Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
This initial written action is responding to the communication dated on 10/28/2019.
Claims 1-20 are submitted for examination.
Claims 1-20 are pending.
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  

Priority
This application filed on October 28, 2019 claims priority of parent application 15/351,255 filed on November 14, 2016.

Information Disclosure Statement
The following Information Disclosure Statements in the instant application submitted in compliance with the provisions of 37 CFR 1.97, and thus, have been fully considered:
IDS filed on 09 December 2019.
IDS filed on 01 June 2021.
Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.


The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.


Independent Claims 1, 5 and 13 recites claim limitations, "obtaining an indication to join a hardware security module fleet”. It is not clear who obtains an indication to join a hardware security module fleet. 
Claim 9 recites the limitation, “The system of claim 5, wherein instructions include further instructions that, as a result of by the one or more processors, further cause the system to remove, in response to detecting the indication to join the hardware security module fleet, one or more cryptographic keys”.  Claim 17 recites, “The non-transitory computer-readable storage medium of claim 13, wherein the instructions include further instructions that, as a result of by the one or more processors, further cause the computer system to remove, in response to detecting the indication to join the hardware security module fleet, one or more cryptographic keys”. It is not clear why the one or more cryptographic keys are removed when the indication is to join the hardware security fleet. Please refer to other dependent claims, Claim 3 where cryptographic keys are removed. For the purpose of examination Claim 9 and Claim 17 will be treated similar to the Claim 3.

Claims 1, 13 and 20 recite the limitations “the cryptographically protected communication session involving a shared secret between the requestor and the system". (Claim 1 and Claim 13). “detect an indication that the system should be removed from the hardware security module fleet; and erase one or more cryptographic keys from the system by setting bits associated with the one or more cryptographic keys to a predetermined value”. (Claim 20).  There is insufficient antecedent basis for the limitation in the claims.  It is not clear what “the system” is referring to as no mentioning of “a system”.

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.


Claims 1, 3-5, 7, 9, 12-13, 15, 17 and 20 are rejected under 35 U.S.C. 103 as being unpatentable over Brand et al. (US PGPUB. # US 2013/0132717, hereinafter “Brand”), and further in view of Laurence Hamid (US PGPUB. # US 2013/0219164, hereinafter “Hamid”).

Referring to Claims 1, 5 and 13:
Regarding Claim 1, Brand teaches,
A computer-implemented method, comprising: 
obtaining, from a requestor, a request to establish a cryptographically protected communication session, the request including a digital certificate (¶39, “The first time the user side software application requires encryption or unique user identification, it established that there is no digital user certificate (17) currently installed on the mobile phone (5). At this point, the application automatically connects to an online server of the certificate authority (11) ("CA") and attempts to request a digital user certificate (17) from the server (11)”, ¶14, “the server side software application utilizes a server side encryption module provided by the certificate authority and is configured to request and receive the user certificate from the mobile handset”, ¶23, “for encrypting communications between the mobile handset and the application server over the communication channel”; ¶45, “Each time the mobile handset (5) connects to an application server (9), it will start a certificate exchange process, whereby its certificate (17) is sent to the server (9), “, i.e. mobile device (client) certificate is obtained by the server for an encrypted (cryptographically protected) communication) 
verifying, using at least a part of a plurality of public keys, the digital certificate (¶15, “upon successful validation of the user certificate by the server side software application”, ¶45, “Knowledge of the CA public key (29) may, however, be sufficient to enable validation of the respective certificates to be conducted.”, i.e. the digital certificate is verified using a public key); establishing the cryptographically protected communication session with the requestor, the cryptographically protected communication session involving a shared secret between the requestor and the system (¶23, “for encrypting communications between the mobile handset and the application server over the communication channel”, ¶46, “The handset (5) and server (9) can now share encryption keys (25) by means of which further encrypting of their communications may be done. The shared encryption keys (25) are typically symmetrical encryption keys”, i.e. encrypted communication is established using symmetric key (shared key)); 
obtaining encrypted data via the cryptographically protected communication session (“encrypting communications between the mobile handset and the application server over the communication channel is provided”, ¶15, “the encryption keys being useful for further data encryption between the mobile handset and the application server”, ¶23, ¶27, ¶43, ¶45, Claim 16, i.e. encrypted data is obtained); and 
decrypting, [using a fleet transfer key], the encrypted data, the fleet transfer key being obtained based at least in part on the shared secret (¶40, “sharing symmetrical encryption keys (25) with the application server (9)”, “decrypt the signature and verify that it was signed by the CA private key (27) and is accordingly authentic, ¶45, “server side applications will therefore use the CA public key (29) to decrypt the signed certificates (17, 45)”, Claim 28, “decrypting data communicated to and from the mobile handset by means of the encryption keys”, i.e. received encrypted data is decrypted).
Brand does not teach explicitly,
obtaining an indication to join a hardware security module fleet; 
However, Hamid teaches,
obtaining an indication to join a hardware security module fleet (Fig. 9, ¶67, “when a new user 902 is added to the organization, the organizational network 920 can assign a new HSM module 952 to that new user 902”, i.e. a new HSM is added to the HSM fleet indicates that an indication is received to join HSM fleet) ; 
[decrypting], using a fleet transfer key (¶6, “the data can only be decrypted with keys stored on the associated hardware security module”, ¶38, “The HSM can include keys used to decrypt the user's data”, i.e. key stored on HSM is considered as fleet transfer key), [the encrypted data, the fleet transfer key being obtained based at least in part on the shared secret]
As per KSR vs Teleflex, combining prior art elements according to known methods (device, product) to yield predictable results may be used to create a prima facie case of obviousness.
It would have been obvious to one of ordinary skill in the art before the effective filing date to have combined the teachings of Fitzgerald with the invention of Brand.
Brand teaches, authenticating a certificate and establishing an encrypted communication between a client and s server. Hamid teaches, receiving a request to create a Hardware Security Module (HSM) to add to the fleet of HSMs. Therefore, it KSR Int’l v. Teleflex Inc., 127 S. Ct. 1727, 1740-41, 82 USPQ2d 1385, 1396 (2007). 

