DETAILED ACTION
This final office action has been issued in response to communications received on 12/30/2020.  Claims 1-5, 8-12 and 15-19 were amended.  Claims 1-20 are presented for examination.  The present application claiming priority to an application, filed before March 16, 2013, is being examined under the pre-AIA  first to invent provisions. 

Response to Arguments
Applicant’s amendments, filed 12/30/2020, to claims 3, 10 and 17 amending the claims to disclose when a first input of the password is required is sufficient to overcome the objection to the aforementioned claims for referring to a second indication of requiring password input without disclosing any instance of a first.  Consequently, the objection to claims 3, 10 and 17 is withdrawn.
Applicant’s arguments with respect to the rejection of the claims under 103 have been considered, but are found unpersuasive.  
Applicant’s remaining arguments in the Remarks, filed 12/30/2020, with respect to the claims rejected under 103 have been full considered but are considered moot because newly added limitations to the claims disclose “in response to verifying that the decrypted at least one file matches excepted data for the at least one file transitioning into an unlocked state to permit access to the computing device” requires a new ground of rejection necessitated by amendments.
The remaining arguments fail to comply with 37 C.F.R. § 1.111(b) because they amount to a general allegation that the claims define a patentable invention without 

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains.  Patentability shall not be negated by the manner in which the invention was made.


	The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459 (1966), that are applied for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1.	Determining the scope and contents of the prior art.
2.	Ascertaining the differences between the prior art and the claims at issue.
3.	Resolving the level of ordinary skill in the pertinent art.
4.	Considering objective evidence present in the application indicating obviousness or nonobviousness.


This application currently names joint inventors. In considering patentability of the claims the examiner presumes that the subject matter of the various claims was commonly owned as of the effective filing date of the claimed invention(s) absent any evidence to the contrary.  Applicant is advised of the obligation under 37 CFR 1.56 to point out the inventor and effective filing dates of each claim that was not commonly owned as of the effective filing date of the later invention in order for the examiner to consider the applicability of 35 U.S.C. 
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  3-5, 10-12 and 17-19
Claims 1-2, 5-9, 12-16 and 19-20 are rejected under pre-AIA  35 U.S.C. 103(a) as being as being unpatentable over Allen (US 2010/0172504) in view of Matyas (US 7,010,689) and Kussmaul (US 2006/0242423).
Allen discloses the limitations of claim 1 substantially as follows:
	A method for controlling access to a computing device, the method comprising:
at the computing device utilizing a password to decrypt an encrypted key bag to produce a decrypted key bag, wherein the decrypted key bag includes a plurality of encryption keys (paras. [0042], [0046], [0056], [0057], [0059], Fig. 2: at a user computing system decrypting an encrypted key bag using a Personal Identification Number (i.e. password) to produce a decrypted key bag, wherein the decrypted key bag includes private keys for signing/encrypting);
Allen does not explicitly disclose the remaining limitations of claim 1 as follows:
	computing device that is operating in a locked state: 
decrypting, using at least one encryption key of the plurality of encryption keys, at least one encrypted file stored on the computing device to produce a decrypted at least one file; and 
		in response to verifying that the decrypted at least one file matches excepted data for the at least one file:
			transitioning into an unlocked state to permit access to the computing device; and
in response to identifying that the decrypted at least one file does not match the expected data for the at least one file:
			remaining in the locked state to prohibit access to the computing device.
However, in the same field of endeavor Matyas discloses the limitations of claim 1 as follows:
decrypting, using at least one encryption key of the plurality of encryption keys, at least one encrypted file stored on the computing device to produce a decrypted at least one file (col. 2, l. 40 – col. 3, l. 6; col. 5, ll. 63-65; col. 6, ll. 27-31; : decrypting an encrypted file stored on a client data processing system acting as a server (i.e. computing device) to produce a decrypted file using a decrypted file encryption key (i.e. at least one encryption key) from a plurality of file encryption keys); and 
		in response to verifying that the decrypted at least one file matches excepted data for the at least one file:
permitting access to the computing device (col. 2, l. 40 – col. 3, l. 6: in response to verifying that the decrypted hash value and message authentication code of the file header (i.e. decrypted at least one file) matches expected recovered verification value and message authentication code of the file (i.e. expected data for the file), permitting access to the file of the data processing system); and
in response to identifying that the decrypted at least one file does not match the expected data for the at least one file:
prohibiting access to the computing device (col. 2, l. 40 – col. 3, l. 6; col. 11, ll. 49-66; col. 12, ll. 8-16: in response to verifying that the decrypted hash value and message authentication code of the file header (i.e. decrypted at least one file) matches expected recovered verification value and message authentication code of the file (i.e. expected data for the file), preventing access to the file of the data processing system).
Matyas is combinable with Allen because both are from the same field of endeavor of using a passphrase to encrypt and decrypt keys for secure management of encryption/decryption keys.  It would have been obvious to one of ordinary skill in the art at the time of the invention to integrate Matyas’ method of verifying the decrypted at least one file matches expected data for the at least one file with the system of Allen in order to make the system more secure by 
Neither Matyas or Allen disclose the remaining limitations of claim 1 as follows:
computing device that is operating in a locked state: 
		in response to verifying that the decrypted at least one file matches excepted data for the at least one file:
			transitioning into an unlocked state to permit access to the computing device; and
in response to identifying that the decrypted at least one file does not match the expected data for the at least one file:
			remaining in the locked state to prohibit access to the computing device.
However, in the same field of endeavor Kussmaul discloses the remaining limitations of claim 1 as follows:
computing device that is operating in a locked state (paras. [0037]: a lock system that is locked): 
		in response to verifying that the decrypted at least one file matches excepted data for the at least one file:
transitioning into an unlocked state to permit access to the computing device (paras. [0037]: in response to verifying that the decrypted file matches the file originally generated (i.e. expected data for the file), transitioning into an unlock state) ; and
in response to identifying that the decrypted at least one file does not match the expected data for the at least one file:
remaining in the locked state to prohibit access to the computing device (paras. [0037]: in response to determining that the decrypted file does not match the file originally generated, the locked system does not unlock and continues to prevent access to the locked system).
Kussmaul is combinable with Allen and Matyas because all three are from the same field of endeavor of generating secure encryption and decryption keys.  It would have been obvious to one of ordinary skill in the art at the time of the invention to integrate Kussmaul’s method of transitioning into an unlocked state upon verifying that the decrypted file contents match with the system of Allen and Matyas in order to make the system more secure by only unlocking the computing device upon verifying that the file contents have not been tampered with prior to providing the user with access to the file contents.

