Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Priority
2.	Application No.16/958104, filed 06/25/2020 is a national stage entry of PCT/EP2018/086576 , International Filing Date: 12/21/2018claims foreign priority to 17306983.2 , filed 12/29/2017. Thus, the effective filing date of applicant’s claimed invention is 12/29/2017. 

Drawings
3.	Applicant’s drawings filed on 06/25/2020 has been inspected and is in compliance with MPEP 608.02.

Specification
4.	The specification filed on 06/25/2020 is acceptable for examination proceedings.

Information Disclosure Statement
5.	The information disclosure statement (IDS) submitted on 06/25/2020, the submission is in compliance with the provisions of 37 CFR 1.97.  Accordingly, the information disclosure statement is being considered by the examiner.
Internet Communications
6. 	Applicant is encouraged to submit a written authorization for Internet communications (PTO/SB/439,
http://www.uspto.gov/sites/defauit/files/documents/sb0439.pdf) in the instant patent application to authorize the examiner to communicate with the applicant via email. The authorization will allow the examiner to better practice compact prosecution. The written authorization can be submitted via one of the following methods only. (1) Central Fax which can be found in the Conclusion section of this Office action; (2) regular postal mail; (3) EFS WEB; or (4) the service window on the Alexandria campus. EFS web is the recommended way to submit the form since this allows the form to be entered into the file wrapper within the same day (system dependent). Written authorization submitted via other methods, such as direct fax to the examiner or email, will not be accepted. See MPEP § 502.03.
Claim Rejections – 35 USC §103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  

The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:


7.	Claims 1-13 are rejected under 35 U.S.C. 103 as being unpatentable over Liu et al. (US Pub. No. US 2016/0254918 A1, hereinafter refer as to Liu) in view of Bannister et al. (US Pub. No. US 2020/0236093 A1, hereinafter refer as to Bannister).

As per claim 1, Liu discloses a method of preparing, at a key management system, an application key owned by an application owner for installation in a remote device (fig. 6 illustrates a flow diagram 600 for enabling trust-zone-based end-to-end security, for example), the method comprising: 
sending a device public key to the application owner, the device public key corresponding to a device private key stored on and specific to the device (fig. 6 and 8 show electronic device 300 transmits the one or more (e.g., two) public certificates that were ultimately signed by the manufacturer root CA private key to the TSP server (620), for example); 
5receiving an encrypted application key for an application associated with the application owner, the encrypted application key being encrypted with the device public key (fig. 8 show the electronic device receives one or more TSP certificates (step 815), and furthermore figs 6,7B and 8 show that transmitting a message including the information encrypted based on the one or more identified TSP public keys and a signature of the electronic device, for example). 

Liu fails to explicitly disclose processing the received encrypted application key with a symmetric device key, wherein the symmetric device key is specific to and stored on the remote device.  

However, Bannister discloses processing the received encrypted application key with a symmetric device key (para. 0077 discloses receiving, storing, and/or using such symmetric keys; after the initial asymmetric handshaking, a client application triggers a function call to encrypt data using the new shared symmetric key, which in turn triggers an instrumented sub-program that extracts the symmetric key and forwards it to a key/data aggregator, for example), wherein the symmetric device key is specific to and stored on the remote device (para. 0010 discloses establishing the encrypted connection between the computing device and the remote service involves initiating an asymmetric encryption handshake with the remote service and receiving a pinned certificate from the remote service, for example).  



Therefore, it would have been obvious to one ordinary skilled in the art before the effective filing date of applicant’s claimed invention to combine the teachings of Bannister with the teaching of Liu to extracting encryption keys to enable monitoring services [para. 0002 of Bannister].

As per claim 2 as applied above, the modified method of Liu as modified by Bannister discloses wherein the processing comprises encrypting the encrypted application key with a symmetric device encryption key (para. 0077 of Bannister discloses “… an encryption function that is using a shared secret to create a shared symmetric key to extract the shared symmetric key. In some scenarios, extracted asymmetric key information may also be sent to a key/data aggregator decrypt traffic flows between a client and a remote service” and furthermore, para. 0010 of Bannister discloses the computing device and remote service then exchange information using Diffie-Hellman perfect forward secrecy key establishment techniques to generate the encryption key as a shared symmetric key for the encrypted connection, for example). 
The same motivational statement applies as set forth above in claim 1.