Regarding Claim 5, it is a system Claim of above method Claim 1 and therefore Claim 5 is rejected with the same rationale as applied against Claim 1 above.

Regarding Claim 13, it is a non-transitory computer-readable storage medium Claim of above method Claim 1 and therefore Claim 13 is rejected with the same rationale as applied against Claim 1 above.

Referring to Claim 3, 9, 12, 17 and 20:
Regarding Claim 3, rejection of Claim 1 is included and for the same motivation Brand does not teach explicitly,
The method of claim 1, further comprises: 
detecting an indication to leave the hardware security module fleet; and 
as a result of detecting the indication to leave the hardware security module fleet, erasing at least the fleet transfer key and cryptographic material associated with the hardware security module fleet.
However, Hamid teaches,
The method of claim 1, further comprises: 
detecting an indication to leave the hardware security module fleet (Fig. 9, ¶67, “when a user 902 is separated from the organization”, i.e. an indication is detected to leave the hardware security module fleet); and 
as a result of detecting the indication to leave the hardware security module fleet, erasing at least the fleet transfer key and cryptographic material associated with the hardware security module fleet (Fig. 1, ¶35, “the Cloud HSMs 120 as secure key stores”, ¶67, “the organizational network 920 can remove the security settings and capabilities associated to the HSM module 952”,i.e. cryptographic key are removed).

Regarding Claim 9, rejection of Claim 5 is included and Claim 9 is rejected with the same rationale as applied against Claim 3 above.

Regarding Claim 12, rejection of Claim 7 is included and Claim 12 is rejected with the same rationale as applied against Claim 3 above.

In addition Hamid teaches, Client public key (Fig. 1 (195), ¶35, “unlock the use of the encryption key and the keys (e.g., 190, 195, or other public or private keys)”).

Regarding Claim 17, rejection of Claim 13 is included and Claim 17 is rejected with the same rationale as applied against Claim 3 above.
 Regarding Claim 20, rejection of Claim 15 is included and Claim 20 is rejected with the same rationale as applied against Claim 3 above.

In addition Hamid teaches, Client public key (Fig. 1 (195), ¶35, “unlock the use of the encryption key and the keys (e.g., 190, 195, or other public or private keys)”).

Regarding Claim 4, rejection of Claim 1 is included and for the same motivation Brand teaches,
The method of claim 1, wherein the digital certificate is a X.509 certificate (¶16, “the digital user certificate and the digital server certificate to be X.509 certificates”).

