DETAILED ACTION
1.	The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
2.	This notice of allowance is in response to claims 1-12 filed December 23, 2019 for examination. Claims 1-12 are pending.
	3.	The text of those sections of Title 35 U.S. Code not included in this section can be found in the prior office action. The prior office actions are incorporated herein by reference. In particular, the observations with respect to claim language, and response to previously presented arguments.
	4.	Preliminary amendment to the claims, abstract, and specification, filed 12/23/2019 has been acknowledged.
5.	The information disclosure statement filed 12/23/2019 and 02/19/2020 has been placed in the application file and the information referred to therein has been considered as to the merits.
6.	The drawings filed on 12/23/2019 have been accepted.
	
ALLOWABLE SUBJECT MATTER
	7.	Claims 1-12 are allowed over prior art of record.

EXAMINER’S STATEMENT OF REASONS FOR ALLOWANCE
8.	Regarding the claimed terms, the Examiner notes that a “general term must be understood in the context in which the inventor presents it.” In re Glaug 283 F.3d 1335, 1340, 62 USPQ2d 1151, 1154 (Fed. Cir. 2002). Therefore the Examiner must interpret the claimed terms as 
9.	Prior art US 2017/0257377 A1 (Vading et al.) has been found to teach “a method for delegating access rights in a system configured to handle access rights of users to resources in the system. The method comprises: assigning a first access right to a first user; appointing a pool of one or more users serving as deputies for the first user; checking if the first user, during a predefined period of time, has refrained from performing a predefined activity with respect to the resources; and if so, delegating the first access right to a user in the pool.” Abstract.
Prior art US 2020/0177375 A1 (Buck et al.) has been found to teach “A method of verifying authorization associated with a first electronic device by a second electronic device, using symmetric key encryption, the method comprising: receiving from the first electronic device at the second electronic device a first data message, the first data message including first encrypted data and first metadata, the first metadata including a first key space identifier, the first key space identifier defining a first cryptographic key hierarchy or a subset of the first cryptographic key hierarchy which includes a first cryptographic key used to generate the first encrypted data, and positional information of the first cryptographic key of the first cryptographic key hierarchy, whereby in the cryptographic key hierarchy a lower level cryptographic key, being positioned in a lower level in the cryptographic key hierarchy than a higher level cryptographic key, is derived by way of a one-way function from the higher level cryptographic key and positional information defining a position of the lower level cryptographic key in the cryptographic key hierarchy; selecting, by a circuit of the second electronic device, a second cryptographic key from a plurality of secret cryptographic keys stored in the second electronic device, using the first key space identifier received from the first electronic device; deriving, by the circuit of the second electronic device, the first cryptographic key by way of the one-way function from the second cryptographic key and positional information received from the first electronic device; and decrypting, by the circuit of the second electronic device, the first encrypted data, using the first cryptographic key, for verifying the authorization associated with the first electronic device.” Claim 1.
 Prior art US 2011/0197064 A1 (Garcia Morchon et al.) has been found to teach “[0100] In a particular embodiment of the invention, multivariate polynomials are used to enable delegation functionalities. There, root keying material comprises a multivariate keying material such as a multivariate polynomial and is handled by the system management device SMD. A first and second devices, or nodes, receive respective keying material shares derived from the multivariate keying material root from the SMD. The keying material share distributed to the first device might be used by the first device to access the second device. The first device might further generate a delegation keying material share from its keying material share encoding the actions that are delegated to a third device. The third device might use this delegation keying material share to prove its access rights to the second device. Such a delegation approach might be implemented by using a trivariate polynomial as root keying material. The first and second devices might receive bivariate polynomials shares generated from the trivariate polynomial by evaluated the first variable of the trivariate polynomial in a point 