As per claim 3 as applied above, the modified method of Liu as modified by Bannister discloses wherein the processing comprises adding or 15associating an application policy and/or identifier for the respective application to the encrypted application key (para. 0010 of Bannister discloses the computing device and remote service then exchange information using Diffie-Hellman perfect forward secrecy key establishment techniques to generate the encryption key as a shared symmetric key for the encrypted connection, for example).
The same motivational statement applies as set forth above in claim 1.

As per claim 4 as applied above, the modified method of Liu as modified by Bannister discloses wherein the processing comprises signing the encrypted application key with a symmetric device signature key (fig. 3 and fig. 6 of Liu and furthermore para. 0058 of Liu discloses the electronic device 300 and the TSP server 605 exchange, verify, and cache each other encryption and signature public keys for encryption and signature verification, for example).
  
As per claim 5 as applied above, the modified method of Liu as modified by Bannister discloses comprising sending a key seed for generating a transport key for installation of a further application key on the remote device (para. 0051 discloses for example, the exchange may occur via a direct connection or over an encrypted communication channel), wherein the key seed is generated using the application policy and/or application identifier for the respective application with 25a key derivation function stored at the key management system and remote device (para. 0055 and furthermore see figs. 1,4 and 9 of Liu, for example).  

As per claim 6, Liu discloses a method of installing an application key owned by an application owner in a remote device (fig. 6 illustrates a flow diagram 600 for enabling trust-zone-based end-to-end security, for example),, the method comprising: 
receiving a device public key from a key management system (figs. 1 and 4 to 9), the device public 30key corresponding to a device private key stored on and specific to the device (“…TSP public private key pairs include a unique signing public private key pair…”, see claim 18, for example); 
sending an encrypted application key associated with an application, the encrypted application key being encrypted with the device public key, to the key management system (fig. 6 and 8 show electronic device 300 transmits the one or more (e.g., two) public certificates that were ultimately signed by the manufacturer root CA private key to the TSP server (620), for example); WO 2019/129706PCT/EP2018/086576 16 
(fig. 8 show the electronic device receives one or more TSP certificates (step 815), and furthermore figs 6,7B and 8 show that transmitting a message including the information encrypted based on the one or more identified TSP public keys and a signature of the electronic device, for example). 

Liu fails to explicitly disclose wherein the symmetric signature device key is specific to and stored on the remote device; and sending the received processed encrypted application key to the remote device for installation.  

However, Bannister disclose wherein the symmetric signature device key is specific to and stored on the remote device (para. 0077 discloses receiving, storing, and/or using such symmetric keys; after the initial asymmetric handshaking, a client application triggers a function call to encrypt data using the new shared symmetric key, which in turn triggers an instrumented sub-program that extracts the symmetric key and forwards it to a key/data aggregator, for example),  and sending the received processed encrypted application key to the remote device for installation  (para. 0010 discloses establishing the encrypted connection between the computing device and the remote service involves initiating an asymmetric encryption handshake with the remote service and receiving a pinned certificate from the remote service, for example).  

Liu and Bannister are analogous art because they both are directed to monitoring computing devices to detect and prevent unauthorized behavior and one of ordinary skill in the art would have had a reasonable expectation of success to modify Liu with the specified features of Bannister because they are from the same field of endeavor.
Therefore, it would have been obvious to one ordinary skilled in the art before the effective filing date of applicant’s claimed invention to combine the teachings of Bannister with the teaching of Liu to extracting encryption keys to enable monitoring services [para. 0002 of Bannister].

