DETAILED ACTION
Notice of AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.


Information Disclosure Statement
The information disclosure statements (IDS) submitted on 2019-05-14, 2019-06-18, 2019-08-15, 2019-11-18, 2020-07-06, 2021-07-07 and 2021-07-08 are in compliance with the provisions of 37 CFR 1.97.  Accordingly, the information disclosure statements are being considered by the examiner.


Drawings
The drawings are objected to under 37 CFR 1.83 & 1.84(o) because, for Figures 1, 3, and 4, mere numerical references on abstract boxes do not sufficiently aid in the understanding of the invention.  Descriptive labels are required.  Corrected drawing sheets in compliance with 37 


Specification
The disclosure is objected to because claim elements “an object key reader”, “an issuer key reader”, “a key validator”, “a key generator”, and “a key updater” (as all recited in claim 17) are limitations that invoke 35 U.S.C. 112(f); however, the written description only implicitly or inherently sets forth the corresponding structure, material, or acts that perform the claimed functions.
Pursuant to 37 CFR 1.75(d) and MPEP §§ 608.01(o) and 2181, applicant should:

(b)	Amend the written description of the specification such that it expressly recites the corresponding structure, material, or acts that perform the claimed functions and clearly links or associates the structure, material, or acts to the claimed functions, without introducing any new matter (35 U.S.C. 132(a)); or
(c)	State on the record what corresponding structure, material, or acts, which are implicitly or inherently set forth in the written description of the specification, perform the claimed functions.


35 USC § 112(f)
The following is a quotation of 35 U.S.C. 112(f):
ELEMENT IN CLAIM FOR A COMBINATION.—An element in a claim for a combination may be expressed as a means or step for performing a specified function without the recital of structure, material, or acts in support thereof, and such claim shall be construed to cover the corresponding structure, material, or acts described in the specification and equivalents thereof..


Claim limitations “an object key reader”, “an issuer key reader”, “a key validator”, “a key generator”, and “a key updater” (as all recited in claim 17) have been interpreted under 35 U.S.C. 112(f), because they use a non-structural term “key reader/validator/generator/ updater … configured to” coupled with functional language (the functions that the elements are ‘configured to’ perform) without reciting sufficient structure to achieve the functions.  Furthermore, the non-structural terms are not preceded by a structural modifier.

A review of the specification is unclear as to the corresponding structure or acts described in the specification for the 35 U.S.C. 112(f) limitations.  
If applicant wishes to provide further explanation or dispute the examiner’s interpretation of the corresponding structure, applicant must identify the corresponding structure with reference to the specification by page and line number, and to the drawing, if any, by reference characters in response to this Office action. 
If applicant does not wish to have the claim limitations treated under 35 U.S.C. 112(f), applicant may amend the claim so that it will clearly not invoke 35 U.S.C. 112(f) or present a sufficient showing that the claim recites sufficient structure, material, or acts for performing the claimed functions to preclude application of 35 U.S.C. 112(f).
For more information, see Supplementary Examination Guidelines for Determining Compliance with 35 U.S.C. § 112 and for Treatment of Related Issues in Patent Applications, 76 FR 7162, 7167 (Feb. 9, 2011).


Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b) CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.

Claim 17 is rejected under 35 U.S.C. 112(b) as being indefinite for failing to particularly point out and distinctly claim the subject matter which applicant regards as the invention.  Specifically, with regard to claim 17, claim elements “an object key reader”, “an issuer key reader”, “a key validator”, “a key generator”, and “a key updater” are limitations that invoke 35 U.S.C. 112(f).  However, the written description fails to disclose the corresponding structure, material, or acts for performing the entire claimed functions and to clearly link the structure, material, or acts to the functions.  In particular, the Specification does not explicitly disclose what structure performs the claimed functions. 
Applicant may:
(a)        Amend the claim so that the claim limitations will no longer be interpreted as a limitation under 35 U.S.C. 112(f); 
(b)        Amend the written description of the specification such that it expressly recites what structure, material, or acts perform the entire claimed functions, without introducing any new matter (35 U.S.C. 132(a)); or 
(c)        Amend the written description of the specification such that it clearly links the structure, material, or acts disclosed therein to the functions recited in the claim, without introducing any new matter (35 U.S.C. 132(a)).
If applicant is of the opinion that the written description of the specification already implicitly or inherently discloses the corresponding structure, material, or acts and clearly links them to the functions so that one of ordinary skill in the art would recognize what structure, material, or acts perform the claimed functions, applicant should clarify the record by either: 

(b)        Stating on the record what the corresponding structure, material, or acts, which are implicitly or inherently set forth in the written description of the specification, perform the claimed functions.  For more information, see 37 CFR 1.75(d) and MPEP §§ 608.01(o) and 2181.


Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains.  Patentability shall not be negated by the manner in which the invention was made.


The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459 (1966), that are applied for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.

4. Considering objective evidence present in the application indicating obviousness or nonobviousness.

Claims 1, 9, and 17 are rejected under 35 U.S.C. 103 as being unpatentable over Robinson in view of IDRIX (“VeraCrypt User’s Guide”, version 1.0e, hereinafter “IDRIX”).

With respect to independent claim 1, Robinson discloses a method for protecting an object from unauthorized copying, comprising:
providing a key generator for the object {col. 10, ll. 5-12: “symmetric key Kin can be randomly generated at the device 110”}.
producing a first and second keys {col. 10, ll. 20-22: “inner layer encryption key Kin may itself optionally be split into two or more shares to add additional security to the online secure container 300”} and a lock for the first and second keys {col. 10, ll. 3-5: “inner layer protection 330 of the exemplary online secure container 300”}.
storing the first key in the object {col. 10, ll. 39-41: “the device share Kin is stored as content protected by the outer layer ciphertext of the container”}.
storing the second key … separate from the object {col. 10, ll. 29-34: “a password share Kin2 (see U.S. patent application Ser. No. 14/577,206, filed Dec. 19, 2014, entitled "Protection of a Secret on a Mobile Device Using a Secret-Splitting Technique with a Fixed User Share", now U.S. Pat. No. 9,455,968)” and/or “server share Kin3 (possibly stored at the OAS server 160)”}
reading the first and second keys {col. 10, ll. 28-38: “Kin can be reconstructed either in offline mode by combining Kin1 and Kin2, or in online mode by combining Kin1 and Kin3”}.
joining the first and second keys {col. 10, ll. 28-38: “Kin can be reconstructed either in offline mode by combining Kin1 and Kin2, or in online mode by combining Kin1 and Kin3”}.
opening the lock by … the joined first and second keys {col. 16, ll. 40-42: “the device 110 decrypts the online inner container using Kin and gets the plaintext contents of the online container.”}.
producing a new time key, a third and fourth keys and a new lock {col. 11, ll. 26-35: “every time the online secure container 300 is read and the middle container is retrieved from the OAS server 160, the inner key Kin is rotated to a fresh new key Kin' so that the new inner layer ciphertext is refreshed when the data is written back in the container”}.
invalidating the first and second keys with the new lock {col. 11, ll. 26-36: “event-based proactivization techniques” wherein “the new inner layer ciphertext is refreshed when the data is written back in the container”}.
replacing the first key in the object with the third key {col. 10, ll. 39-41; col. 11, ll. 26-35: “the device share Kin is stored as content protected by the outer layer ciphertext of the container”, which is similarly applicable “to a fresh new key Kin'”}.
replacing … the second key … with … the fourth key {col. 10, ll. 39-41; col. 11, ll. 26-35: “the device share Kin is stored as content protected by the outer layer ciphertext of the container” , which is similarly applicable “to a fresh new key Kin'”}.
Although Robinson teaches splitting an encryption key and replacing it each time it is recombined and used, Robinson does not explicitly disclose that the recombined key is verified by a “time key”; however, IDRIX
storing … a time key in a database separate from the object {pp. 136 & 144: “ASCII string ‘VERA’” and “CRC-32 checksum of the (decrypted) bytes 256–511”}.
opening the lock by a match of decryption on the … keys using the stored time-key {pp. 137 & 144: “Decryption is considered successful if the first 4 bytes of the decrypted data contain the ASCII string ‘VERA’, and if the CRC-32 checksum of the last 256 bytes of the decrypted data (volume header) matches the value located at byte #8 of the decrypted data (this value is unknown to an adversary because it is encrypted – see the section VeraCrypt Volume Format Specification)”}.
replacing … the time key … in the database with the new time key  {p. 144: “CRC-32 checksum of the (decrypted) bytes 256–511” which corresponds to “Concatenated primary and secondary master keys”}.

