DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Response to Amendment / Arguments
Regarding claims rejected under 35 USC 103:
Applicant’s arguments, in view of the amended claim language, have been fully considered and are persuasive.  Therefore, the rejection has been withdrawn.  However, upon further consideration, a new ground(s) of rejection is made in view of Shankaranarayanan (US 2011/0107400 A1).

Double Patenting
The nonstatutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper timewise extension of the “right to exclude” granted by a patent and to prevent possible harassment by multiple assignees. A nonstatutory double patenting rejection is appropriate where the conflicting claims are not identical, but at least one examined application claim is not patentably distinct from the reference claim(s) because the examined application claim is either anticipated by, or would have been obvious over, the reference claim(s). See, e.g., In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969).

The USPTO Internet website contains terminal disclaimer forms which may be used. Please visit www.uspto.gov/patent/patents-forms. The filing date of the application in which the form is filed determines what form (e.g., PTO/SB/25, PTO/SB/26, PTO/AIA /25, or PTO/AIA /26) should be used. A web-based eTerminal Disclaimer may be filled out completely online using web-screens. An eTerminal Disclaimer that meets all requirements is auto-processed and approved immediately upon submission. For more information about eTerminal Disclaimers, refer to www.uspto.gov/patents/process/file/efs/guidance/eTD-info-I.jsp.
Claims 1-20 rejected on the ground of nonstatutory double patenting as being unpatentable over 1, 13, and 18 of U.S. Patent No. 9,882,888 B2 in view of Auradukar and Shankaranarayanan. The claims of the patent lack disclosure of “separately,” but at least FIG. 23 and [0218] of Auradakar disclose such. Therefore, it would have been obvious to one of ordinary skill in the art before the filing date of Applicant’s invention to modify the teachings of the patent to include support for separate encryption because the substitution of one known element for another would have yielded predictable results to one of ordinary skill in the art at the time of the invention. The claims further lack disclosure of “receiving authorization permission to authorize a restore request from one or more authorized sources” and “in response to receiving the authorization permission.” However, at least the abstract, FIG. 4, 

Instant Application
US 9,882,888 B2
1. (Currently Amended) A computer implemented method, comprising: encrypting a cryptographic key with a restore key; providing metadata comprising first information associated with the cryptographic key and second information associated with the restore key; separately encrypting the metadata with the restore key to generate encrypted metadata; sending the encrypted cryptographic key and the encrypted metadata; receiving a copy of the encrypted cryptographic key and a copy of the encrypted metadata; receiving authorization permission to authorize a restore request from one or more authorized sources; and determining, in response to receiving the authorization permission, whether to authorize [[a]] the restore request based at least in part on comparing the copy of the encrypted metadata with the encrypted metadata.
Claim 1.
A computer implemented method for managing a cryptographic key, comprising:
storing, in a data store managed by a key management service, a cryptographic key for use in encrypting data for a customer of a service provider associated with the cryptographic key, the key management service being operated in a service provider environment of the service provider, the cryptographic key associated with metadata;
receiving a suspend request to suspend storage of the cryptographic key by the key management service; generating a restore key to be associated with the customer;
encrypting the cryptographic key with the restore key and the metadata with the restore key; retaining a copy of the metadata as encrypted under the restore key;
sending, to the customer, the cryptographic key as encrypted under the restore key;
sending to the customer the metadata as encrypted under the restore key;
destroying any copy of the cryptographic key stored by the key management service;
receiving a restore request to cause to the key management service to store a copy of the cryptographic key, the restore request including a copy of the cryptographic key as encrypted under the restore key and a copy of the metadata as encrypted under the restore key; comparing the copy of the metadata as encrypted under the restore key received with the restore request with the copy of the metadata as encrypted under the restore key; and authorizing the restore request based at least in part on the comparing.
receiving authorization permission to authorize a restore request from one or more authorized sources; and determine, in response to receiving the authorization permission, whether to authorize [[a]] the restore request based at least in part on comparing the copy of the encrypted metadata with the encrypted metadata.
Claim 13.
A computing system, comprising:
at least one processor; and
memory including instructions that, when executed by the at least one processor, cause the computing system to: store, on behalf of a customer, a local copy of a secret usable by a key management service; receive a request to suspend storage of the local copy of the secret, the local copy of the secret associated with metadata; encrypt the local copy of the secret with information usable to obtain the local copy of the secret and the metadata with the information; provide the customer with the local copy of the secret encrypted with the information; provide the customer with the metadata encrypted with the information; destroy the local copy of the secret; receive a restore request to store a copy of the secret, the restore request including the local copy of the secret as encrypted under the information and a copy of the metadata as encrypted under the information; compare the metadata as encrypted under the information received with the restore request with the metadata as encrypted under the information; and decrypt the copy of the secret encrypted under the information using the information.
14. (Currently Amended) A non-transitory computer-readable storage medium including instructions that, when executed by at least one processor of a computing device, cause the computing device to: encrypt a cryptographic key with a restore key; provide metadata comprising first information receiving authorization permission to authorize a restore request from one or more authorized sources; and determine, in response to receiving the authorization permission, whether to authorize [[a]] the restore request based at least in part on comparing the copy of the encrypted metadata with the encrypted metadata.