Referring to Claim 7 and 15:
Regarding Claim 7, rejection of Claim 5 is included and for the same motivation Brand teaches,
The system of claim 5, wherein the data includes a client application public key usable to establish a second cryptographic communication session with a client (¶46, “The handset (5) and server (9) can now share encryption keys (25) by means of which further encrypting of their communications may be done. The shared encryption keys (25) are typically symmetrical encryption keys. It should be appreciated that, after the certificate exchange, the handset (5) will be in possession of the application server public key (47) and the application server (9) will be in possession of the handset public key (33)”, i.e. handset public key (client public key) is used to establish a second cryptographic communication session).

Regarding Claim 15, rejection of Claim 13 is included and Claim 15 is rejected with the same rationale as applied against Claim 7 above.

Claims 8, 10-11, 16 and 18-19 are rejected under 35 U.S.C. 103 as being unpatentable over Brand et al. (US PGPUB. # US 2013/0132717, hereinafter “Brand”), and further in view of Laurence Hamid (US PGPUB. # US 2013/0219164, hereinafter “Hamid”), and further in view of Fitzgerald et al. (US PGPUB. # US 2014/0282936, hereinafter “Fitzgerald”).

Referring to Claim 8 and 16:
Regarding Claim 8, rejection of Claim 5 is included and combination of Brand and Hamid does not teach explicitly,
The system of claim 5, wherein the data includes a plurality of network addresses, the network addresses associated with a particular hardware security module having access to the fleet transfer key.
However, Fitzgerald teaches,
The system of claim 5, wherein the data includes a plurality of network addresses, the network addresses associated with a particular hardware security module having access to the fleet transfer key (Fig. 1(112), ¶27,” the computing resource provider may configure appropriate computing resources so that the customer is able to communicate with the HSM 112 as if the HSM was in the customer's own network. For instance, requests to the HSM 112 may be addressed to an IP address for the HSM that is part of the customer's own IP space (e.g., a public IP address that the customer owns or controls or a private IP address of the customer)“, Fig. 3(328), ¶47, i.e. network addresses associated with particular hardware security module) .
As per KSR vs Teleflex, combining prior art elements according to known methods (device, product) to yield predictable results may be used to create a prima facie case of obviousness.
It would have been obvious to one of ordinary skill in the art before the effective filing date to have combined the teachings of Fitzgerald with the invention of Brand in view of Hamid.
Brand in view of Hamid teaches, authenticating a certificate and establishing an encrypted communication between a client and s server and receiving a request to create a Hardware Security Module (HSM) to add to the fleet of HSMs. Fitzgerald teaches, a network address associated with a particular hardware security module. Therefore, it would have been obvious to have a network address associated with a particular hardware security module of Fitzgerald into the teachings of Brand in view of Hamid to assign a hardware security module to a particular customer for storing cryptographic material including keys securely. KSR Int’l v. Teleflex Inc., 127 S. Ct. 1727, 1740-41, 82 USPQ2d 1385, 1396 (2007).
Regarding Claim 16, rejection of Claim 13 is included and Claim 16 is rejected with the same rationale as applied against Claim 8 above.

Referring to Claim 10 and 18:
Regarding Claim 10, rejection of Claim 5 is included and combination of Brand and Hamid does not teach explicitly,
The system of claim 5, the data includes information regarding one or more communication sessions between the client and a virtual HSM of the hardware security module fleet.
However, Fitzgerald teaches,
The system of claim 5, the data includes information regarding one or more communication sessions between the client and a virtual HSM of the hardware security module fleet (Fig. 7, ¶67-¶68. i.e. data includes information regarding one or more communication between client and a HSM).
As per KSR vs Teleflex, combining prior art elements according to known methods (device, product) to yield predictable results may be used to create a prima facie case of obviousness.
It would have been obvious to one of ordinary skill in the art before the effective filing date to have combined the teachings of Fitzgerald with the invention of Brand in view of Hamid.
Brand in view of Hamid teaches, authenticating a certificate and establishing an encrypted communication between a client and s server and receiving a request to create a Hardware Security Module (HSM) to add to the fleet of HSMs. Fitzgerald KSR Int’l v. Teleflex Inc., 127 S. Ct. 1727, 1740-41, 82 USPQ2d 1385, 1396 (2007).