	Regarding claims 2, 9 and 16, Allen, Matyas, and Kussmaul the limitations of the method of claim 1, the non-transitory computer readable storage medium of claim 8, and the computing device of claim 15.
Matyas teaches the limitations of claims 2, 9 and 16 as follows:
wherein prohibiting access to the computing device comprises: 
displaying a first indication that an input of the password is invalid (col. 11, ll. 65-66; col. 12, ll. 8-16: providing the user with notification that the calculations derived from the password did not equal the expected values (i.e. indicating that the password and/or one or the intermediate values is invalid)).
It would have been obvious to one of ordinary skill in the art at the time of the invention to integrate Matyas’ method of providing the system of Allen with a first indication that the password input is invalid in order to provide the user with feedback enabling the user to potentially remedy the problem by re-entering the correct password.

Regarding claims 5, 12 and 19, Allen, Matyas, and Kussmaul teach the limitations of the method of claims 1, the non-transitory computer readable storage medium of claims 8, and the computing device of claims 15.
Kussmaul teaches the limitations of claims 5, 12 and 19 as follows:
wherein the unlocked state, the computing device permits access to at least one file that is inaccessible when the computing device is operating in the locked state (paras. [0006], [0037]: the authentication device, when acting as a lock that is unlocked, permits access to at least a stored image file fingerprint that is encrypted and inaccessible when the authentication device is locked (i.e. in the locked state)).
It would have been obvious to one of ordinary skill in the art at the time of the invention to integrate Kussmaul’s method of permitting access to files after unlocking with the 

Regarding claims 6, 13 and 20, Allen, Matyas, and Kussmaul the limitations of the method of claim 1, the non-transitory computer readable storage medium of claim 8, and the computing device of claim 15.
Allen and Matyas teach the limitations of claims 6, 13 and 20 as follows:
further comprising: 
generating a new encryption key (Matyas, col. 14, ll. 7-10: generating a new key encrypting key k based on updating a new passphrase); 
adding the new encryption key to the decrypted key bag (Allen, paras. [0015], [0042], [0046], [0054], [0057], [0061]: adding new private keys for signing (i.e. encryption keys) to a key bag that has been decrypted using a PIN/password each time a new session starts); and 
encrypting the decrypted at least one file using the new encryption key (Matyas, col. 14, ll. 7-25: encrypting the decrypted file using the new encrypting key k).
It would have been obvious to one of ordinary skill in the art at the time of the invention to integrate Matyas’ method of encrypting the decrypted file using the new encryption key with the system of Allen in order to enable the user to specify and update all of their files with a new encryption key by updating the user passphrase.


