Regarding claim 23, it recites limitations similar to claim 12. The reason for the rejection of claim 12 is incorporated herein.
Regarding claim 26, it recites limitations similar to claim 15. The reason for the rejection of claim 15 is incorporated herein.

Claims 13 and 24 are rejected under 35 U.S.C. 103 as being unpatentable over Van Foreest et al. (US 20170237551 A1) and Thom et al. (US 2012/0297200 A1) as applied to claims 10-12, 15, 21-23 and 26 above, and further in view of Basmov et al. (US 2015/0270956 A1).
Regarding claim 13, the rejection of claim 1 is incorporated.
Foreest et al. discloses storing the encoded encryption key in the unsecure execution environment.
Foreest et al. and Thom et al. do not explicitly disclose storing the encoded encryption key in a non-volatile memory.
However Basmov et al. teaches storing the encryption key in a non-volatile memory [par. 0013, “the operating system can manage storage of the encrypted encryption key in a nonvolatile memory that persists the encrypted encryption key across power cycles”].
Before the effective filing date of the claimed invention, it would have been obvious to a person having ordinary skill in the art to incorporate the teaching of Basmov et al. into the [Basmov et al.: par. 0013].
Regarding claim 24, it recites limitations similar to claim 13. The reason for the rejection of claim 13 is incorporated herein.

Claims 14 and 25 are rejected under 35 U.S.C. 103 as being unpatentable over Van Foreest et al. (US 20170237551 A1) and Thom et al. (US 2012/0297200 A1) as applied to claims 10-12, 15, 21-23 and 26 above, and further in view of Bisson et al. (US 2004/0165729 A1).
Regarding claim 14, the rejection of claim 1 is incorporated.
Foreest et al. discloses the encoded encryption key.
Foreest et al. and Thom et al. do not explicitly disclose the encoded encryption key is changed each time it is used to perform the secure function.
However Bisson et al. teaches the encryption key is changed each time it is used to perform the secure function [par. 0067, “This encryption key A changes every time a securing process is performed”].
Before the effective filing date of the claimed invention, it would have been obvious to a person having ordinary skill in the art to incorporate the teaching of Bisson et al. into the teaching of Foreest et al. and Thom et al. with the motivation to provide a higher security level for sensitive data as taught by Basmov et al. [Basmov et al.: par. 0008].
Regarding claim 25, it recites limitations similar to claim 14. The reason for the rejection of claim 14 is incorporated herein.


Response to Arguments

Applicant’s arguments, filed on 02/17/2021, with respect to rejection under 35 USC § 103 have been fully considered but they are not persuasive.
On pages 5-6 of the Remarks, Applicant argues that “Neither Van Foreest et al. or Thom et al., either separately or in combination, show or suggest claim 10 as amended. For example, the examiner cited paragraph 0007 of Thom et al. as showing the step of "using the encoded encryption key in a trusted execution environment (TEE) to perform the secure function." However, Thom et al. does not disclose "the encoded encryption key is never in plaintext in the data processing system." Paragraph 0023 of Thom et al. says that, "The trusted execution environment may validate the client key by decrypting the client key with the cryptographic decryption key. Once validated, the client may perform a key action, such as signing an email, through the trusted execution environment." Therefore, Thom et al. does not teach using an encoded encryption key in a TEE as claimed. Thom et al. discloses decrypting the client key before performing the key action. Also, Van Foreest et al. does not disclose using the encoded encryption key as claimed. Therefore, a combination of Thom et al. with Van Foreest et al. would not suggest to one skilled in the art the claimed step of "using the encoded encryption key in a trusted execution environment (TEE) to perform the secure function using the white-box implementation, wherein the encoded encryption key is never in plaintext in the data processing system.".
In response, the Examiner respectfully disagrees. Van Foreest discloses the device may be arranged to receive a transformed version of these one or more encryption keys and to provide the transformed version of these one or more encryption keys as an input to the white-box implementation of the encryption operation (par. 0100). Van Foreest particularly indicates that at no point is a cleartext value of the one or more decryption keys CWn generated by the key manager module (par. 0107). Thom [Thom et al.: par. 0022].


Conclusion
The prior art made of record and not relied upon is considered pertinent to Applicant’s disclosure:
US 20050108171 A1	Method and apparatus for implementing subscriber identity module (SIM) capabilities in an open platform
US 20170019254 A1	Device Key Security
US 20160036826 A1	SECURE CONTENT PACKAGING USING MULTIPLE TRUSTED EXECUTION ENVIRONMENTS
US 20170017957 A1	AUTHENTICATION SYSTEM AND METHOD FOR SERVER-BASED PAYMENTS
US 20170228525 A1	ACCESSING A SECURED SOFTWARE APPLICATION
US 20150229471 A1	SYSTEM AND METHOD FOR SECURING CONTENT KEYS DELIVERED IN MANIFEST FILES

THIS ACTION IS MADE FINAL.  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action.

Any inquiry concerning this communication or earlier communications from the examiner should be directed to JASON CHIANG whose telephone number is (571)270-3393.  The examiner can normally be reached on 9 AM to 6 PM.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Lynn Feild can be reached on (571) 272-2092.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.






/JASON CHIANG/Primary Examiner, Art Unit 2431