Regarding Claim 18, rejection of Claim 13 is included and Claim 18 is rejected with the same rationale as applied against Claim 10 above.

Referring to Claim 11 and 19:
Regarding Claim 11, rejection of Claim 5 is included and combination of Brand and Hamid does not teach explicitly,
The system of claim 5, wherein the system comprises a first hardware security module and the requestor comprises a second hardware security module.
However, Fitzgerald teaches,
The system of claim 5, wherein the system comprises a first hardware security module and the requestor comprises a second hardware security module (Fig. 2(216, 238), ¶36, “the environment 200 includes a computing resource provider (CRP) HSM 238. The CRP HSM 238, as with the customer HSM 216, may be a physical HSM device”, i.e. first HSM and second HSM).
As per KSR vs Teleflex, combining prior art elements according to known methods (device, product) to yield predictable results may be used to create a prima facie case of obviousness.
It would have been obvious to one of ordinary skill in the art before the effective filing date to have combined the teachings of Fitzgerald with the invention of Brand in view of Hamid.
Brand in view of Hamid teaches, authenticating a certificate and establishing an encrypted communication between a client and s server and receiving a request to create a Hardware Security Module (HSM) to add to the fleet of HSMs. Fitzgerald teaches, a network address associated with a particular hardware security module. Therefore, it would have been obvious to have a network address associated with a particular hardware security module of Fitzgerald into the teachings of Brand in view of Hamid to assign a hardware security module to a particular customer for storing cryptographic material including keys securely. KSR Int’l v. Teleflex Inc., 127 S. Ct. 1727, 1740-41, 82 USPQ2d 1385, 1396 (2007).

Regarding Claim 19, rejection of Claim 13 is included and Claim 19 is rejected with the same rationale as applied against Claim 11 above.

Claims 2, 6 and 14 are rejected under 35 U.S.C. 103 as being unpatentable over Brand et al. (US PGPUB. # US 2013/0132717, hereinafter “Brand”), and further in view of Laurence Hamid (US PGPUB. # US 2013/0219164, hereinafter “Hamid”),  Adrian Baldwin (US PGPUB. # US 2005/0005161, hereinafter “Baldwin”).

Referring to Claim 2, 6 and 14:
Regarding Claim 2, rejection of Claim 1 is included and combination of Brand and Hamid does not teach explicitly,
The method of claim 1, wherein: the plurality of public keys comprise a service provider public key and a manufacturer public key; and 
verifying the digital certificate comprises establishing a first chain of trust to a service certificate authority based at least in part on the service provider public key and establish a second chain of trust to a manufacturer certificate authority based at least in part on the manufacturer public key.
However, Baldwin teaches,
The method of claim 1, wherein: the plurality of public keys comprise a service provider public key (¶57, “These can be regarded as service keys for the relevant service provision and are referred to as the generated public/private key pair (and generated public and private keys respectively)”, i.e. service provider public key) and a manufacturer public key (¶37, “The public/private key pair is specific to the particular SPE 10 and is referred to as the permanent public/private key pair (and permanent public and private keys respectively).¶39,”, i.e. manufacturer public key); and 
verifying the digital certificate comprises establishing a first chain of trust to a service certificate authority based at least in part on the service provider public key and establish a second chain of trust to a manufacturer certificate authority based at least in part on the manufacturer public key (Fig. 8, ¶82, “A user of the service run on computer node 8 may be able to inspect this certificate, from which they can see two chains of trust--a chain of trust to the service provider SP, and a chain of trust to the SPE manufacturer, both of these chains can be verified by use of the requisite public keys”, i.e. certificate is verified based on chain of trust to a service certificate authority and manufacturer certificate authority).
As per KSR vs Teleflex, combining prior art elements according to known methods (device, product) to yield predictable results may be used to create a prima facie case of obviousness.
It would have been obvious to one of ordinary skill in the art before the effective filing date to have combined the teachings of Baldwin with the invention of Brand in view of Hamid.
Brand in view of Hamid teaches, authenticating a certificate and establishing an encrypted communication between a client and s server and receiving a request to create a Hardware Security Module (HSM) to add to the fleet of HSMs. Baldwin teaches, verifying digital certificate via a chain of trust to a service certificate authority and manufacturer certificate authority. Therefore, it would have been obvious to have verifying digital certificate via a chain of trust to a service certificate authority and manufacturer certificate authority of Baldwin into the teachings of Brand in view of Hamid to authenticate device and the service provider by utilizing their public keys. KSR Int’l v. Teleflex Inc., 127 S. Ct. 1727, 1740-41, 82 USPQ2d 1385, 1396 (2007).
Regarding Claim 6, rejection of Claim 5 is included and Claim 6 is rejected with the same rationale as applied against Claim 2 above.

