DETAILED ACTION

Continued Examination under 37 CFR 1.114
1. 	The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection. Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114. Applicant's submission filed on February 22, 2021 has been entered. 	
2.	Claims 1 and 12 are amended. Claims 2 and 13 are canceled, therefore the claims 1, 3-12 and 14-22 are pending and herein considered.   

Notice of Pre-AIA  or AIA  Status
3.	The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Information Disclosure Statement
4.	Information disclosure statements (IDS) submitted on 02/22/2021 considered by the examiner.

Response to Applicant’s arguments
5.	Applicant has not responded to claim 5 objection in the previous office action. Therefore, the objection to claim 5 is maintained.
6.	Applicant arguments are not persuasive and moot in view of new ground of rejection rendered as the added limitations and arguments based on added limitations are based on design choice where “issuer credential” and “entity” do not communicate with each other and they separately communicate directly with “public storage”. Examiner has issued a 103 rejection vs previous 102 rejection in order to address applicant amendments, However examiner take a position that 102 rejection rendered previously is proper in view of the fact the added limitations only is an option for design choice rather than fundamental differences between applicant invention novelty vs Hook invention.

 Claim Objections
7.	Claim 5 is objected for reciting of limitation “the new credential using a ID-based encryption process”. Examiner suggest the limitation “the new credential using an ID-based encryption process” as replacement limitation.

Claim Rejections - 35 USC § 103
8.	In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
9.	The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the 


10.	The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459 (1966), that are applied for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.
11.	This application currently names joint inventors. In considering patentability of the claims the examiner presumes that the subject matter of the various claims was commonly owned as of the effective filing date of the claimed invention(s) absent any evidence to the contrary.  Applicant is advised of the obligation under 37 CFR 1.56 to point out the inventor and effective filing dates of each claim that was not commonly owned as of the effective filing date of the later invention in order for the examiner to consider the applicability of 35 U.S.C. 102(b)(2)(C) for any potential 35 U.S.C. 102(a)(2) prior art against the later invention.

12.	Claims 1, 3-12 and 14-22 are rejected under 35 U.S.C. 103 as being unpatentable over Hook et al. U.S. 2014/0325231 hereinafter “Hook” Published Oct. 30, 2014 in view of Fransdonk U.S. 2003/0163684 hereinafter “Fransdonk” Filed Dec. 16, 2002. 

Regarding claim 1, Hook teaches: A credential issuing system (Hook teaches credential issuing system see FIG. 1 system 120 para. [0012, 0029 and 0085]), comprising:
public storage (Hook, see FIG. 1 item 160 and FIG. 2 item 290 in conjunction with para. [0109], “Storage Service 290 is another representation of Storage Service 160 shown in FIG. 1. Storage Service 290 is where Encrypted Content 260 may be stored”);
a credential issuer coupled to the public storage to communicate credential information between the credential issuer and the public storage (Hook see FIG. 1 items 170, 142, 160 in conjunction with FIG 3. Items 311, 313, 330, and 360 and see para. [255 and 0039], “Allows remote storage, perhaps on a server or using a service that may not be necessarily fully trusted. e.g. to a third party or outsourced information technology provider, as information remains in an encrypted form outside the client”; Fig. 2 disclose user 102, 212 and 213 where user 1 and 3 belong to two different community or group and user 2 is subscribed to both community where examiner consider subscribing to each community as having a new credential conditioned on access and privileges given to corresponding community or communities);
a policy store coupled to the credential issuer, the policy store having a plurality of security policy rules, wherein each security policy rule indicates whether a new credential is issued to a particular entity that uses the entity device (Hook see FIG. 1 item 152 and FIG. 2 in conjunction with para. [0094 and 0111], “These actions may also be restricted by policies which define constraints on functions and flows within the system. For example, policies may include defining rights, privileges, access controls, operational controls etc. Such policies may be stored as Parameters in a Permit (e.g. 232)”; Fig. 2 disclose user 102, 212 and 213 where user 1 and 3 belong to two different community or group and user 2 is subscribed to both community where examiner consider subscribing to each community as having a new credential conditioned on access and privileges given to corresponding community or communities); and
wherein the credential issuer generates a secured new credential that is encrypted for the particular entity in response to a request for a new credential and uploads the secured new credential for the particular entity to the public storage (Examiner note: Hook is capable of uploading any data where FIG. 1 items Application 101, content 110, credential 170, storage service 160 within the system 120; Hook first see para. [0236] where Hook disclose credential issuer generates secured ; and 
 	The entity device having a processor and a memory that retrieves the secured new credential from the public storage and decrypts the secured new credential to provide the new credential to the particular entity without communication directly between the entity device and the credential issuer (Hook, see FIG. 3 in conjunction with para. [0260] that The Client Controller 310 may associate each User Certificate 364 with the corresponding private key, the combination forming a User Credential 313; Examiner consider user 300 of fig. 3 cannot have credential 313 be generated unless it goes through certificate service 340 to generate user certificate which reads on applicant limitation “without communication directly between the entity device and the credential issuer”).
Hook does not explicitly disclose an entity device coupled to the public storage but not coupled to the credential issuer to communicate credential information only between the entity device and the public storage. 
However Fransdonk disclose an entity device coupled to the public storage but not coupled to the credential issuer to communicate credential information only between the entity device and the public storage (Fransdonk; FIG. 2, 6A-B, examiner consider “local content server 40” equate to applicant limitation “public storage”; “content provider 16” equate to applicant limitation “credential issuer”, and “content destination 22” equate to applicant limitation “an entity device” where there is no direct communication between “content provider 16” and “content destination 22” and both of them coupled to “local content server” (public storage). Furthermore Fig.6A-B ).


