Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Examiner’s Note
	Examiner called Applicant and proposed amending independent claims 1 & 26 incorporating claims 2 & 3 and claim 13 incorporating limitation of 16 and fixing antecedent issue and revising incorporating phrase "request of users" in the second paragraph of the claim 13 to clarify the claim recitation and told the Applicant, if he accepts Examiner’s proposition, the case will be placed in allowable condition.  The Applicant agreed to consider the suggestion and get back with a response within few days. Later on the Applicant emailed the proposed amendment as recommended by the Examiner (please  see attached “Email from the Applicant” for details). The Applicant also attached minor amendment of few paragraphs  of Specification ( please see the attached “Email from the Applicant” for details) which has been reviewed and okayed to be entered.
EXAMINER’S AMENDMENT
An examiner's amendment to the record appears below. Should the changes and/or additions be unacceptable to applicant, an amendment may be filed as provided by 37 CFR 1.312. To ensure consideration of such an amendment, it MUST be submitted no later than the payment of the issue fee.
Authorization for this examiner's amendment was given via email from Larry Merkel (Reg. No.41,191) on 04/07/2021. 
AMENDMENTS TO THE CLAIMS:
          The following listing of claims will replace all prior versions and listings of claims in this application.
LISTING OF CLAIMS
	
	1.  (Currently Amended) A hardware security module (HSM) comprising:
a key storage storing a plurality of cryptographic key/token pairs during 
use, wherein at least a first key/token pair of the plurality of cryptographic key pairs is assigned to a first entity and includes a first private token, and wherein a plurality of entities are associated with the first entity; and
a cryptographic engine coupled to the key storage, the cryptographic engine configured to respond to a private token usage request for the first private token received from a second entity of the plurality of entities with a cryptographically-signed object signed using the first private token responsive to determining, in the cryptographic engine, that one or more approvals from one or more third entities of the plurality of entities have been received by the cryptographic engine, wherein the approvals are indicated via approval tokens corresponding to the third entities from one or more verified sources, wherein the first private token is augmented with public keys of the one or more third entities to indicate the approvals of the one or more third entities are required, and wherein the first private token is further augmented with one or more time parameters, wherein the cryptographic engine is configured to respond with the cryptographically-signed object responsive to the approvals being received within a time period indicated by the one or more time parameters.

2-3.  (Cancelled) 

4.  (Original) The HSM as recited in claim 1 wherein the private token usage request 

5.  (Previously Presented) The HSM as recited in claim 4 wherein the cryptographic engine is configured to record the subset of the one or more approvals in response to the private token usage request, and to wait for additional approvals prior to responding to the private token usage request with the cryptographically-signed object.

6.  (Original) The HSM as recited in claim 5 wherein a remaining subset of the one or more approvals are received as one or more approval messages from the one or more third entities.

7.  (Original) The HSM as recited in claim 1 wherein the private token usage request includes the one or more approvals, and the cryptographic engine is configured to respond with the cryptographically-signed object directly in response to the private token usage request.

8.  (Original) The HSM as recited in claim 1 wherein the HSM is divided into a plurality of partitions corresponding to the plurality of entities, and wherein a first partition assigned to the second entity includes the first key/token pair.

9.  (Cancelled)

10.  (Original) The HSM as recited in claim 8 wherein each entity of the plurality of entities is configured to communicate with the corresponding partition of the plurality of partitions through an application programming interface to the HSM, whereby the first private token is not accessible to the second entity even though the first partition includes the first key/token pair.

11.  (Cancelled)

12.  (Currently Amended) The HSM as recited in claim 1 wherein the plurality of cryptographic key/token pairs comprise a plurality of second cryptographic key/token pairs assigned to the plurality of entities.

13.  (Currently Amended) A hardware security module (HSM) comprising:

a key storage storing a plurality of cryptographic key/token pairs during use, wherein at least a first key/token pair of the plurality of cryptographic key/token pairs is assigned to a first entity and a plurality of users are associated with the first entity, and wherein a first subset of the plurality of users which are permitted to approve a signature of the first entity are associated with a first private token of the first key/token pair; and
a cryptographic engine coupled to the key storage, the cryptographic engine configured to cryptographically-sign a document using the first private token on behalf of the first entity responsive to a request from one of the plurality of users and further responsive to determining that a plurality of approvals have been received from the first subset of the plurality of users, and wherein one or more time parameters are associated with the first private token, and wherein the cryptographic engine is configured to terminate an attempt to cryptographically sign the document on behalf of the first entity in response to a failure to receive the approvals within a time frame defined by the one or more time parameters.

