Notice of AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.

Claims 8-13 and 18-22 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA  35 U.S.C. 112, the applicant), regards as the invention. Specifically, Claim 8 (and 18) recite the limitation “one or more processors configured to be capable of executing the stored programmed instructions to”, and applicants do not point out clearly if the computing system/apparatus is in fact programmed to perform the steps. Therefore, this limitation with these ambiguous terms is indefinite with the present application. The examiner will interpret this limitation with the regarding claims as best understood for applying appropriate art for rejection purposes. Appropriate correction is required.
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1-4, 6, 8-10, 12, 14, 16, 18, 19, and 21 are rejected under 35 U.S.C. 103 as being unpatentable over Rudzitis et al. (US 20190342079), hereinafter Rudzitis in view of  Dayka et al. (US 20170093818), hereinafter Dayka.
Regarding Claim 1, Rudzitis teaches
	A secure communications method implemented in cooperation with a network traffic management system comprising one or more network traffic management modules, networking modules, or server modules, the method comprising: receiving an initial request to perform a first cryptographic operation using a key stored in security hardware circuitry ([Abstract] A network-based service for the management of cryptographic key, such as a key management service ("KMS"), provides a web service application programming interface ("API"). Cryptographic keys managed by the service may be stored in a one or more network-connected cryptographic devices such as network-connected hardware security modules ("HSM"). The key management service maintains metadata associated with the cryptographic keys. When a request is received by the key management service, the key management service uses an identifier provided with the request to identify metadata associated with a cryptographic key used to fulfill the request),
	the initial request identifying the key using a persistent attribute of the key (Para [0023] FIG. 2 illustrates an example of a system 200 that includes a key management server that manages keys stored in an HSM, in an embodiment. …  In an embodiment the request includes a key identifier. … );
	in response to servicing the initial request, using the persistent attribute of the key to query the security hardware circuitry to receive a volatile attribute of the key from the security hardware circuitry (Para [0024] In an embodiment, the request including the key identifier is received at a key management service 208 hosted by the key management server 202. … In an embodiment, the key management service 208 queries a database 210 in order to retrieve metadata 212 associated with the provided key identifier. In an embodiment, the metadata includes a key handle which, as a result of being provided to an HSM identified in the metadata 212, identifies a particular key on the HSM);
	storing the volatile attribute of the key external to the security hardware circuitry to enable subsequent requests to perform cryptographic operations on the security hardware circuitry without Para [0016] FIG. 1 illustrates an example of a system 100 that manages cryptographic keys that are stored in a hardware security module, in an embodiment. In an embodiment, a key management service 102 is a managed service that allows customers to create, delete, rotate, and use cryptographic keys on behalf of the customer.  … Para [0018]… In an embodiment, the key management service 102 identifies the cryptographic key associated with the information, and connects to a database 108 to retrieve a set of metadata 110 associated with the identified cryptographic key. In an embodiment, the database 108 may be a relational database, data store, data structure, key-value store, or memory that contains the metadata. The database 108 may be a memory in the computer system that hosts the key management service 102 or storage device external to the computer system that hosts the key management service 102 that is accessible via a computer network or external connection);
	the subsequent request identifying the key using the persistent attribute of the key (Para [0023] FIG. 2 illustrates an example of a system 200 that includes a key management server that manages keys stored in an HSM, in an embodiment. …  In an embodiment the request includes a key identifier. … ); and
	servicing the subsequent request by using the security hardware circuitry and identifying the key using the stored volatile attribute of the key without querying the security hardware circuitry for the volatile attribute of the key (Para [0045] In an embodiment, at block 708, the HSM returns a key identifier to the key management server for use in referencing the cryptographic key. In an embodiment, at block 710, the key management server generates a label for the cryptographic key, and at block 712, the key identifier and the label are stored as metadata in a data store accessible to the key management server. In an embodiment, at block 714, the key label is returned to the requester. In an embodiment, the requester, or other entity, may perform cryptographic operations using the cryptographic key by identifying the cryptographic key with the label to the key management service).
receiving a subsequent request to perform a second cryptographic operation using the key stored in the security hardware circuitry.