Prior art DE 102014219502 from IDS on the record disclosed “A system (1) for establishing restricted access to a vehicle (2) has a first mobile unit (3), in particular an intelligent key, and a second mobile unit (4). The first mobile unit (3) is set up to generate authentication data for restricted access. The first mobile unit (3) and the second mobile unit (4) are set up to establish a first direct data connection using short-range technology. The first mobile unit (3) also has a user interface (6), configured to receive confirmation of an authorization of the first data connection from a user. The first mobile unit (3) is also set up to provide the second mobile unit (3) with the data for authentication by means of the first data connection. The second mobile unit (4) and the vehicle (2) are set up to establish a second direct data connection via short-range technology and to transmit the data for authentication. The vehicle (2) has an assignment device (7), set up to compare data received from the first mobile unit (3) for authentication with data stored in the vehicle (2) for authentication, and a control device (8) set up to access release the vehicle (2) if the data for authentication match during the comparison.” Translation submitted by the applicant.
10.	For independent claim 1, Since, no prior art was found to teach: “providing a second-order data packet in the first mobile communication device, wherein the second-order data packet includes: - a unique second identifier, first reference data containing a reference to the first-order data packet, - a second data set with a list of access rights to the secured device, the second data set being a subset of the first data set, a second data secret key, which can be used for encryption and decryption of data, a first data container encrypted with the first data secret key and containing at least the unique first identifier and the second data secret key, signing the second-order data packet using the first data secret key, transmitting the signed second-order data packet to a second mobile communication device associated with a second-order user, wherein the second communication device is hierarchically subordinate to the first communication device.” as it pertains to the other portions of the claim as a whole, in a manner that would motivate a person of ordinary skill in the art before the effective filing date of the invention to combine it as an obvious inclusion, the examiner found the invention as claimed to be allowable and allowed it to be patented.
11.	For independent claim 7, Since, no prior art was found to teach: “encrypting the first-order data packet in the trusted central management device, wherein a first object data secret specific to the secured object is used for encryption, the first object data secret being matched to a second object data secret stored in the control device of the secured object such that the first-order data packet encrypted using the first object data secret can be decrypted for the control device of the secured object, transmitting both the unencrypted first-order data packet and the first-order data packet encrypted using the first object data secret to a first mobile communication device assigned to a first-order user; providing a second-order data packet in the first mobile communication device, wherein the second-order data packet at least-includes: a unique second identifier, first reference data containing a reference to the first-order data packet, - a second data set with a list of access rights to the secured device, the second data set being a subset of the first data set, 8a second data secret key, which can be used for encryption and decryption of data, the first-order data packet encrypted using the first object data secret, a first data container encrypted with the first data secret key and containing at least the unique first identifier and the second data secret key, signing the second-order data packet using the first data secret key, transmitting the signed second-order data packet to a second mobile communication device associated with a second-order user, wherein the second communication device is hierarchically subordinate to the first communication device.” as it pertains to the other portions of the claim as a whole, in a manner that would motivate a person of ordinary skill in the art before the effective filing date of the invention to combine it as an obvious inclusion, the examiner found the invention as claimed to be allowable and allowed it to be patented.
12.	For dependent claims 2-6 and 8-12, the claims are allowed due to their dependency on allowable independent claims 1 and 7.
13.	Any comments considered necessary by applicant must be submitted no later than payment of the issue fee and, to avoid processing delays, should preferably accompany the issue fee. Such submissions should be clearly labeled “Comments on Statement of Reasons for Allowance.''
CONCLUSION
14.	Prior arts made of record, not relied upon: See PTO – 892.
US 8,412,934 B2 (De Atley et al.): A computer-implemented method of restoring backup files, the method causing a computing device to perform steps comprising: receiving, at a first device having an encrypted file system, a backup ticket, a backup secret, and a host identifier from a second device, wherein each file in the file system is encrypted with a unique file encryption key, each file encryption key is encrypted with a class encryption key, and each class encryption key is encrypted with an additional encryption key, and the class 
15.	Any inquiry concerning this communication or earlier communications from the examiner should be directed to SHAWNCHOY RAHMAN whose telephone number is (571)270-7471.  The examiner can normally be reached on Monday - Friday 8:30A-5P ET.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Taghi T Arani can be reached on 5712723787.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished 




/Shawnchoy Rahman/Primary Examiner, Art Unit 2438