Robinson and IDRIX are analogous art because they are from the same field of endeavor or problem-solving area of encrypted containers.  Before the effective filing date of the claimed invention, it would have been obvious to one of ordinary skill in the art, having the teachings of Robinson and IDRIX before him or her, to modify/develop the cryptographic system of Robinson’s system to utilize encrypted checksums (i.e. “time key”).  The suggestion and/or motivation for doing so would have been because it enables the application to determine whether the volume has been properly decrypted.  Therefore, it would have been obvious to combine the cryptographic system in Robinson’s system with encrypted checksums to obtain the invention as specified in the instant claim(s).  The Examiner notes that this motivation applies to all dependent and/or otherwise subsequently addressed claims.

mutatis mutandis, to the subject matter of claim 9; therefore, claim 9 is rejected, for similar reasons, under the grounds as set forth for claim 1.

With respect to claim 17, a corresponding reasoning as given earlier in this section with respect to claim 1 applies, mutatis mutandis, to the subject matter of claim 17; therefore, claim 17 is rejected, for similar reasons, under the grounds as set forth for claim 1.


Claims 2-4 and 10-12 are rejected under 35 U.S.C. 103 as being unpatentable over Robinson et al. (US Patent No. 9703965-B1, hereinafter “Robinson”) in view of IDRIX (“VeraCrypt User’s Guide”, version 1.0e, hereinafter “IDRIX”) and Antunovic et al. (US Pre-Grant Publication No. 20170200149-B1, hereinafter “Antunovic”).

With respect to dependent claim 2, although Robinson teaches that the object may be in the form of a card (e.g. col. 19, ll. 58-67), Robinson does not explicitly disclose the structure of the object as one of the Markush elements claimed; however, Antunovic discloses wherein the object is selected from the group consisting of: a passport, a bank card, an electronic travel card, a protected electronic document, a smart TV box, a cable TV box, an automobile, an automobile part, a software license, and digital media {paras. 0003, 0021, and 0099: “’smart’ or ‘chip’ cards 102, 112” including “payment cards, such as credit cards, debit cards, and pre-paid cards” such as “contactless (e.g., London Oyster) cards)”}.

Robinson-IDRIX and Antunovic are analogous art because they are from the same field of endeavor or problem-solving area of secured data containers.  Before the effective filing date of the claimed invention, it would have been obvious to one of ordinary skill in the art, having the teachings of Robinson-IDRIX and Antunovic before him or her, to modify/develop the container of Robinson-IDRIX’s system to be embodied as a smartcard.  The suggestion and/or motivation for doing so would have been because the “use of payment cards, such as credit cards, debit cards, and pre-paid cards, has become ubiquitous”; Antunovic [0003].  Therefore, it would have been obvious to combine the container in Robinson-IDRIX’s system with embodiment as a smartcard to obtain the invention as specified in the instant claim(s).  The Examiner notes that this motivation applies to all dependent and/or otherwise subsequently addressed claims.

With respect to dependent claim 3, Antunovic discloses wherein the bank card is selected from the group consisting of: a credit card, an ATM card, a debit card, a deposit card, and an electronic payment card {paras. 0003, 0021, and 0099: “’smart’ or ‘chip’ cards 102, 112” including “payment cards, such as credit cards, debit cards, and pre-paid cards” such as “contactless (e.g., London Oyster) cards)”}.

With respect to dependent claim 4, Antunovic discloses wherein the electronic travel card is selected from the group consisting of an Oyster card and an Octoplus card {paras. 0003, 0021, and 0099: “’smart’ or ‘chip’ cards 102, 112” including “payment cards, such as credit cards, debit cards, and pre-paid cards” such as “contactless (e.g., London Oyster) cards)”}.

With respect to claims 10-12, a corresponding reasoning as given earlier in this section with respect to claims 2-4 applies, mutatis mutandis, to the subject matter of claims 10-12; therefore, claims 10-12 are rejected, for similar reasons, under the grounds as set forth for claims 2-4.


Claims 5-6 and 13-14 are rejected under 35 U.S.C. 103 as being unpatentable over Robinson et al. (US Patent No. 9703965-B1, hereinafter “Robinson”) in view of IDRIX (“VeraCrypt User’s Guide”, version 1.0e, hereinafter “IDRIX”), Antunovic et al. (US Pre-Grant Publication No. 20170200149-B1, hereinafter “Antunovic”), and Adam et al. (US Pre-Grant Publication No. 20160269106-B1, hereinafter “Adam”).