10 As per claims 7 and 12 as applied above, the modified method of Liu as modified by Bannister discloses comprising receiving from the key management system a key seed, wherein the key seed is generated based on an application policy associated with the application key and application identifier using a key derivation function available at the key management system and the remote device (para. 0010 of Bannister discloses the computing device and remote service then exchange information using Diffie-Hellman perfect forward secrecy key establishment techniques to generate the encryption key as a shared symmetric key for the encrypted connection, for example); 15generating a transport key with a further key derivation function using the key seed and the application key, wherein the further key derivation function is also available at the remote device; encrypting a further application key with the transport key; and sending the encrypted further application key to the remote device for installation (para. 0010 of Bannister discloses establishing the encrypted connection between the computing device and the remote service involves initiating an asymmetric encryption handshake with the remote service and receiving a pinned certificate from the remote service, for example).    
The same motivational statement applies as set forth above in claim 6.

As per claim 8, Liu discloses a  device for executing an application using one or more application keys (fig. 3 show generated device unique private key for use by a trust-zone application 363 on the electronic device 300, for example), the device comprising a memory storing a private device key of a device public (para. 0006 discloses The electronic device includes at least one processor configured to generate one or more device certificates and one or more device public private key pairs. The one or more device certificates are signed using a device unique private key that is pre-stored on the electronic device, for example) and private key pair and a symmetric device key; 25a communication interface for receiving an encrypted application key of an application (fig. 3 and furthermore para. 0056  discloses the electronic device 300 device generates a unique signing certificate (e.g., dev_sign_cert) and a public private key pair and a unique encryption certificate (e.g., dev_enc_cert) and a public private key pair (610), for example) and 

Liu fails to explicitly disclose a processor configured to: receive the encrypted application key; process the received encrypted application key using the symmetric device key; 30and decrypt the processed encrypted application key using the private device key.  

However, Bannister disclose a processor configured to: receive the encrypted application key (para. 0010 discloses the computing device and remote service then exchange information using Diffie-Hellman perfect forward secrecy key establishment techniques to generate the encryption key as a shared symmetric key for the encrypted connection, for example); process the received encrypted application key using the symmetric device key; 30and decrypt the processed encrypted application key using the private device key  (para. 0010 discloses establishing the encrypted connection between the computing device and the remote service involves initiating an asymmetric encryption handshake with the remote service and receiving a pinned certificate from the remote service, for example).  

Liu and Bannister are analogous art because they both are directed to monitoring computing devices to detect and prevent unauthorized behavior and 
Therefore, it would have been obvious to one ordinary skilled in the art before the effective filing date of applicant’s claimed invention to combine the teachings of Bannister with the teaching of Liu to extracting encryption keys to enable monitoring services [para. 0002 of Bannister].

As per claim 9 as applied above, the modified method of Liu as modified by Bannister discloses wherein the processing comprises decrypting the encrypted application key with a symmetric device encryption key (para. 0077 of Bannister discloses “… an encryption function that is using a shared secret to create a shared symmetric key to extract the shared symmetric key. In some scenarios, extracted asymmetric key information may also be sent to a key/data aggregator decrypt traffic flows between a client and a remote service” and furthermore, para. 0010 of Bannister discloses the computing device and remote service then exchange information using Diffie-Hellman perfect forward secrecy key establishment techniques to generate the encryption key as a shared symmetric key for the encrypted connection, for example). 
The same motivational statement applies as set forth above in claim 8.
  
As per claim 10 as applied above, the modified method of Liu as modified by Bannister discloses wherein the processing comprises decrypting an encrypted application policy and identifier with a symmetric device encryption key for enabling execution of the application on the device based on the decrypted application policy (para. 0077 of Bannister discloses key harvesting techniques are leveraged to extract a symmetric key that is received after the asymmetric handshaking has been completed. For instance, instrumentation techniques may target functions and/or memory regions that are associated with receiving, storing, and/or using such symmetric keys; after the initial asymmetric handshaking, a client application triggers a function call to encrypt data using the new shared symmetric key, which in turn triggers an instrumented sub-program that extracts the symmetric key and forwards it to a key/data aggregator. Alternatively, the key harvesting techniques may be configured to target functions and/or applications that handle asymmetric key operations to extract an asymmetric key or a symmetric key as well. For example, an instrumented sub-program may be set to trigger on a call to an encryption function that is using a shared secret to create a shared symmetric key to extract the shared symmetric key. In some scenarios, extracted asymmetric key information may also be sent to a key/data aggregator decrypt traffic flows between a client and a remote service, for example).  