	In the same field of endeavor, Dayka teaches
	receiving a subsequent request to perform a second cryptographic operation using the key stored in the security hardware circuitry (Para [0035] Upon receiving the request from the source application 110, the source domain CSP 120, runs the encryption module 125, and runs the authentication module 130 with a result generated by the encryption module 125.  Para [0045] The present method may be implemented as a hardware security module that may comprise a central processing unit (CPU) and a pre-processing unit dedicated to cryptography service provider (CSP), comprising the encryption module 125, the decryption module 160, the authentication module 130, the verification module 155, and an instance of the CSP storage 135, 165).
	It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the method taught by Rudzitis to incorporate teachings of Dayka such that the method of Rudzitis includes receiving a subsequent request to perform a second cryptographic operation using the key stored in the security hardware circuitry. One would have been motivated to make such combination in order to provide multi-level security (MLS) for cryptography service provider (CSP). (Dayka, para [0066]).
	Regarding Claim 2, the combination of Rudzitis and Dayka teaches all the limitations of claim 1 above,
	wherein the security hardware circuitry is a hardware security module (Dayka, Para [0045] The present method may be implemented as a hardware security module that may comprise a central processing unit (CPU) and a pre-processing unit dedicated to cryptography service provider (CSP), comprising the encryption module 125, the decryption module 160, the authentication module 130, the verification module 155, and an instance of the CSP storage 135, 165).

	Regarding Claim 3, the combination of Rudzitis and Dayka teaches all the limitations of claim 1 above,
	wherein communication with the security hardware circuitry is performed using a Public Key Cryptography Standard (Dayka, Para [0018] An example of a CSP API, may be Public Key Cryptography Standards (PKCS) #11, which is one of the industry-accepted standards of cryptography service that is provided by RSA.RTM. Laboratories of RSA Security LLC. (RSA is a registered trademark of EMC Corporation, Hopkinton, Mass., USA.) PKCS #11 specifies an application programming interface (API) to devices, which hold cryptographic information and run cryptographic functions. Another example of a CSP API may be Secure IBM Enterprise Public Key Cryptography Standards (PKCS) #11 (EP11), which will be discussed in greater detail herein. (IBM.RTM. is a registered trademarks of International Business Machines Corporation, Armonk, N.Y., USA.)).
	The motivation/rationale to combine the references is similar to claim 1 above.
	Regarding Claim 4, the combination of Rudzitis and Dayka teaches all the limitations of claim 1 above,
	wherein the persistent attribute of the key is a name of the key and the volatile attribute of the key is a key handle assigned by the security hardware circuitry for a thread of execution accessing the security hardware circuitry using a given session (Rudzitis, Para [0028] … In an embodiment, the key management service 308 queries a database 310 in order to retrieve metadata 312 associated with the provided key identifier. In an embodiment, the metadata includes a key handle which, as a result of being provided to an HSM identified in the metadata 312, identifies a particular key on the HSM).
	Regarding Claim 6, the combination of Rudzitis and Dayka teaches all the limitations of claim 1 above,
Dayka, Para [0058] The CSP storage 190 represents exemplary attributes of the key/type evolution in implementing MLS-capable CSP. The example illustrates how the validity of each key/type transformation may be verified locally by each MLS operation, how to combine attributes pursuant to merging service requested, key-specific attributes, and MLS restrictions embedded into the backend);
	in response to detecting that the volatile attribute of the key is invalid (Dayka, Para [0059] One instance MLS restrictions for the encryption module 125E comprises key properties for encryption KE, system rule for encryption RE, and data properties for encryption DE. The key properties for encryption KE are represented as "CKA_ENCRYPT=TRUE" indicating that an encryption key is enabled to encrypt and that by applying the encryption key, the plaintext data is transformed into ciphertext. The system rule for encryption RE is represented as "CKA_KEY TYPE=D1-D2" indicating that Type 1 data (D1) may be transformed into Type 2 data (D2) by the encryption key. The data properties for encryption DE is represented as "INPUT_TYPE=D1, OUTPUT_TYPE=D2" indicating that the encryption module takes plaintext tagged as Type 1/D 1 as input and generates ciphertext tagged as Type 2/D2 that is corresponding to the input D1. Where an encryption-incapable keys, as represented by "CKA_ENCRYPT=FALSE," or type-transformation rules other than from D1 to D2, the encryption module does not proceed with encryption but returns to the source application, reporting error), 
	performing a new query of the security hardware circuitry to receive a new volatile attribute of the key, the new query identifying the key using the persistent attribute of the key (Rudzitis, Para [0024] In an embodiment, the request including the key identifier is received at a key management service 208 hosted by the key management server 202. … In an embodiment, the key management service 208 queries a database 210 in order to retrieve metadata 212 associated with the provided key identifier. In an embodiment, the metadata includes a key handle which, as a result of being provided to an HSM identified in the metadata 212, identifies a particular key on the HSM); and
Rudzitis, Para [0016] FIG. 1 illustrates an example of a system 100 that manages cryptographic keys that are stored in a hardware security module, in an embodiment. In an embodiment, a key management service 102 is a managed service that allows customers to create, delete, rotate, and use cryptographic keys on behalf of the customer.  …  Para [0018]… In an embodiment, the key management service 102 identifies the cryptographic key associated with the information, and connects to a database 108 to retrieve a set of metadata 110 associated with the identified cryptographic key. In an embodiment, the database 108 may be a relational database, data store, data structure, key-value store, or memory that contains the metadata. The database 108 may be a memory in the computer system that hosts the key management service 102 or storage device external to the computer system that hosts the key management service 102 that is accessible via a computer network or external connection).