14.  (Original) The HSM as recited in claim 13 wherein the plurality of approvals are received from a second subset of the first subset of the plurality of users, wherein the second subset excludes at least one user that is in the first subset.

15.  (Original) The HSM as recited in claim 13 wherein the plurality of approvals are received from a second subset of the first subset of the plurality of users, wherein the second subset is a quorum of the first subset.

16-22.  (Cancelled) 

23.  (Previously Presented) The HSM as recited in claim 1 wherein the first private token is augmented with one or more parameters that specify one or more consent requirements that are to be satisfied before the cryptographic engine provides the cryptographically-signed object.

24.  (Previously Presented) The HSM as recited in claim 1 wherein the first private token is augmented with one or more usage attributes specifying permitted usages of the first private token. 

25.  (Previously Presented) The HSM as recited in claim 1 wherein the cryptographic engine is configured to apply one or more requirements combined by logical connectors.

26.  (Currently Amended) A method comprising:
storing a plurality of cryptographic key/token pairs in a key storage of a hardware security module (HSM), wherein at least a first key/token pair of the plurality of cryptographic key/token pairs is assigned to a first entity and includes a first private token, and wherein a plurality of entities are associated with the first entity; and
responding, from a cryptographic engine in the HSM, to a private token usage request for the first private token received from a second entity of the plurality of entities with a cryptographically-signed object signed using the first private token responsive to determining, in the cryptographic engine, that one or more approvals from one or more third entities the plurality of entities have been received by the cryptographic engine, wherein the approvals are indicated via approval tokens corresponding to the third entities from one or more verified sources wherein the first private token is augmented with public keys of the one or more third entities to indicate the approvals of the one or more third entities are required, and wherein the first private token is further augmented with one or more time parameters, and wherein the responding with the cryptographically-signed object is further responsive to the one or more approvals being received within a time period indicated by the one or more time parameters.

27-29.  (Cancelled) 

30.  (Currently Amended) The method as recited in claim [[29]] 26 wherein the one or more approvals are received from a one or more third entities, wherein the one or more third entities.

31.  (New) The method as recited in claim 26 wherein the first private token is augmented with one or more usage attributes specifying permitted usages of the first private token. 

32.  (New) The method as recited in claim 26 further comprising applying, by the cryptographic engine, one or more requirements combined by logical connectors.

33.  (New) The method as recited in claim 26 wherein the private token usage request includes at least a subset of one or more approvals.

34.  (New) The method as recited in claim 33 further comprising:

recording, by the cryptographic engine, the subset of the one or more approvals in response to the private token usage request; and
waiting, by the cryptographic engine, for additional approvals prior to responding to the private token usage request with the cryptographically-signed object.

35.  (New) The method as recited in claim 34 further comprising receiving, by the cryptographic engine, a remaining subset of the one or more approvals as one or more approval messages from the one or more third entities.

36.  (New) The method as recited in claim 26 wherein the private token usage request includes the one or more approvals, and the method further comprises responding, by the cryptographic engine, with the cryptographically-signed object directly in response to the private token usage request.

IN THE SPECIFICATION:
Please replace paragraph [0021] with the following amended paragraph:
[0021]	Within this disclosure, different entities (which may variously be referred to as "units," "circuits," other components, etc.) may be described or claimed as "configured" to perform one or more tasks or operations.  This formulation—[entity] configured to [perform one or more tasks]—is used herein to refer to structure (i.e., something physical, such as an electronic circuit).  More specifically, this formulation is used to indicate that this structure is arranged to perform the one or more tasks during operation.  A structure can be said to be "configured to" perform some task even if the structure is not currently being operated.  A "clock circuit configured to generate an output clock signal" is intended to cover, for example, a circuit that performs this function during operation, even if the circuit in question is not currently being used (e.g., power is not connected to it).  Thus, an entity described or recited as "configured to" perform some task refers to something physical, such as a device, circuit, memory storing program instructions executable to implement the task, etc.  This phrase is not used herein to refer to something intangible.  In general, the circuitry that forms the structure corresponding to "configured to" may include hardware circuits.  The hardware circuits may include any combination of combinatorial logic circuitry, clocked storage devices such as flipflops, registers, latches, etc., finite state machines, memory such as static random access memory or embedded dynamic random access memory, custom designed circuitry, analog circuitry, programmable logic arrays, etc.  Similarly, various units/circuits/components may be described as performing a task or tasks, for convenience in the description.  Such descriptions should be interpreted as including the phrase "configured to."

