DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Response to Amendment / Arguments
Regarding claims rejected under 35 USC 112(b):
	Applicant’s amendment is considered to have overcome the rejection. Accordingly, the rejection has been withdrawn.

Regarding claims rejected under 35 USC 103:
Applicant’s arguments, in view of the amended claims, have been fully considered and are persuasive.  Therefore, the rejection has been withdrawn.  However, upon further consideration, a new ground(s) of rejection is made in view of Lee2 (US 2017/0187691 A1).

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1-20 is/are rejected under 35 U.S.C. 103 as being unpatentable over Lee (US 2005/0210249 A1) in view of Lee2 (US 2017/0187691 A1).

An apparatus for providing a data storage function to a data storage-requesting device, comprising: an authentication unit for performing device authentication with a data storage- requesting device and performing data storage authentication with the data storage- requesting device using a device ID and a session key of the data-storage requesting device; 
Refer to at least FIG. 3 and [0089] of Lee with respect to a mutual authentication between a device and secure storage device.
a data storage unit for storing encryption key basis information, used to generate an encryption key for data encryption, and encrypted data; 
Refer to at least FIG. 21 and [0181] of Lee with respect to an encryption unit and corresponding key and content storage.
Refer to at least [0088]-[0089] and [0096] of Lee with respect to session key generation.
a request message processing unit for processing a processing request message for the encrypted data received from the data storage-requesting device using the data storage unit; and 
Refer to at least FIG. 8-9 and [0111]-[0112] of Lee with respect to requests associated with a stored encrypted rights object.
a communication unit for receiving the processing request message from the data storage-requesting device and transmitting results of processing to the data storage- requesting device.
Refer to at least FIG. 8-9 and [0111]-[0112] of Lee with respect to responses associated with a stored encrypted rights object.
Lee specifies a device identifier and session key as above, but does not fully specify: [the device being an] Internet-of-Things (IoT) device in a local loT network; [the key] generated from the performing of device authentication; [and] the encryption key basis information including the device ID and the session key, and synchronization information acquired from the performing of data storage authentication. However, Lee in view of Lee2 discloses: Internet-of-Things (IoT) device in a local loT network;
Refer to at least the abstract and [0002]-[0003] of Lee2 with respect to implementation within an IoT network, and with respect to the IoT devices. 
generated from the performing of device authentication; the encryption key basis information including the device ID and the session key, and synchronization information acquired from the performing of data storage authentication.
Refer to at least the abstract, [0044], and [0146] of Lee2 with respect to generating keys from parameters such as a device ID, nonce, and timestamp. 
The teachings of Lee already concern authentication via device identifier and use of a session key, as well as generating an encryption key. Further, Lee concerns cellular devices as per at least FIG. 1 and [0011]. Accordingly, they are considered to be combinable with the teachings of Lee2 concerning use of a device identifier and keys for key generation in a cellular network environment.
Therefore it would have been obvious to one of ordinary skill in the art before the filing date of Applicant’s invention to modify the teachings of Lee to further include applicability to IoT devices because design incentives or market forces provided a reason to make an adaptation, and the invention resulted from application of the prior knowledge in a predictable manner (i.e., operating in C-IOT networks). It further would have been obvious to modify Lee to include generating keys in such a manner for at least the reasons provided in [0043] of Lee2 (i.e., achieving security and reduced overhead at individual C-IOT devices using encryption). 	

Regarding claim 2, Lee-Lee2 discloses: The apparatus of claim 1, wherein: the encryption key basis information comprises the device ID for identifying the data storage-requesting IoT device and a data ID for identifying encryption target data, and the authentication unit is configured to exchange the device ID with the data storage-requesting IoT device when the data storage authentication is performed.
Refer to at least [0089] of Lee with respect to a certificate of the device; to FIG. 3-4 and [0098] of Lee with respect to a sequence number; further with respect to communications.
Refer toa t least [0143] of Lee with respect to a rights object identifier.

Regarding claim 3, Lee-Lee2 discloses: The apparatus of claim 2, wherein the request message processing unit is configured to: when the processing request message is a data store message, store encrypted storage target data and encryption key basis information corresponding to the encrypted storage target data in the data storage unit, and
when the processing request message is a data delete message, delete encrypted deletion target data and encryption key basis information corresponding to the encrypted deletion target data which are stored in the data storage unit.
Refer to at least [0072], [0109], and [0125] of Lee with respect to deletion of rights object content and associated data, 

Regarding claim 4, it is rejected for substantially the same reasons as claims 1-2 above (i.e., the mutual authentication / session key and sequence number).

Regarding claim 5, it is rejected for substantially the same reasons as claim 4 above (i.e., the sequence number).

Regarding claim 6, Lee-Lee2 discloses: The apparatus of claim 5, further comprising: an encryption key generation unit for generating an encryption key using a method identical to that of the data storage-requesting IoT device based on the encryption key basis information; and an encryption information update unit for, when the processing request message is a data read message, updating encryption information by decrypting encrypted read target data using an encryption key at a storage time and by encrypting the decrypted data using another encryption key at a read time, wherein the request message processing unit is configured to, when the processing request message is the data read message, return encrypted data, in which the encryption information is updated, to the data storage-requesting device.
Refer to at least FIG. 11 and [0133]-[0137] of Lee with respect to decrypting and re-encrypting a stored rights object for transmission to a requesting device. 

Regarding claim 7, Lee-Lee2 discloses: The apparatus of claim 6, wherein: the processing request message comprises tag information including at least one of information about whether data is encrypted and information about whether secure storage is used, and the data storage unit is configured to provide a secure storage function depending on whether the secure storage has been enabled in the tag information.
Refer to at least FIG. 16A-B of Lee with respect to tag information for sending and receiving encrypted rights objects. 

Regarding independent claim 8, it is substantially similar to independent claim 1 above, and is therefore likewise rejected (i.e., the citations).

Regarding claims 9-14, they are substantially similar to claims 2-7 above, and are therefore likewise rejected. 



Regarding claims 16-20, they are substantially similar to claims 2-7 above, and are therefore likewise rejected. 

Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to VADIM SAVENKOV whose telephone number is (571)270-5751.  The examiner can normally be reached on 12PM-8PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.

Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/Jeffrey Nickerson/Supervisory Patent Examiner, Art Unit 2432                                                                                                                                                                                                        




/V.S/Examiner, Art Unit 2432