Regarding Claim 14, rejection of Claim 13 is included and Claim 14 is rejected with the same rationale as applied against Claim 2 above.

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.  Refer to PTO-892, Notice of References Cited for a listing of analogous art.
	Srivastav et al. (US PGPUB. # US 2017/0222981) discloses, a system including a controller and a pool of computing resources to run virtual machines are configured to automatically provision each virtual machine with unique cryptographic constructs. The controller receives a request to instantiate a virtual machine based on an image/template. The controller determines an authentication credential for a registration authority that the virtual machine will use. The controller determines the computing resources to run the virtual machine, and instructs the computing resources to boot the virtual machine. The controller passes the authentication credential to the virtual machine. After receiving the authentication credential, the virtual machine authenticates the registration authority and sends a request for the cryptographic constructs. The virtual machine securely receives the cryptographic constructs from the registration authority, enabling the virtual machine to securely communicate with other computing entities.
Yerra et al. (US PGPUB. # US 2014/0095865) disclose, techniques are described to authenticate the identity of a proxy in a client-proxy-server configuration. The configuration may have a client-side and a server-side SSL session. In the server-side session, if the proxy has access to the private keys of the client, the proxy may select a client certificate from a collection of client certificates and send the selected certificate to the server to satisfy a client authentication request of the server. If the proxy does not have access to the private keys, the proxy may instead send an emulated client certificate to the server. Further, the client certificate received from the client may be embedded within the emulated client certificate so as to allow the server to directly authenticate the client, in addition to the proxy. An emulated client certificate chain may be formed instead of an emulated client certificate. Similar techniques may be applied to the client-side session.
	Seaborn et al. (US PGPUB. # US 2015/0134953) disclose, a HSM service controller receives an administrative request to enable a cloud-based application to have access to a cloud-based HSM service. The HSM service controller segments a cloud-based HSM into a plurality of VHSMs. The HSM service controller allocates to the cloud-based application, a source VHSM from among the plurality of VHSMs. The source VHSM includes an initial set of credentials, roles and/or metadata. The HSM service controller stores a handle for the source VHSM in association with a handle for the cloud-based application. The HSM service controller routes cryptography requests between the cloud-based application and the VHSM based on the handle for the source VHSM and the handle for the cloud-based application. The HSM service controller 
	Zeev Lieber (US PGPUB. # US 2012/0210124) disclose, a current version certificate is stored that includes a corresponding current version identifier. A current instance certificate is received from the certificate authority, wherein the current instance certificate includes the current version identifier of the current version certificate and a current instance public key corresponding to the current instance private key. The current instance certificate is sent to a local station, during a registration with the local station. A request for video content is generated and sent to the local station. First encrypted data is received from the local station, wherein the first encrypted data includes a content key that is encrypted via the current instance public key. Second encrypted data is received from the local station, wherein the second encrypted data includes the video content that is encrypted via the content key. 
	Chen et al. (US PGPUB. # US 2010/0161998) discloses, operatively associating a signing key with a software component of a computing platform. The computing platform includes a trusted device and on start-up first loads a set of software components with each component being measured prior to loading and a corresponding integrity metric recorded in registers of the trusted device. The system stores a key-related item in secure persistent storage, the key-related item being either the signing key or authorisation data for its use. The trusted device is arranged to enable a component of the software-component set to obtain the key-related item, this enabling only occurring when the current register values correspond to values only present prior to loading of components additional to those of the software-component set. Certificate 

Any inquiry concerning this communication or earlier communications from the examiner should be directed to DARSHAN I DHRUV whose telephone number is (571)272-4316.  The examiner can normally be reached on M-F 9:00 AM-5:00 PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Yin-Chen Shaw can be reached on 571-272-8878.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/DARSHAN I DHRUV/          Primary Examiner, Art Unit 2498