	The motivation/rationale to combine the references is similar to claim 1 above.
Regarding Claims 8, 14 and 18,
Claims 8, 14 and 18 are rejected for similar reasons as in claim 1.
Regarding Claim 9,
Claims 9 is rejected for similar reasons as in claim 4.
Regarding Claim 10,
Claims 10 is rejected for similar reasons as in claim 2.
Regarding Claims 12, 16 and 21,
Claims 12, 16 and 21 are rejected for similar reasons as in claim 6.
Regarding Claim 19,
Claims 19 is rejected for similar reasons as in claim 3.
Claims 5, 11, 15, and 20 are rejected under 35 U.S.C. 103 as being unpatentable over Rudzitis et al. (US 20190342079), hereinafter Rudzitis in view of  Dayka et al. (US 20170093818), hereinafter Dayka in view of O'Loughlin et al. (US 20120102334), hereinafter O'Loughlin.
	Regarding Claim 5, the combination of Rudzitis and Dayka teaches all the limitations of claim 1 above,
	in response to the first thread receiving the volatile attribute of the key, performing a plurality of queries of the security hardware circuitry for the remaining plurality of threads of execution to obtain a respective volatile attribute of the key for each thread of the remaining plurality of threads of execution (Rudzitis, Para [0024] In an embodiment, the request including the key identifier is received at a key management service 208 hosted by the key management server 202. … In an embodiment, the key management service 208 queries a database 210 in order to retrieve metadata 212 associated with the provided key identifier. In an embodiment, the metadata includes a key handle which, as a result of being provided to an HSM identified in the metadata 212, identifies a particular key on the HSM); and
	storing the respective volatile attributes of the key for the remaining plurality of threads of execution in a data structure external to the security hardware circuitry (Rudzitis, Para [0016] FIG. 1 illustrates an example of a system 100 that manages cryptographic keys that are stored in a hardware security module, in an embodiment. In an embodiment, a key management service 102 is a managed service that allows customers to create, delete, rotate, and use cryptographic keys on behalf of the customer.  …  Para [0018]… In an embodiment, the key management service 102 identifies the cryptographic key associated with the information, and connects to a database 108 to retrieve a set of metadata 110 associated with the identified cryptographic key. In an embodiment, the database 108 may be a relational database, data store, data structure, key-value store, or memory that contains the metadata. The database 108 may be a memory in the computer system that hosts the key management service 102 or storage device external to the computer system that hosts the key management service 102 that is accessible via a computer network or external connection).
	The combination of Rudzitis and Dayka does not explicitly teach a method wherein the initial request is assigned to be executed by a first thread of a plurality of threads of execution, and the method further comprises.
	In the same field of endeavor, O'Loughlin teaches
	wherein the initial request is assigned to be executed by a first thread of a plurality of threads of execution, and the method further comprises (Para [0097] As noted above, the controller 22 monitors a list of jobs for each appliance 18. This creates a multithreaded design which allows each appliance 18 to be serviced independently of the others. In addition, jobs on each appliance 18 may also be performed concurrently and independently of the others. … A time synchronization utility is also provided to synchronize time on each appliance 18 with the controller 22 to ensure that the system time and the HSM time on the controller 22 and appliances 18 are specified in UTC and are the same).