A non-transitory computer readable storage medium storing one or more sequences of instructions executable by one or more processors to perform a set of operations comprising: storing, on behalf of a customer, a local copy of a encrypting the local copy of the secret with a restore key and the metadata with a restore key; providing the customer with the restore key encrypted with the restore key; providing the customer with the metadata encrypted with the restore key; destroying the restore key; receiving a restore request to store a copy of the secret, the restore request including a copy of the restore key encrypted with the restore key and the metadata encrypted with the restore key; comparing the metadata as encrypted under the restore key received with the restore request with the metadata as encrypted under the restore key; and decrypting the copy of the secret encrypted under the restore key using the restore key based at least in part on the comparing.


Claims 1-20 rejected on the ground of nonstatutory double patenting as being unpatentable over 1, 4, and 14, and 19 of U.S. Patent No. 9,071,429 B1 in view of Auradukar and Shankaranarayanan. The claims of the patent lack disclosure of “separately,” but at least FIG. 23 and [0218] of Auradakar disclose such. Therefore, it would have been obvious to one of ordinary skill in the art before the filing date of Applicant’s invention to modify the teachings of the patent to include support for separate encryption because the substitution of one known element for another would have yielded predictable results to one of ordinary skill in the art at the time of the invention. The claims further lack disclosure of “receiving authorization permission to authorize a restore request from one or more authorized sources” and “in response to receiving the authorization permission.” However, at least the abstract, FIG. 4, [0007], and [0055]-[0059] of Shankaranarayanan disclose password recovery via third party user authorization. Therefore, it would have been obvious to one of ordinary skill in the art before the filing date of Applicant’s invention to modify the teachings of the patent to include 

Instant Application
US 9,071,429 B1
1. (Currently Amended) A computer implemented method, comprising: encrypting a cryptographic key with a restore key; providing metadata comprising first information associated with the cryptographic key and second information associated with the restore key; separately encrypting the metadata with the restore key to generate encrypted metadata; sending the encrypted cryptographic key and the encrypted metadata; receiving a copy of the encrypted cryptographic key and a copy of the encrypted metadata; receiving authorization permission to authorize a restore request from one or more authorized sources; and determining, in response to receiving the authorization permission, whether to authorize [[a]] the restore request based at least in part on comparing the copy of the encrypted metadata with the encrypted metadata.
Claim 1.
A computer implemented method for managing a cryptographic key, comprising: storing, in a data store managed by a key management service, a cryptographic key for use in encrypting data for a customer of a service provider associated with the cryptographic key, the key management service being operated in a service provider environment of the service provider; receiving a suspend request to suspend storage of the cryptographic key by the key management service; generating a restore key to be associated with the customer; encrypting the cryptographic key with the restore key; encrypting at least a portion of metadata associated with the cryptographic key under the restore key to generate encrypted metadata, the at least a portion of metadata being associated with the restore key; updating the at least a portion of metadata with audit information and retaining a copy of the encrypted metadata at the key management service; sending, to the customer, the cryptographic key as encrypted under the restore key; destroying any copy of the cryptographic key stored by the key management service; receiving a restore request to cause to the key management service to store a copy of the cryptographic key, the restore request including a copy of the cryptographic key as encrypted under the restore key; comparing at least a copy of metadata received with the restore request with the copy of the encrypted metadata at the key management service; authorizing the restore request based at least in part on the comparing; and decrypting the copy of the cryptographic key as encrypted 
receiving authorization permission to authorize a restore request from one or more authorized sources; and determine, in response to receiving the authorization permission, whether to authorize [[a]] the restore request based at least in part on comparing the copy of the encrypted metadata with the encrypted metadata.
Claim 14.
A computing system, comprising:
at least one processor; and memory including instructions that, when executed by the at least one processor, cause the computing system to: store, on behalf of a customer, a local copy of a secret usable by a key management service; receive a request at the key management service to suspend storage of the local copy of the secret; encrypt the local copy of the secret with information usable to obtain the local copy of the secret; encrypt at least a portion of metadata associated with the secret under the information to generate encrypted metadata, the at least a portion of metadata being associated with the information;
update the at least a portion of metadata with audit information and retain a copy of the encrypted metadata at the key management service; provide the customer with one of the encrypted secret or the information usable to reconstruct the local copy of the secret; destroy at least one copy of the local copy of the secret; in response to store a copy of the secret, the restore request including a copy of the secret encrypted under the information, comparing a copy of metadata received with the restore request with the copy of the encrypted metadata; authorizing the restore request based at least in part on the comparing; and decrypting the copy of the secret key as encrypted under the secret using the restore key.