Regarding claim 3, Hook discloses all the limitations of claim 1. Hook further discloses: wherein the credential issuer retrieves a public key of a public key pair for the particular entity from the public storage and encrypts the new credential using the retrieved public key (Hook, Client Controller 310 may generate Certification Requests 363. To do so, the Client Controller 310 may generate Key Pairs 312. Such as public and private key pairs, para [0258], Fig. 3).
 
Regarding claim 4, Hook discloses all the limitations of claim 3. Hook further discloses: wherein the entity device decrypts the secured new credential using a secret key from the public key pair (Hook, see FIG. 4 in conjunction with para. [0266] that If Escrow Service 440 returns User Credentials 464 in an encrypted form, then Client Controller 410 may Decrypt 465 them in order to obtain User Credentials 413. The password or other mechanism to Decrypt 465 may be provided by the User 400; also see para. [0113], “Client Controllers may use Storage Service 290 to directly distribute and/or replicate all and/or parts of Permits. For example, Client Controller 221 who updates Permit! 231 may copy Permit! 231 to Storage 290. Client Controller 222 may then retrieve it at a necessary time. The mechanism( s) to communicate with Storage Service 290 may be stored as Parameters in the Permit ( e.g. 232). Permits may be replicated within and/or across Storage Services 290 such as for performance or availability reasons”).
Regarding claim 5, Hook discloses all the limitations of claim 1. Hook further discloses: wherein the request for the new credential includes an identity of the particular entity and wherein the credential issuer encrypts the new credential using a ID-based encryption process to form the secured new credential (Hook, see FIG. 4 in conjunction with para. [0265] that The Escrow Service 440 may use certificate information provided on a Connect 463 to identify User 400. If other credentials are provided on Connect 463, then Escrow Service 440 may need to Verify 431 identifying information to Identity Service 420).
 
Regarding claim 6, Hook discloses all the limitations of claim 5. Hook further discloses: an entity device that retrieves the secured new credential from the public storage and decrypts the secured new credential using a private key of the identity from a trusted source (Hook, see FIG. 3 in conjunction with para. [0260] that The Client Controller 310 may associate each User Certificate 364 with the corresponding private key, the combination forming a User Credential 313).
 
Regarding claim 7, Hook discloses all the limitations of claim 1. Hook further discloses: wherein the credential issuer generates a public key pair and encrypts the secured new credential using a shared key from the particular entity (Hook in above claims discloses generating key pairs end encrypting the credentials, see para. [0070] that Can seamlessly transition from one shared encryption key to a new one as all copies of keys need not be necessarily updated at the same time).
 
Regarding claim 8, Hook discloses all the limitations of claim 7. Hook further discloses: an entity device that generates the shared key, encrypts the shared key using the public key of the credential issuer and uploads the request for new credential and the encrypted shared key to the public storage (Hook, see para. [0070] that Can seamlessly transition from one shared encryption key to a new one as all copies of keys need not be necessarily updated at the same time; then see FIG. 4 in conjunction with para. [0264], “If the Escrow Service 440 requires certificate based credentials, then Client Controller 410 may generate a Temporary Key Pair 411 and provide identifying information such as a Token with a Certificate Request 461 to Certificate Service 430. Certificate Service 430 may Verify 421 the Token with the Identity Service 420 and may perform other checks, such as checking the validity of Certificate Request 461 and other predetermined criteria prior to issuing a Temporary Certificate 462. The Client Controller 410 may use the Temporary Certificate 462 to form a Temporary Credential 412 and may use this to Connect 463 to an Escrow Service 440”).
 
Regarding claim 9, Hook discloses all the limitations of claim 8. Hook further discloses: wherein the credential issuer decrypts the encrypted shared key using a private key of the public key pair to reveal the shared key (Hook, see para. [0076] that Throughout this specification, the word .key', without limitation, comprises any representation used in association with or operable on an encryption algorithm that enables encryption or decryption of information, such as, without limitation, asymmetric keys, symmetric keys, secret keys, public keys, private keys, password keys, one-time password keys, tickets, tokens, certificates, etc.; also see para. [0028], then see para. [0118], “A Community Key ( e.g. Cl b) may be obtained by using the private key ( e.g. 224) associated with the Client Controller (e.g. 221) to decrypt an Encrypted Community Key (e.g. 241)” ).
 