Please replace paragraph [0025] with the following amended paragraph:
[0025]	As used herein, the term "based on" or "dependent on" is used to describe one or more factors that affect a determination.  This term does not foreclose the possibility that additional factors may affect the determination.  That is, a determination may be solely based on specified factors or based on the specified factors as well as other, unspecified factors.  Consider the phrase "determine A based on B."  This phrase specifies that B is a factor [[is]] used to determine A or that affects the determination of A.  This phrase does not foreclose that the determination of A may also be based on some other factor, such as C.  This phrase is also intended to cover an embodiment in which A is determined based solely on B.  As used herein, the phrase "based on" is synonymous with the phrase "based at least in part on."

Please replace paragraph [0030] with the following amended paragraph:
[0030]	The identity verification system 12 may be a computer system (e.g. a server) that provides identity verification for the HSM 10, attesting that a given user is indeed the user and not a third party impersonating the user.  Any mechanism for identity verification may be used.  Generally, the user presents one or more credentials that have previously been associated with the user, and the identity verification system 12 may analyze the credentials to determine that it is the user providing the credentials.  For example, the user may have a password or other data that the user (or an administrator for the entity) may have used when creating an account with the identity verification system 12.  The user may present the password/data to the identity verification system 12.  The user may have previously enrolled answers to one or more security questions that the identity verification system 12 may present to the user for the user to identify himself/herself to the identity verification system 12.  The user may have enrolled biometric data such as a fingerprint, photo or other facial recognition data, eye scan data, voice print, etc.  The user system 14A-14D may capture corresponding biometric data for the human that is using the system, and may transfer the biometric data to the identity verification system 12 for comparison to the enrolled data.  The user may have a cell phone number or email address that may be contacted with a verification code to enter when the user attempts to verify his/her identity with the identity verification system 12.  The user may also have a physical security device in his/her possession which may be presented in some way to the identity verification system 12.  For example, the physical security device may include a pseudo-random number generating device that is in sync with the identity verification system 12, so that the identity verification system 12 may determine the number that will be generated at a given point in time.   The physical security device may be a smart card that could be scanned by the user system 14A-14D (or a peripheral device coupled to the user system) and the data from the smart card may be transmitted to the identity verification system 12.  In another example, the physical system 14A-14D from which the user presents credentials may be used as an additional check by the identity verification system 12 (e.g. the systems that are known to be in the user's possession or assigned to the user may be recorded by the identity verification system 12).  Multifactor authentication may be used in which two or more mechanisms to prove the user's identity may be used.  In response to verifying the user, the identity verification system 12 may directly attest to the HSM 10 that user is verified, or may indirectly attest to the user's identity by issuing an unmodifiable datum (e.g. a security certificate) to the user that can be presented to the HSM 10 to indicate the verification.

Please replace paragraph [0043] with the following amended paragraph:
[0043] 	On the other hand, if the signature request lacks one of the approvals, the user B or D may transmit the approval as a separate message (dashed arrows 44 and 46).  The message may include the approval [[toke]] token from that user, for example.  The HSM 10 may apply the signature of the entity and return the signed document to the user A after receiving the approvals in this case.  The approval of a given user may also be referred to as the consent of the user.  In another embodiment, the signature request may be required to include the approvals and the HSM 10 may fail the signature request if a required approval is not present in the request.  Thus, the collection of the approvals may occur within the HSM 10 or outside the HSM 10, in various embodiments.

Allowable Subject Matter
Claims 1, 4-8, 10, 12-15,23-26 & 30-36 are allowed.