14. (Currently Amended) A non-transitory computer-readable storage medium including instructions that, when executed by at least one processor of a computing device, cause the receiving authorization permission to authorize a restore request from one or more authorized sources; and determine, in response to receiving the authorization permission, whether to authorize [[a]] the restore request based at least in part on comparing the copy of the encrypted metadata with the encrypted metadata.

A non-transitory computer readable storage medium storing one or more sequences of instructions executable by one or more processors to perform a set of operations comprising: storing, on behalf of a customer, a local copy of a secret; receiving a request at a key management service to suspend storage of the local copy of the secret; encrypting the local copy of the secret with a restore key; encrypting at least a portion of metadata associated with the secret under the restore key to generate encrypted metadata, the at least a portion of metadata being associated with the restore key; updating the at least a portion of metadata with audit information and retaining a copy of the encrypted metadata at the key management service;
providing the customer with the restore key;
destroying at least one copy of the local copy of the secret; in response to a request to store a copy of the secret, the restore request including a copy of the secret encrypted under the restore key, comparing a copy of metadata received with the restore request with the copy of the encrypted metadata; authorizing the restore request based at least in part on the comparing; and decrypting the copy of the secret key as encrypted under the secret using the restore key.


Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claim 1-2, 5, 7-8, and 13-15  is/are rejected under 35 U.S.C. 103 as being unpatentable over Thomlinson (US 6,044,155) in view of Barrus (US 9,432,182 B2) and Shankaranarayanan (US 2011/0107400 A1).

Regarding claim 1, Thomlinson discloses: A computer implemented method, comprising:
encrypting a cryptographic key with a restore key;
providing metadata comprising first information associated with the cryptographic key and second information associated with the restore key;
generate an encrypted cryptographic key and encrypted metadata;
sending the encrypted cryptographic key and the encrypted metadata;
Refer to at least the abstract, FIG. 4, Col. 11, Ll. 7-60, and Col. 13, Ll. 60-Col. 14, Ll. 21 of Thomlinson with respect to a server encrypting a received master key of a client device and associated metadata (e.g., IDs, MAC).
receiving a copy of the encrypted cryptographic key and a copy of the encrypted metadata; and
Refer to at least the abstract, FIG. 5, Col. 11, Ll. 61-5, and Col. 14, Ll. 30-61 of Thomlinson with respect to the client providing the server with an encrypted master key and associated metadata. 
determining whether to authorize the restore request based at least in part on comparing the copy of the encrypted metadata with the encrypted metadata.
Refer to at least the abstract, FIG. 5, and Col. 14, Ll. 61-Col. 15, Ll. 21 of Thomlinson with respect to the server determining whether to proceed with recovery based on determined values of the associated metadata. 
Thomlinson does not disclose: separately encrypting the metadata with the restore key; receiving authorization permission to authorize a restore request from one or more authorized sources; [determining whether to authorize] in response to receiving the authorization permission. However, Thomlinson in view of Barrus discloses: separately encrypting the metadata with the restore key;
Refer to at least Col. 2, Ll. 58-Col. 3, Ll. 12, Col. 15, Ll. 18-26, and Col. 15, Ll. 59-62 of Barrus with respect to encrypting metadata associated with an encrypted content under the same key as the encrypted content. Further, the encryption takes place after that of the content.
Thomlinson-Barrus does not disclose: receiving authorization permission to authorize a restore request from one or more authorized sources; [determining whether to authorize] in response to receiving the authorization permission. However, Tomlinson-Barrus in view of Shankaranarayanan discloses: receiving authorization permission to authorize a restore request from one or more authorized sources; [determining whether to authorize] in response to receiving the authorization permission.
Refer to at least the abstract, FIG. 4, [0007], and [0055]-[0059] of Shankaranarayanan with respect to password recovery via third party user authorization, including a plurality of users in one embodiment.
The teachings of Thomlinson and Barrus are considered to be combinable where they both concern encryption and storage of data and metadata. The teachings of Shankaranarayanan concern key recovery, and are likewise considered to be combinable.
Therefore it would have been obvious to one of ordinary skill in the art before the filing date of Applicant’s invention to modify the teachings of Thomlinson to include support for separate encryption under the same key because the substitution of one known element for another would have yielded predictable results to one of ordinary skill in the art at the time. It further would have been obvious to modify the teachings to include authorization via additional users for at least the purpose of increasing security and reducing the chance of successful account compromise (e.g., [0062] of Shankaranarayanan).