	It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the method taught by the combination of Rudzitis and Dayka to incorporate teachings of O'Loughlin such that the method of the combination of Rudzitis and Dayka includes wherein the initial request is assigned to be executed by a first thread of a plurality of threads of execution.  One would have been motivated to make such combination in order to provide multithreaded design which allows each appliance to be serviced independently of the others. In addition, jobs on each appliance may also be performed concurrently and independently of the others. (O'Loughlin, para [0097]).
Regarding Claims 11, 15 and 20,
Claims 11, 15 and 20 are rejected for similar reasons as in claim 5.
Claims 7, 13, 17, and 22 are rejected under 35 U.S.C. 103 as being unpatentable over Rudzitis et al. (US 20190342079), hereinafter Rudzitis in view of  Dayka et al. (US 20170093818), hereinafter Dayka in view of Norum (US 20200059373), hereinafter Norum.
	 Regarding Claim 7, the combination of Rudzitis and Dayka teaches all the limitations of claim 1 above,
	[wherein] using the new session, querying the security hardware circuitry to receive a new volatile attribute of the key (Rudzitis, Para [0024] In an embodiment, the request including the key identifier is received at a key management service 208 hosted by the key management server 202. … In an embodiment, the key management service 208 queries a database 210 in order to retrieve metadata 212 associated with the provided key identifier. In an embodiment, the metadata includes a key handle which, as a result of being provided to an HSM identified in the metadata 212, identifies a particular key on the HSM); and
	storing the new volatile attribute of the key in a data structure external to the security hardware circuitry (Rudzitis, Para [0016] FIG. 1 illustrates an example of a system 100 that manages cryptographic keys that are stored in a hardware security module, in an embodiment. In an embodiment, a key management service 102 is a managed service that allows customers to create, delete, rotate, and use cryptographic keys on behalf of the customer.  …  Para [0018]… In an embodiment, the key management service 102 identifies the cryptographic key associated with the information, and connects to a database 108 to retrieve a set of metadata 110 associated with the identified cryptographic key. In an embodiment, the database 108 may be a relational database, data store, data structure, key-value store, or memory that contains the metadata. The database 108 may be a memory in the computer system that hosts the key management service 102 or storage device external to the computer system that hosts the key management service 102 that is accessible via a computer network or external connection).
further comprising: detecting that a session associated with the key is no longer valid; establishing a new session with the security hardware circuitry.
	In the same field of endeavor, Norum teaches
	The method of claim 1, further comprising: detecting that a session associated with the key is no longer valid (Para [0092] The system may receive 1108 a request to establish a cryptographically protected communication session. The request may be made by an HSM in the fleet of a virtual HSM. As part of the request to establish the session, the system may receive a digital certificate that is signed, either directly or indirectly (e.g., verifiable via a chain of trust) by a service certificate authority and a manufacturer certificate authority.  … Para [0093] The system may determine whether a digital certificate is valid by determining whether one or more digital signatures found on the certificate is authentic, whether the digital certificate is signed by a required signatory, and/or whether a chain of trust from the certificate to a trusted certificate authority is unbroken. Additionally, certificates that have expired, been revoked, been blacklisted, or known to be compromised may also be determined to be invalid);
	establishing a new session with the security hardware circuitry (Para [0094] The system may establish 1116, after verifying the certificate is valid, a cryptographically protected communication session that was requested 1108. The system may, as part of establishing the cryptographically protected communication session or thereafter, receive a cryptographic key such as a fleet transfer key that may be used for decrypting key material. …).
	It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the method taught by the combination of Rudzitis and Dayka to incorporate teachings of Norum such that the method of the combination of Rudzitis and Dayka includes further comprising: detecting that a session associated with the key is no longer valid; 
Regarding Claims 13, 17 and 22,
Claims 13, 17 and 22 are rejected for similar reasons as in claim 7.
Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to HAMID TALAMINAEI whose telephone number is (571)270-3283.  The examiner can normally be reached on Flexible, M-F 7:30 -5:30.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Shewaye Gelagay can be reached on (571) 272-4219.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/HAMID TALAMINAEI/Examiner, Art Unit 2436                                                                                                                                                                                                        
/Kevin Bechtel/Primary Examiner, Art Unit 2491