Allen teaches the limitations of claims 7 and 14 as follows:
further comprising: 
identifying at least one encryption key in the decrypted key bag that has no association with any encrypted files stored on the computing device (Allen, paras. [0054], [0060]-[0061]: identifying keys for signing (i.e. at least one encryption key) in the key bag/key container that has been decrypted using a password (i.e. decrypted key bag) that meet some predetermined criteria for expiring causing the keys to no longer be permitted for use in encrypting/decrypting user credentials/files); and 
removing the at least one encryption key from the decrypted key bag (Allen, paras. [0054], [0060]-[0061]: erasing keys for signing (i.e. encryption keys) from the key container that has been decrypted using a password (i.e. decrypted key bag)).

	Regarding claim 8, Allen teaches the limitations substantially as follows:
At least one non-transitory computer readable storage medium configured to store instructions that, when executed by at least one processor included in a computing device, cause the computing device to control access to the computing device, by carrying out steps that include: 
utilizing a password to decrypt an encrypted key bag to produce a decrypted key bag, wherein the decrypted key bag includes a plurality of encryption keys(paras. [0042], [0046], [0056], [0057], [0059], Fig. 2: at a user computing system decrypting an encrypted key bag using a Personal Identification Number (i.e. password) to produce a decrypted key bag, wherein the decrypted key bag includes private keys for signing/encrypting); 
Allen does not explicitly disclose the remaining limitations of claim 8 as follows:
computing device that is operating in a locked state: 
decrypting, using at least one encryption key of the plurality of encryption keys, at least one encrypted file stored on the computing device to produce a decrypted at least one file; and 
		in response to verifying that the decrypted at least one file matches excepted data for the at least one file:
			transitioning into an unlocked state to permit access to the computing device; and
in response to identifying that the decrypted at least one file does not match the expected data for the at least one file:
			remaining in the locked state to prohibit access to the computing device.
However, in the same field of endeavor Matyas discloses the limitations of claim 8 as follows:
decrypting, using at least one encryption key of the plurality of encryption keys, at least one encrypted file stored on the computing device to produce a decrypted at least one file (col. 2, l. 40 – col. 3, l. 6; col. 5, ll. 63-65; col. 6, ll. 27-31; : decrypting an encrypted file stored on a client data processing system acting as a server (i.e. computing device) to produce a decrypted file using a decrypted file encryption key (i.e. at least one encryption key) from a plurality of file encryption keys); and 
		in response to verifying that the decrypted at least one file matches excepted data for the at least one file:
permitting access to the computing device (col. 2, l. 40 – col. 3, l. 6: in response to verifying that the decrypted hash value and message authentication code of the file header (i.e. decrypted at least one file) matches expected recovered verification value and message authentication code of the file (i.e. expected data for the file), permitting access to the file of the data processing system); and
in response to identifying that the decrypted at least one file does not match the expected data for the at least one file:
prohibiting access to the computing device (col. 2, l. 40 – col. 3, l. 6; col. 11, ll. 49-66; col. 12, ll. 8-16: in response to verifying that the decrypted hash value and message authentication code of the file header (i.e. decrypted at least one file) matches expected recovered verification value and message authentication code of the file (i.e. expected data for the file), preventing access to the file of the data processing system).
Matyas is combinable with Allen because both are from the same field of endeavor of using a passphrase to encrypt and decrypt keys for secure management of encryption/decryption keys.  It would have been obvious to one of ordinary skill in the art at the time of the invention to integrate Matyas’ method of verifying the decrypted at least one file matches expected data for the at least one file with the system of Allen in order to make the system more secure by verifying that the file contents have not been tampered with prior to providing the user with access to the file contents.
Neither Matyas or Allen disclose the remaining limitations of claim 8 as follows:
computing device that is operating in a locked state: 
		in response to verifying that the decrypted at least one file matches excepted data for the at least one file:
			transitioning into an unlocked state to permit access to the computing device; and
in response to identifying that the decrypted at least one file does not match the expected data for the at least one file:
			remaining in the locked state to prohibit access to the computing device.
However, in the same field of endeavor Kussmaul discloses the remaining limitations of claim 8 as follows:
computing device that is operating in a locked state (paras. [0037]: a lock system that is locked): 
		in response to verifying that the decrypted at least one file matches excepted data for the at least one file:
transitioning into an unlocked state to permit access to the computing device (paras. [0037]: in response to verifying that the decrypted file matches the file originally generated (i.e. expected data for the file), transitioning into an unlock state) ; and
in response to identifying that the decrypted at least one file does not match the expected data for the at least one file:
remaining in the locked state to prohibit access to the computing device (paras. [0037]: in response to determining that the decrypted file does not match the file originally generated, the locked system does not unlock and continues to prevent access to the locked system).
Kussmaul is combinable with Allen and Matyas because all three are from the same field of endeavor of generating secure encryption and decryption keys.  It would have been obvious to one of ordinary skill in the art at the time of the invention to integrate Kussmaul’s method of transitioning into an unlocked state upon verifying that the decrypted file contents match with the system of Allen and Matyas in order to make the system more secure by only unlocking the computing device upon verifying that the file contents have not been tampered with prior to providing the user with access to the file contents.