Regarding claim 10, Hook discloses all the limitations of claim 1. Hook further discloses: wherein the public storage stores previously generated credentials for one or more particular entities and further comprising an entity device for a particular entity that accesses the public storage to retrieve a previously generated credential for the particular entity (Hook, see FIG. 1 in conjunction with para. [0236] that all or part of the credentials may be generated by the User 100 and/or Client Controller 140 such as a label, identifier, password, private key, public key etc. The Credential Service may use these to generate further forms of credentials e.g. certificates).
 
Regarding claim 11, Hook discloses all the limitations of claim 1. Hook further discloses: wherein the credential issuer retrieves a request for a new credential for the particular entity from the public storage and generates a credential element in response to the request for the new credential (Hook, see FIG. 3 in conjunction with para. [0258] that the public keys and optionally nonce information are used to form Certification Requests 363 made to the Certificate Service 340. The Certificate Requests 363 may be in a standard form, such as a Public-Key Cryptography Standard 10 (PKCSH10) Certification Request; then see para. [0196, 226, and 276], “If information in a Permit is changed relating to the Stream, for example Parameters or a new Content Key, then the Client Controller may publish this changed Permit to other Client Controllers”).
 
Regarding claim 12, this claim defines a method claim that corresponds to system claim 1 and does not define beyond limitations of claim 1. Therefore, claim 12 is rejected with the same rational as in the rejection of claim 1.
 
Regarding claim 14, this claim defines a method claim that corresponds to system claim 3 and does not define beyond limitations of claim 3. Therefore, claim 14 is rejected with the same rational as in the rejection of claim 3.
 
Regarding claim 15, this claim defines a method claim that corresponds to system claim 4 and does not define beyond limitations of claim 4. Therefore, claim 15 is rejected with the same rational as in the rejection of claim 4.
 
Regarding claim 16, this claim defines a method claim that corresponds to system claim 5 and does not define beyond limitations of claim 5. Therefore, claim 16 is rejected with the same rational as in the rejection of claim 5.

Regarding claim 17, this claim defines a method claim that corresponds to system claim 6 and does not define beyond limitations of claim 6. Therefore, claim 17 is rejected with the same rational as in the rejection of claim 6.
 
Regarding claim 18, this claim defines a method claim that corresponds to system claim 7 and does not define beyond limitations of claim 7. Therefore, claim 18 is rejected with the same rational as in the rejection of claim 7.
 
Regarding claim 19, this claim defines a method claim that corresponds to system claim 8 and does not define beyond limitations of claim 8. Therefore, claim 19 is rejected with the same rational as in the rejection of claim 8.
 
Regarding claim 20, this claim defines a method claim that corresponds to system claim 9 and does not define beyond limitations of claim 9. Therefore, claim 20 is rejected with the same rational as in the rejection of claim 9.
 
Regarding claim 21, this claim defines a method claim that corresponds to system claim 10 and does not define beyond limitations of claim 10. Therefore, claim 21 is rejected with the same rational as in the rejection of claim 10.
 
Regarding claim 22, this claim defines a method claim that corresponds to system claim 11 and does not define beyond limitations of claim 11. Therefore, claim 22 is rejected with the same rational as in the rejection of claim 11.
 
Examiner note
13.	In the case of amending the Claimed invention, Applicant is respectfully requested to indicate the portion(s) of the specification which dictate(s) the structure relied on for proper interpretation and also to verify and ascertain the metes and bounds of the claimed invention. This will assist in expediting compact prosecution.  MPEP 714.02 recites: “Applicant should also specifically point out the support for any amendments made to the disclosure. See MPEP § 2163.06. An amendment which does not comply with the provisions of 37 CFR 1.121(b), (c), (d), Amendments not pointing to specific support in the disclosure may be deemed as not complying with provisions of 37 C.F.R.  1.131(b), (c), (d), and (h) and therefore held not fully responsive.  Generic statements such as “Applicants believe no new matter has been introduced” may be deemed insufficient.

Conclusion
14.	 The prior art made of record and not relied upon is considered pertinent to applicant's disclosure:
Nossik et al. US 10.326,744 discloses security layer for content in multi-tenant environments by utilizing storage resources of at least one storage platform.
Wilkinson et al. US 2008/0244008 discloses a system for data exchange among data sources which include plurality nodes in communication with each other and sharing payload among themselves.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to KHALIL NAGHDALI whose telephone number is (571)272-9884. The examiner can normally be reached on M-F 8AM-5PM.
If attempts to reach the examiner by telephone are unsuccessful, the examiner's acting supervisor, KRISTINE KINCAID can be reached on (571) 272-4063. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system. Status information for published applications may be obtained from either Private PAIR or Public PAIR. Status information for unpublished applications is available through Private PAIR only. For more information about the PAIR system, 
/KHALIL NAGHDALI/
Primary Examiner, Art Unit 2437