DETAILED ACTION
This office action is in response to communications filed on 9/30/2020.  Claim(s) 1-20 is/are pending and are examined.
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . 
Information Disclosure Statement PTO-1449
The Information Disclosure Statement(s) submitted by applicant on 5/16/2019 and 9/30/2020 has/have been considered. The submission is in compliance with the provisions of 37 CFR § 1.97. Form PTO-1449 signed and attached hereto. 
Examiner’s Note – Allowable Subject Matter
Claims 3, 8, 13, and 17 are objected to as being allowable, but being dependent on a rejected claim and would otherwise be allowable if incorporated into the independent claims along with any intervening claims.
Claim Objections
Claim(s) 20 is/are objected to because of the following informalities: The examiner suggests the following corrections:Claim 20:
Replacement of "the" with "a" in the phrase "the computing device".

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains.  Patentability shall not be negated by the manner in which the invention was made.

Claim(s) 1, 4-5, 9-11, 14-15, and 18-20 is/are rejected under 35 U.S.C. 103 as being unpatentable over Miller et al. (US 2018/0191495 A1), in view of Somani et al. (US 2017/0310480 A1) in view of Oxford et al. (US 2017/0063544 A1). 
Regarding claims 1, 11, and 20, Miller teaches:
“A method of managing data (Miller, ¶ 6 teaches a processor and computer readable storage medium to perform method steps), the method comprising: 	authenticating a user based on a user secret (Miller, ¶ 28, user password 414 may be hashed for storage and used for authentication); 	generating a soft key based on the user secret (Miller, ¶ 30 user password 414 may be encrypted using SHA-2 hash 450 and used as an encryption key for encryption of the private key 412);  	generating, secure generator output including a crypto key component associated with the authenticated user (Miller, ¶ 29 user computer 400 may comprise a 384 bit elliptic curve public and private key pair.  Miller Fig. 4, the key pair may be represented as the public key 410 and the private key 412); 	generating, a hardened user key based on a key agreement protocol using the soft key and the crypto key component associated with the authenticated user (Miller ¶ ); 	constructing an unencrypted DEK associated with the hardened user key for accessing a subset of the data (Miller, ¶ 32, once the key file is accessible, a file may be unencrypted and accessed); and 	decrypting the subset of the data using the unencrypted DEK (Miller, ¶ 32, once the key file is accessible, a file may be unencrypted and accessed)”.	Miller does not, but in related art, Somani teaches:	“data stored within a container on a computing device (Somani, Abstract, authenticated user accesses their data stored on a container), the container being associated with at least one registered user (Somani, ¶ 131 registered user accesses their respective container information), the data within the container being encrypted by a data encryption key (DEK) and stored as encrypted data (Somani, ¶ 79, 104, and 111 separate DEKs are used to encrypt each respective container for various users),
a user secret associated with the container (Somani, ¶ 131, user password is used to access the container)”.
	Before applicant’s earliest effective filing it would have been obvious to one of ordinary skill in the art, having the teachings of Miller and Somani, to modify the password hardening system of Miller to include the method to use a data encryption key for containers associated with various users as taught in Somani.  The motivation to do constitutes applying a known technique (i.e., method to use a data encryption key for containers associated with various users) to known devices and/or methods (i.e., password hardening system) ready for improvement to yield predictable results.
 Miller in view of Somani does not, but in related art, Oxford teaches:	“generating, by a crypto-processor other than a main processor of the computing device, secure generator output (Oxford, Fig. 2 depicts secure processor enclosed logically in dashed marks separate from CPU execution unit and general purpose registers and memory.  Random number generator 182 generates secure output);
	generating, by the crypto-processor, a hardened key (Oxford, Fig. 2 secret keys are processed through one-way hash function block)”.
	Before applicant’s earliest effective filing it would have been obvious to one of ordinary skill in the art, having the teachings of Miller, Oxford and Somani, to modify the password hardening system of Miller and Somani to include the method to use a secure cryptographic processor to create secret information used in cryptographic operations as taught in Oxford.  The motivation to do so constitutes applying a known technique (i.e., method to use a secure cryptographic processor to create secret information used in cryptographic operations) to known devices and/or methods (i.e., password hardening system) ready for improvement to yield predictable results.
 
Regarding claims 4 and 14, Miller in view of Somani in view of Oxford teaches:
“The method of claim 1 (Miller in view of Somani in view of Oxford teaches the limitations of the parent claims as discussed above), wherein the key agreement protocol is based on elliptic curve cryptography (Miller ¶ 31 public key 510 and private key 512 may be the public key 410 and the private key 412.  Miller ¶ 32 the public key )”.