	Regarding claim 15, Allen teaches the limitations substantially as follows:
A computing device configured to control access to the computing device, the computing device comprising: 
at least one processor; and
at least one memory storing instructions that, when executed by the at least one processor, cause the computing device to: 
utilize a password to decrypt an encrypted key bag to produce a decrypted key bag, wherein the decrypted key bag includes a plurality of encryption keys(paras. [0042], [0046], [0056], [0057], [0059], Fig. 2: at a user computing system decrypting an encrypted key bag using a Personal Identification Number (i.e. password) to produce a decrypted key bag, wherein the decrypted key bag includes private keys for signing/encrypting); 
Allen does not explicitly disclose the remaining limitations of claim 15 as follows:
computing device that is operating in a locked state: 
decrypting, using at least one encryption key of the plurality of encryption keys, at least one encrypted file stored on the computing device to produce a decrypted at least one file; and 
		in response to verifying that the decrypted at least one file matches excepted data for the at least one file:
			transitioning into an unlocked state to permit access to the computing device; and
in response to identifying that the decrypted at least one file does not match the expected data for the at least one file:
			remaining in the locked state to prohibit access to the computing device.
However, in the same field of endeavor Matyas discloses the limitations of claim 15 as follows:
decrypting, using at least one encryption key of the plurality of encryption keys, at least one encrypted file stored on the computing device to produce a decrypted at least one file (col. 2, l. 40 – col. 3, l. 6; col. 5, ll. 63-65; col. 6, ll. 27-31; : decrypting an encrypted file stored on a client data processing system acting as a server (i.e. computing device) to produce a decrypted file using a decrypted file encryption key (i.e. at least one encryption key) from a plurality of file encryption keys); and 
		in response to verifying that the decrypted at least one file matches excepted data for the at least one file:
permitting access to the computing device (col. 2, l. 40 – col. 3, l. 6: in response to verifying that the decrypted hash value and message authentication code of the file header (i.e. decrypted at least one file) matches expected recovered verification value and message authentication code of the file (i.e. expected data for the file), permitting access to the file of the data processing system); and
in response to identifying that the decrypted at least one file does not match the expected data for the at least one file:
prohibiting access to the computing device (col. 2, l. 40 – col. 3, l. 6; col. 11, ll. 49-66; col. 12, ll. 8-16: in response to verifying that the decrypted hash value and message authentication code of the file header (i.e. decrypted at least one file) matches expected recovered verification value and message authentication code of the file (i.e. expected data for the file), preventing access to the file of the data processing system).
Matyas is combinable with Allen because both are from the same field of endeavor of using a passphrase to encrypt and decrypt keys for secure management of encryption/decryption keys.  It would have been obvious to one of ordinary skill in the art at the time of the invention to integrate Matyas’ method of verifying the decrypted at least one file matches expected data for the at least one file with the system of Allen in order to make the system more secure by verifying that the file contents have not been tampered with prior to providing the user with access to the file contents.
Neither Matyas or Allen disclose the remaining limitations of claim 15 as follows:
computing device that is operating in a locked state: 
		in response to verifying that the decrypted at least one file matches excepted data for the at least one file:
			transitioning into an unlocked state to permit access to the computing device; and
in response to identifying that the decrypted at least one file does not match the expected data for the at least one file:
			remaining in the locked state to prohibit access to the computing device.
However, in the same field of endeavor Kussmaul discloses the remaining limitations of claim 15 as follows:
computing device that is operating in a locked state (paras. [0037]: a lock system that is locked): 
		in response to verifying that the decrypted at least one file matches excepted data for the at least one file:
transitioning into an unlocked state to permit access to the computing device (paras. [0037]: in response to verifying that the decrypted file matches the file originally generated (i.e. expected data for the file), transitioning into an unlock state) ; and
in response to identifying that the decrypted at least one file does not match the expected data for the at least one file:
remaining in the locked state to prohibit access to the computing device (paras. [0037]: in response to determining that the decrypted file does not match the file originally generated, the locked system does not unlock and continues to prevent access to the locked system).
Kussmaul is combinable with Allen and Matyas because all three are from the same field of endeavor of generating secure encryption and decryption keys.  It would have 