Regarding claim 2, Thomlinson-Barrus-Shankaranarayanan  discloses: The computer implemented method of claim 1, further comprising: storing, in a data store managed by a key management service, the cryptographic key for use in encrypting data for a customer of a service provider associated with the cryptographic key, the key management service being operated in a service provider environment of the service provider, the cryptographic key associated with the metadata.
Refer to at least FIG. 2, Col. 2, Ll. 37-53, and Col. 7, Ll. 27-60 of Thomlinson with respect to applications and/or storage providers managed by the server for storing client data.

Regarding claim 5, it is rejected for substantially the same reasons as claim 1 above (i.e., the citations with respect to the restore request).

Regarding independent claim 7, it is substantially similar to independent claim 1 above, but is in system form. Accordingly, it is rejected for substantially the same reasons as claim 1 (further see at least FIG. 1-2 of Thomlinson with respect to system elements).

Regarding claim 8, it is rejected for substantially the same reasons as claim 5 above.

Regarding claim 13, it is rejected for substantially the same reasons as claim 2 above.

 Regarding independent claim 14, it is substantially similar to independent claim 1 above, but is in CRM form. Accordingly, it is rejected for substantially the same reasons as claim 1 (further see at least FIG. 1 and Col. 5, Ll. 60-Col. 6, Ll. 45 of Thomlinson with respect to CRM elements).

Regarding claim 15, it is rejected for substantially the same reasons as claim 5 above.

3 and 20 is/are rejected under 35 U.S.C. 103 as being unpatentable over Thomlinson-Barrus-Shankaranarayanan  as applied to claims 1-2, 5, 7-8, and 13-15 above, and further in view of Ingalls (US 2013/0212367 A1) and Kohno (US 9,489,523 B2).

Regarding claim 3, Thomlinson-Barrus-Shankaranarayanan  does not fully disclose all elements of: updating the metadata with audit information indicating at least one of a customer initiating a suspend request or a time of initiating the suspend request. However, Thomlinson-Barrus-Shankaranarayanan  in view of Ingalls and Kohno discloses: updating the metadata with audit information indicating at least one of a customer initiating a suspend request or a time of initiating the suspend request.
Refer to at least the abstract, FIG. 2-3, [0030], [0035], [0040], and [0052] of Ingalls, wherein a key is occluded in response to an event such as a policy violation, a revocation, and/or a user request (also see [0066] of Ingalls). 
Refer to at least Col. 2, Ll. 15-44, Col. 7, Ll. 50-Col. 8, Ll. 13, and Col. 9, ll. 6-16 of Kohno with respect to updating audit data per every user request.
The teachings of Thomlinson-Barrus-Shankaranarayanan , Ingalls, and Kohno concern key storage, management, and encryption. Accordingly, they are considered to be combinable as such.
Therefore it would have been obvious to one of ordinary skill in the art before the filing date of Applicant’s invention to modify the teachings of Thomlinson-Barrus-Shankaranarayanan  to include support for suspend requests and auditing information for at least the purposes outlined in at least [0066] of Ingalls and Col. 5, Ll. 38-50 of Kohno. Further, all of the claimed elements were known in the prior art and one skilled in the art could have combined the elements as claimed by known methods with no change in their respective functions, and the combination would have yielded predictable results to one of ordinary skill in the art at the time of the invention.