	The following is an examiner’s statement of reasons for allowance:
Regarding claims 1 & 26, although the prior art of record teaches (such as, McMillan (US 20040039925 as mentioned in IDS dated 09-04-2019)) a key storage storing a plurality of cryptographic key/token pairs during use, none of the prior art, alone or in combination teaches responsive to determining, in the cryptographic engine, that one or more approvals from one or more third entities of the plurality of entities have been received by the cryptographic engine, wherein the approvals are indicated via approval tokens corresponding to the third entities from one or more verified sources, wherein the first private token is augmented with public keys of the one or more third entities to indicate the approvals of the one or more third entities are required, and wherein the first private token is further augmented with one or more time parameters, wherein the cryptographic engine is configured to respond with the cryptographically-signed object responsive to the approvals being received within a time period indicated by the one or more time parameters; in view of other limitations of claims 1 & 26.
Regarding claim 13, although the prior art of record teaches (such as, McMillan (US 20040039925 as mentioned in IDS dated 09-04-2019)) a key storage storing a plurality of cryptographic key/token pairs during use, none of the prior art, alone or in combination teaches a cryptographic engine coupled to the key storage, the cryptographic engine configured to cryptographically-sign a document using the first private token on behalf of the first entity responsive to a request from one of the plurality of users and further responsive to determining that a plurality of approvals have been received from the first subset of the plurality of users, and wherein one or more time parameters are associated with the first private token, and wherein the cryptographic engine is configured to terminate an attempt to cryptographically sign the document on behalf of the first entity in response to a failure to receive the approvals within a time frame defined by the one or more time parameters; in view of other limitations of claim 13.
	The closest prior art (patent publications) made of records are: 
McMillan (US20040039925 as mentioned in IDS 09-04-2019) discloses a mechanism, method and apparatus for providing cryptographic key management. In one example, a cryptographic key management system (100') includes a plurality of processing mechanisms (140) for receiving data to be signed according one or more signing cryptographic keys. Each processing mechanism (140) is coupled to one or more respective cryptographic key modules, such as a hardware security module (146) configured to store the cryptographic key(s). A network configuration database (144) is accessible by each processing mechanism (140) and stores information identifying the cryptographic key(s) stored in the cryptographic key modules (146). 
 Kancharla (US20150358161 as mentioned in IDS 01/17/2020) teaches a new approach is proposed to support secured hardware security module (HSM) backup for a plurality of web services hosted in a cloud to offload their key storage, management, and crypto operations to the HSM. Each HSM is a high-performance, FIPS 140-compliant security solution for crypto acceleration of the web services. Each HSM includes multiple partitions isolated from each other, where each HSM partition is dedicated to support one of the web service hosts/servers to offload its crypto operations via a HSM virtual machine (VM) over the network. The HSM-VM is configured to export objects from the key store of a first HSM partition to a key store of a second HSM partition, wherein the second HSM partition is configured to serve the key management and crypto operations offloaded from the web service host once the objects exported from the key store of the first HSM partition are received. 
 Schmidt (US20200169415) teaches methods and systems for obtaining a high trust digital signature from a signer utilizing a high trust signature mobile device are described. Some embodiments include receiving, at the high trust signature mobile device, a signature request regarding a document that requires a high trust digital signature. The signature request includes a one-time signer authentication code. The document that requires the high trust digital signature is displayed on the mobile device. Then a plurality of signer verification elements is obtained. Obtaining a plurality of signer verification elements includes obtaining from the signer a signer-specific password. Furthermore, it includes automatically applying the one-time signer authentication code obtained from the signature request. Then the signature request is replied to by providing the plurality of signer verification elements to a server system for verification. Once the signer verification elements are validated, the high trust signature is applied to the document. 
  Geoffrey(US20150280921) teaches a system or method for enrolling a signature may include transmitting a user's public key and a time stamp to a client device. The method may further include receiving an encrypted time stamp and encrypted signature data associated with the user, wherein the signature data is encrypted using the user's public key. The encrypted time stamp may be decrypted using the user's private key, and the received encrypted signature data may be validated based on the decrypted time stamp. If the received encrypted signature data is determined to be valid, the encrypted signature data may be stored and digitally signed with the user's private key. The encrypted signature data may be further digitally certified with an administrator's private key. 
Stahlberg (US20180367311) teaches a method for processing a cryptographic operation request includes receiving, at a hardware security module (HSM), the cryptographic operation request including a cryptographic key and at least one authorization token, determining, by the HSM, whether an access control list (ACL) associated with the cryptographic key of the cryptographic operation request is authorized to govern access to the cryptographic key, and validating, by the HSM, the at least one authorization token. When the at least one authorization token is valid and the ACL is authorized to govern access to the cryptographic key of the cryptographic operation request, the method includes processing, by the HSM, the cryptographic operation request. 
Any comments considered necessary by applicant must be submitted no later than the payment of the issue fee and, to avoid processing delays, should preferably accompany the issue fee.  Such submissions should be clearly labeled “Comments on Statement of Reasons for Allowance”.
Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to SHER KHAN whose telephone number is (571)272-8574.  The examiner can normally be reached on Monday-Friday-8:00am - 5:00pm (EST).If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Eleni Shiferaw can be reached on 571-272-3867.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system. Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/SHER A KHAN/           Primary Examiner, Art Unit 2497