With respect to dependent claim 5, although Robinson teaches that the object may be in the form of a card (e.g. col. 19, ll. 58-67), Robinson does not explicitly disclose the structure of the object as one of the Markush elements claimed; however, Adam discloses wherein the software license is selected from the group consisting of a program license, an automation software license, an operating system license, and a mobile phone app {para. 0056: “video stream along with an encrypted license key”; note that this is also rendered obvious by virtue of the disclosure of other Markush group elements}.

Robinson-IDRIX-Antunovic and Adam are analogous art because they are from the same field of endeavor or problem-solving area of secured data containers.  Before the effective filing date of the claimed invention, it would have been obvious to one of ordinary skill in the art, having the teachings of Robinson-IDRIX-Antunovic and Adam before him or her, to modify/develop the container of Robinson-IDRIX-Antunovic’s system to be embodied as a video license.  The suggestion and/or motivation for doing so would have been because it enables protection of video content, e.g. digital rights managment.  Therefore, it would have been obvious to combine the container in Robinson-IDRIX-Antunovic’s system with embodiment as a video license to obtain the invention as specified in the instant claim(s).  The Examiner notes that this motivation applies to all dependent and/or otherwise subsequently addressed claims.

With respect to dependent claim 6, Adam discloses wherein the digital media is selected from the group consisting of: a game, music, a movie, a video clip, television, and an online television series {para. 0056: “video stream along with an encrypted license key”; note that this is also rendered obvious by virtue of the disclosure of other Markush group elements}.

With respect to claims 13-14, a corresponding reasoning as given earlier in this section with respect to claims 5-6 applies, mutatis mutandis, to the subject matter of claims 13-14; therefore, claims 13-14 are rejected, for similar reasons, under the grounds as set forth for claims 5-6.


Claims 7-8 and 15-16 are rejected under 35 U.S.C. 103 as being unpatentable over Robinson et al. (US Patent No. 9703965-B1, hereinafter “Robinson”) in view of IDRIX (“VeraCrypt User’s Guide", version 1.0e, hereinafter “IDRIX”) and Blakely et al. (US Patent No. 9379890-B1, hereinafter “Blakely”).

With respect to dependent claim 7, although Robinson teaches key generation (e.g. col. 10, ll. 5-12) and separating the [key] into the first and second keys (e.g. col. 10, ll. 20-22), Robinson does not explicitly disclose that the key(s) is/are generated from encrypted user account information; however, Blakely discloses wherein the [key is] produced by encrypting account information with a time related password or time-key {col. 15, l. 59 – col. 16, l. 10: “the encrypted data key is generated by encrypting the data key using an account key” and “an encrypted account key, where the encrypted account key is generated by encrypting the account key using a master key”}.

Robinson-IDRIX and Blakely are analogous art because they are from the same field of endeavor or problem-solving area of key management.  Before the effective filing date of the claimed invention, it would have been obvious to one of ordinary skill in the art, having the teachings of Robinson-IDRIX and Blakely before him or her, to modify/develop the initial key generation (corresponding to the claimed combination of the first and second key) of Robinson-IDRIX’s system to utilize an account key for generation of the initial key.  The suggestion and/or motivation for doing so would have been because it is merely combining prior art elements according to known methods to yield predictable results, i.e. a secure mechanism for generating the initial key that also links it a particular user account.  Therefore, it would have Robinson-IDRIX’s system with an account key for generation of the initial key to obtain the invention as specified in the instant claim(s).  The Examiner notes that this motivation applies to all dependent and/or otherwise subsequently addressed claims.

With respect to dependent claim 8, Blakely discloses wherein the account information is account information of a user of the object {col. 8, ll. 37-50: “each customer account is assigned an account key”}.

With respect to claims 15-16, a corresponding reasoning as given earlier in this section with respect to claims 7-8 applies, mutatis mutandis, to the subject matter of claims 15-16; therefore, claims 15-16 are rejected, for similar reasons, under the grounds as set forth for claims 7-8.


Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool.  To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.  
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Ashok Patel can be reached on 571-272-3972.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov.  Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free).  If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/Kevin Bechtel/
Primary Examiner, Art Unit 2491