Regarding claim 20, it is substantially similar to claim 3 above, and is therefore likewise rejected.

Claim 4 is/are rejected under 35 U.S.C. 103 as being unpatentable over Thomlinson-Barrus-Shankaranarayanan  as applied to claims 1-2, 5, 7-8, and 13-15 above, and further in view of Ingalls (US 2013/0212367 A1).

Regarding claim 4, Thomlinson-Barrus-Shankaranarayanan  discloses: The computer implemented method of claim 1, further comprising: generating the restore key. retaining a copy of the encrypted metadata;
Refer to at least FIG. 3 of Thomlinson with respect to key generation.
Refer to at least Col. 11, LI. 54-60 of Thomlinson with respect to storing a form of claimed metadata. Refer to at least FIG. 4-5 regarding creation and storage of a form of claimed metadata.
Thomlinson-Barrus-Shankaranarayanan  does not fully disclose all elements of: receiving a suspend request to suspend storage of the cryptographic key; destroying any copy of the cryptographic key. However, Thomlinson-Barrus-Shankaranarayanan  in view of Ingalls discloses: receiving a suspend request to suspend storage of the cryptographic key; destroying any copy of the cryptographic key.
Refer to at least the abstract, FIG. 2-3, [0030], [0035], [0040], and [0052] of Ingalls, wherein a key is occluded in response to an event such as a policy violation, a revocation, and/or a user request (also see [0066] of Ingalls). The Occlusion operation of Ingalls is disclosed as encompassing destruction of the key.
The teachings of Thomlinson-Barrus-Shankaranarayanan  and Ingalls concern key storage, management, and encryption. Accordingly, they are considered to be combinable as such.
.

Claim 6 is/are rejected under 35 U.S.C. 103 as being unpatentable over Thomlinson-Barrus-Shankaranarayanan  as applied to claims 1-2, 5, 7-8, and 13-15 above, and further in view of Kohno (US 9,489,523 B2).

Regarding claim 6, Thomlinson-Barrus-Shankaranarayanan  does not fully disclose all elements of: sending the encrypted cryptographic key to a first customer; and sending the encrypted metadata to a second customer. However, Thomlinson-Barrus-Shankaranarayanan  in view of Kohno discloses: sending the encrypted cryptographic key to a first customer; and sending the encrypted metadata to a second customer.
Refer to at least FIG. 4 and Col. 15, Ll. 22-30 of Kohno with respect to key requests from a first device and auditing data being associated with its paired device. 
The teachings of Thomlinson-Barrus-Shankaranarayanan  and Kohno concern key storage, management, and encryption. Accordingly, they are considered to be combinable as such.
Therefore it would have been obvious to one of ordinary skill in the art before the filing date of Applicant’s invention to modify the teachings of Thomlinson-Barrus-Shankaranarayanan  to include support for paired devices for at least the purposes outlined in at least Col. 12, Ll. 44-Col. 13, Ll. 20 of Kohno. Further, all of the claimed elements were known in the prior art and one skilled in the art could have combined the elements as claimed by known methods with no .

Claim 9 and 16 is/are rejected under 35 U.S.C. 103 as being unpatentable over Thomlinson-Barrus-Shankaranarayanan  as applied to claims 1-2, 5, 7-8, and 13-15 above, and further in view of Official Notice.

Regarding claim 9, Thomlinson-Barrus-Shankaranarayanan  does not fully disclose all elements of: decrypt the copy of the encrypted cryptographic key using the restore key at an expiration of a predetermined period of time. However, the examiner hereby takes Official Notice that it was common knowledge in the art before the filing date of Applicant’s invention to enable a wait period for various commands and/or functions. Therefore it would have been obvious to one of ordinary skill in the art before the filing date of Applicant’s invention to modify the teachings of Thomlinson-Barrus-Shankaranarayanan  to include support for enabling a wait period to perform decryption because all of the claimed elements were known in the prior art and one skilled in the art could have combined the elements as claimed by known methods with no change in their respective functions, and the combination would have yielded predictable results to one of ordinary skill in the art at the time of the invention.