Regarding claims 5 and 15, Miller in view of Somani in view of Oxford teaches:
“The method of claim 1 (Miller in view of Somani in view of Oxford teaches the limitations of the parent claims as discussed above), wherein the key agreement protocol includes Elliptic-Curve Diffie-Hellman (ECDH) (Miller ¶ 31 public key 510 and private key 512 may be the public key 410 and the private key 412.  Miller ¶ 32 the public key 510 and the private key 512 may be input to an elliptic curve Diffie Hellman ECDH function 520 which may output a shared secret 530.  The shared secret 530 may be a 384-bit shared secret.  The shared secret 530 may be hashed using a SHA-2 hashing algorithm 540 which may create a digest 550 that may be used to provide an AES-256-CBC encryption 560 for an unencrypted file key)”.

Regarding claims 9 and 18, Miller in view of Somani in view of Oxford teaches:
“The method of claim 1 (Miller in view of Somani in view of Oxford teaches the limitations of the parent claims as discussed above), further comprising securing additional data associated with the authenticated user using the unencrypted DEK (Somani, ¶ 135-136 teaches retrieving setting information for applications using the container information decrypted with the DEK)”.

Regarding claims 10 and 19, Miller in view of Somani in view of Oxford teaches:
“The method of claim 1 (Miller in view of Somani in view of Oxford teaches the limitations of the parent claims as discussed above), wherein the secure generator output is based on a secure random number generator output (Oxford, Fig. 2, random number generator 182 is part of secure enclave)”.

Claim(s) 2 and 12 is/are rejected under 35 U.S.C. 103 as being unpatentable over Miller, in view of Somani in view of Oxford in view of Shen et al. (US 2019/0228164 A1).
Regarding claims 2 and 12, Miller in view of Somani in view of Oxford teaches:
“The method of claim 1 (Miller in view of Somani in view of Oxford teaches the limitations of the parent claims as discussed above)”.	Miller in view of Somani in view of Oxford does not, but in related art, Shen teaches:
 “wherein the secure generator output includes a first elliptic curve cryptography (ECC) key pair and a second ECC key pair (Shen, ¶ 43 and 52 teaches generating multiple ECC key pairs)”.
Before applicant’s earliest effective filing it would have been obvious to one of ordinary skill in the art, having the teachings of Miller, Oxford, Shen, and Somani, to modify the password hardening system of Miller, Oxford and Somani to include the method to generate multiple ECC key pairs as taught in Shen.  The motivation to do so constitutes applying a known technique (i.e., method to generate multiple ECC key  to known devices and/or methods (i.e., password hardening system) ready for improvement to yield predictable results.

Claim(s) 6-7 and 16 is/are rejected under 35 U.S.C. 103 as being unpatentable over Miller, in view of Somani in view of Oxford in view of Kremp et al. (US 2015/0106626 A1).
Regarding claims 6 and 16, Miller in view of Somani in view of Oxford teaches:
“The method of claim 1 (Miller in view of Somani in view of Oxford teaches the limitations of the parent claims as discussed above)”.
Miller in view of Somani in view of Oxford does not, but in related art, Kremp teaches:
 “wherein the soft key includes a specified length and is generated using Password-Based Key Derivation Function 2 (PBKDF2) (Kremp, ¶ 52-53, 72 and 76 teach generating a key using PBKDF2)”.
Before applicant’s earliest effective filing it would have been obvious to one of ordinary skill in the art, having the teachings of Miller, Oxford, Kremp, and Somani, to modify the password hardening system of Miller, Oxford and Somani to include the method to use a PBKDF2 and HMAC operations to create a key as taught in Kremp.  The motivation to do so constitutes applying a known technique (i.e., method to use a PBKDF2 and HMAC operations to create a key) to known devices and/or methods (i.e., password hardening system) ready for improvement to yield predictable results.
  
Regarding claim 7, Miller in view of Somani in view of Oxford in view of Kremp teaches:
“The method of claim 6 (Miller in view of Somani in view of Oxford in view of Kremp teaches the limitations of the parent claims as discussed above), wherein the PBKDF2 operations include Hash-based Message Authentication Code (HMAC) operations (Kremp, ¶ 52-53, 72 and 76 teach generating a key using PBKDF2 and HMAC)”.
Conclusion
	In the case of amending the claimed invention, Applicant is respectfully requested to indicate the portion(s) of the specification which dictate(s) the structure relied on for proper interpretation and also to verify and ascertain the metes and bounds of the claimed invention.
	The prior art made of record and not relied upon is considered pertinent to applicant’s disclosure: See PTO-892.	Any inquiry concerning this communication or earlier communications from the examiner should be directed to STEPHEN GUNDRY whose telephone number is (571)270-0507 and can normally be reached on Monday - Friday 8:30 AM - 5PM EST.
	If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Joseph Hirl can be reached on (571) 272-3685.  The fax phone number for the organization where this application or proceeding is assigned is (571) 273-8300.
	Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For 

/STEPHEN T GUNDRY/Examiner, Art Unit 2435