Claims 3, 10 and 17 are rejected under pre-AIA  35 U.S.C. 103(a) as being as being unpatentable over Allen (US 2010/0172504) in view of Matyas (US 7,010,689) and Kussmaul (US 2006/0242423), as applied to claims 1, 8 and 15, further in view of Cross (US 2006/0179309).
Regarding claims 3, 10 and 17, Allen and Matyas and Kussmaul teach the limitations of the method of claims 1-2, the non-transitory computer readable storage medium of claims 8-9, and the computing device of claims 15-16.
Allen teaches the limitations of claims 3, 10 and 17 as follows:
further comprising, prior to receiving the input of the password: 
to determine whether the input of the password is required (Allen, paras. [0042], [0054]: determining whether input of PIN/password is required for decryption)
Neither Allen or Matyas or Kussmaul explicitly teaches the remaining limitations of claims 3, 10 and 17:
interfacing with a security process to determine whether the input of the password is required; and 
receiving a second indication from the security process that the input the password is required; and 
displaying a prompt at the computing device to input the password.
However, in the same field of endeavor, Cross teaches the limitations of claims 3, 10 and 17 as follows:
further comprising, prior to receiving the input of the password: 
interfacing with a security process to determine whether the input of the password is required (Cross, paras. [0046]-[0047]: interacting with encryption file system (EFS) (i.e. interfacing with security process) to determine whether input of PIN/password is required); and 
receiving a second indication from the security process that the input the password is required (Cross, paras. [0046]-[0047]: interactions with EFS lead to receiving response to query indicating that a PIN/password is required to be input); and 
displaying a prompt at the computing device to input the password (Cross, paras. [0046]-[0047]: displaying prompt to user for input of PIN/password).
Cross is combinable with Allen, Matyas and Kussmaul because all four are from the same field of endeavor of using a passphrase/password to encrypt and decrypt keys for secure management of encryption/decryption keys.  It would have been obvious to one of ordinary skill in the art at the time of the invention to integrate Cross’s method of prompting the user to input a password after determining that input of the password is 

Claims 4, 11, and 18 are rejected under pre-AIA  35 U.S.C. 103(a) as being as being unpatentable over Allen (US 2010/0172504) in view of Matyas (US 7,010,689) and Kussmaul (US 2006/0242423), as applied to claims 1, 8 and 15, further in view of Hilbert (US 2008/0114990).
Regarding claims 4, 11 and 18, Allen, Matyas and Kussmaul teach the limitations of the method of claims 1, the non-transitory computer readable storage medium of claims 8, and the computing device of claims 15.
Neither Allen, Matyas or Kussmaul teach the limitations of claims 4, 11 and 18 as follows:
wherein when the computing device enters into the locked state, the computing device purges, from a volatile memory communicably coupled to the computing device entering into a wake state;
at least one encryption key, and 
data of at least one file that is associated with the at least one encryption key.
However, in the same field of endeavor, Hilbert teaches the limitations of claims 4, 11 and 18 as follows:
wherein when the computing device enters into the locked state, the computing device purges, from a volatile memory communicably coupled to the computing device entering into a wake state;
at least one encryption key (paras. [0009], [0044]: deleting decryption/encryption key when the access ticket for the device is no longer valid causing access to the information on the device to no longer be permitted (i.e. when the device enters a locked state), and 
data of at least one file that is associated with the at least one encryption key (paras. [0006], [0024]-[0026], [0044], [0046]-[0047]: erasing files to be shared after the access tickets expires or when the erase button is pushed indicating that access to the information on the device is no longer to be permitted (i.e. device enters a locked state)).
Hilbert is combinable with Allen, Matyas and Kussmaul because all four are from the same field of endeavor of encrypting data for secure storage of secure data.  It would have been obvious to one of ordinary skill in the art at the time of the invention to integrate Hilbert’s method of deleting/erasing file information and keys when the computer enters a locked state with the system of Kussmaul, Allen and Matyas in order to ensure that sensitive file data and keys are not compromised by the locked device when the device enters a situation in which it has to be locked. 

Conclusion 
For the above reasons, claims 1-20 are rejected.
Prior art not relied upon but applied/considered includes:

THIS ACTION IS MADE FINAL.  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to SHARON S LYNCH whose telephone number is (571)272-4583.  The examiner can normally be reached on 10AM-6PM.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Taghi T Arani can be reached on 571-272-3787.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
/SHARON S LYNCH/Primary Examiner, Art Unit 2438