Regarding claim 16, it is substantially similar to claim 9 above, and is therefore likewise rejected.

Claim 10 and 17 is/are rejected under 35 U.S.C. 103 as being unpatentable over Thomlinson-Barrus-Shankaranarayanan  as applied to claims 1-2, 5, 7-8, and 13-15 above, and further in view of Al-Salqan (US 6,549,626 B1).

flag the encrypted cryptographic key as pending deletion; and destroy any copy of the cryptographic key when an acknowledgment of receipt of the encrypted cryptographic key is received; or provide a copy of the encrypted cryptographic key when a determined amount of time passes before the acknowledgment of receipt is received. However, Thomlinson-Barrus-Shankaranarayanan  in view of Al-Salqan discloses: flag the encrypted cryptographic key as pending deletion; and destroy any copy of the cryptographic key when an acknowledgment of receipt of the encrypted cryptographic key is received; or provide a copy of the encrypted cryptographic key when a determined amount of time passes before the acknowledgment of receipt is received.
Refer to at least Col. 4-5, LI. 62-9 of Al-Salqan with respect to deletion of a key recovery file from key recovery file storage after its provision, 
Col. 7, LI. 1 -10 of Al-Salqan are also believed to be applicable.
The teachings of Thomlinson-Barrus-Shankaranarayanan -lngalls are combinable with the teachings of Al-Salqan at least because they concern secure storage of keys, key recovery operations.
Therefore it would have been obvious to one of ordinary skill in the art at the time of Applicant's invention to modify the teachings of Thomlinson-Barrus-Shankaranarayanan  with the teachings of Al-Salqan such that any copy of the secret is deleted after its provision because all of the claimed elements were known in the prior art and one skilled in the art could have combined the elements as claimed by known methods with no change in their respective functions, and the combination would have yielded predictable results to one of ordinary skill in the art at the time of the invention.

Regarding claim 17, it is substantially similar to claim 10 above, and is therefore likewise rejected.

Claim 11 and 18 is/are rejected under 35 U.S.C. 103 as being unpatentable over Thomlinson-Barrus-Shankaranarayanan  as applied to claims 1-2, 5, 7-8, and 13-15 above, and further in view of Lee (US 8,565,422 B2).

Regarding claim 11, Thomlinson-Barrus-Shankaranarayanan  does not fully disclose all elements of: encrypt the restore key using a second restore key at an expiration of an interval of time; and send a copy of the restore key encrypted under the second restore key; or receive the copy of the encrypted cryptographic key, decrypt the encrypted cryptographic key, and encrypt the cryptographic key using the second restore key. However, Thomlinson-Barrus-Shankaranarayanan  in view of Lee discloses: encrypt the restore key using a second restore key at an expiration of an interval of time; and send a copy of the restore key encrypted under the second restore key; or receive the copy of the encrypted cryptographic key, decrypt the encrypted cryptographic key, and encrypt the cryptographic key using the second restore key.
Refer to at least Col. 9, Ll. 46-Col. 10, Ll.18 of Lee with respect to key rotation for a key storage and management device.
The teachings of Thomlinson-Barrus-Shankaranarayanan  are combinable with the teachings Lee at least because they concern secure storage of keys, key recovery operations.
Therefore it would have been obvious to one of ordinary skill in the art at the time of Applicant's invention to modify the teachings of Thomlinson-Barrus-Shankaranarayanan  with the teachings of Lee to include support for key rotation for at least the purpose of increasing security (i.e., the increased security from key freshness; reduced risk of total compromise).

Regarding claim 18, it is substantially similar to claim 11 above, and is therefore likewise rejected.

Allowable Subject Matter
Claims 12 and 19 objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims.

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.

Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to VADIM SAVENKOV whose telephone number is (571)270-5751.  The examiner can normally be reached on 12PM-8PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is 
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jeffrey L Nickerson can be reached on (469) 295-9235.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/Jeffrey Nickerson/Supervisory Patent Examiner, Art Unit 2432                                                                                                                                                                                                        




/V.S/Examiner, Art Unit 2432