As per claim 11 as applied above, the modified method of Liu as modified by Bannister discloses wherein the processing comprises verifying a signature of the encrypted application key with a symmetric device signature key (fig. 8 of Liu show the electronic device receives one or more TSP certificates (step 815), and furthermore figs 6,7B and 8 show that transmitting a message including the information encrypted based on the one or more identified TSP public keys and a signature of the electronic device, for example). 

As per claim 13 as applied above, the modified method of Liu as modified by Bannister discloses wherein the decrypted further application key is 20configured to inherit the application policy associated with the received encrypted application key, for further usage (para. 0010 of Bannister discloses the computing device and remote service then exchange information using Diffie-Hellman perfect forward secrecy key establishment techniques to generate the encryption key as a shared symmetric key for the encrypted connection, for example). 
The same motivational statement applies as set forth above in claim 8.



Pertinent Art
8.	The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. 

Sokolov (US Patent 8,843,750 B1) provide  The security module intercepts an encrypted symmetric session key selected by the local application for use in the communications session, decrypts it using the private key generated for the CA, re-encrypts using the public key of the remote server in the received certificate, and transmits the re-encrypted symmetric session key to the remote server. The security module monitors subsequent message exchanges between the local application and the remote.

Gremaud et al. (US 2020/0344075 A1) provides a hardware security module communicatively coupled to a device for the provision of a symmetric key for protecting secret data for the device, the device being configured for executing applications using the secret data, the hardware security module comprising one or more processing modules configured to: verify a device public key of an asymmetric key pair associated with the device using first and/or second certificates of the asymmetric key pair for the respective device; receive a provisioning key from a secure source, the secure source being communicatively coupled with the device and the hardware module; and responsive to successful verification of the first and/or second certificates, transmit the provisioning key encrypted with the device public key to the device for decryption, wherein the provisioning key enables the device to use a first secret seed received from the secure source to generate the symmetric key with a second secret seed stored or generated by the device.

Wu (US patent 9,009,480 B1) provides the first symmetric encryption key has expired based on a validity period associated with the first symmetric encryption key, request a second symmetric encryption key from the device, receive the second symmetric encryption key from the device, and store the second symmetric encryption key in the key store. In some embodiments, the received second symmetric encryption key may be encrypted by the first symmetric encryption key during transmission from the device to the application.

Behren et al. (US 2012/0159148 A1) provide a trusted service manager (TSM) locally within a secure element of a contactless smart card payment device, used the method comprising: installing, in the secure element of the contactless smart card payment device, a TSM software application, wherein the TSM software application comprises computer code for executing a transmitting function to request application data and a decrypting function to decrypt an encrypted form of received application data, the received application data received at the contactless smart card device in response to a request by the transmitting function; storing, in the secure element, a private encryption key assigned to the TSM software application and a corresponding public encryption key; transmitting, by the transmitting function of the TSM software application, the request for application data to a registered remote non-TSM computer configured to access the public key; receiving, in the contactless smart card payment device from the remote non-TSM computer, the requested application data for installation in the secure element of the contactless smart card payment device, the received requested application data having been encrypted by the remote non-TSM computer using the public encryption key; and decrypting, by the decrypting function of the TSM software application, the encrypted received application data using the private key. 

Zunke (US 7,831,051 B2) provide the secure hardware device generates an authentication value and transmits said authentication value to the first application the first application encrypts the received authentication value with the symmetric key of said first secret set and transmits the encrypted authentication value, the secure hardware device decrypts the encrypted authentication value with the retrieved symmetric key of the first secret set and compares the decrypted authentication value with the generated authentication value and, only if both authentication values are identical, the secure hardware device uses the first session key for encrypting and decrypting.


Conclusion
9.	Any inquiry concerning this communication or earlier communications from the examiner should be directed to ABIY GETACHEW whose telephone number is (571)272-6932.  The examiner can normally be reached on Mon.-Fri. 9:00 AM - 5:30 PM.

Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.

If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Kambiz Zand can be reached on (571) 272-3811.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.

Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center 






A.G.
August 12, 2021
/ABIY GETACHEW/Primary Examiner, Art Unit 2434