DETAILED ACTION
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Response to Amendment
This is a reply to the amendment filed on 06/15/2021, in which, claim(s) 1-25 are pending. Claim(s) 1 and 23-25 are amended. No claim(s) are cancelled or newly added.

Examiner’s Note
The claim status identifier for claim 25 of the amendment filed on 06/15/2021 should be (Currently Amended) instead of (Original) since the claim 25 is amended.

Information Disclosure Statement
The information disclosure statement (IDS) submitted on 03/15/2021 has been reviewed.  The submission is in compliance with the provisions of 37 CFR 1.97.  Accordingly, the information disclosure statement is being considered by the examiner.

Response to Arguments
Claim Objection: 
Applicant’s arguments with respect to objection of claim(s) 24 have been considered. The objection of claim(s) 24 have been withdrawn in view of the amendment to claim.

Claim Rejections - 35 U.S.C. § 101:
Applicants’ arguments with respect to claim(s) 23-24 have been fully considered and are persuasive.  The rejection of 35 USC §101 regarding claim(s) 23-24 have been withdrawn in view of the amendment to claim. 

Claim Rejections - 35 U.S.C. § 102 and 35 U.S.C. § 103:
Applicant’s arguments with respect to the rejection of claim(s) 1-25 have been considered but are moot in view of the new ground(s) of rejection.

Applicant is encouraged to schedule an interview with the Examiner prior to the next communication to compact prosecution of the case.

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains.  Patentability shall not be negated by the manner in which the invention was made.

In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
Claims 1-9, 11, 18-21, and 23-25 are rejected under 35 U.S.C. 103 as being unpatentable over Hauge et al. (US 2006/0269063 A1) in view of John A. Nix (US 2018/0144147 A1) further in view of Rostin et al. (US 2006/0177056 A1).
Regarding Claims 1, 23 and 25, Hauge discloses
accessing, by a first entity ([0048], “the four dynamically generated program keys PK (these four 128 bit random numbers) stored in the active portion of the memory 66 (as part of a first entity) are currently being used (i.e. accessed by the first entity)”), an random number generated by a second entity ([0048], “random numbers from the random number generator 62 (i.e. the second entity)”); 
instructing to store the random number on the first entity ([0048], “stores these four 128 bit random numbers as four dynamically generated program keys in … memory 66”);
Hauge does not explicitly teach but Nix teaches
the random number is an entropy-based random number ([0013], “a source of information entropy or noise used to generate a random number”); and 
based on a deterministic algorithm ([0236], “utilize deterministic ECDSA 158”, “Elliptic Curve Digital Signature Algorithm (ECDSA)”): 
seeding a random number generator with the generated seed to generate one or more cryptographic objects ([0091], “The random number generator 128 in module 101 can include a random number generator seed 128b”, i.e. the generator is seeding with the seed, [0115], “where the output is a seemingly random number”, i.e. crypto object).  
Hauge and Nix are analogous art as they are in the same field of endeavor of 
The combined teaching of Hauge and Nix does not explicitly teach but Rostin teaches interacting with a security module (SM) to generate a seed according to both a reference key of the SM and the random number ([0032], “The SSGP server”, “generates a seed 226 by applying a hash function 224 to a combination of the two random numbers 210 and 212 and its public key”),
Hauge, Nix and Rostin are analogous art as they are in the same field of endeavor of information security. It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Rostin with the combined teaching of Hauge and Nix. The motivation/suggestion would have been for secure generation of a seed for use in performing one or more cryptographic operations (Rostin, Abstract).

Regarding Claim 2, the combined teaching of Hauge, Nix and Rostin teaches
using at least one of the one or more cryptographic objects to perform a cryptographic operation (Nix, [0022], “the cryptographic unit to perform digital signature operations with the private key”); and 
deleting one or more of the cryptographic objects previously generated (Nix, [0057], “Storage unit 109 (with the keys) … can be physically loaded or physically removed”, i.e. deleted).

Regarding Claim 3, the combined teaching of Hauge, Nix and Rostin teaches regenerating one or more previously deleted cryptographic objects by: 
accessing the stored random number (Nix, [0013], “a source of information entropy or noise used to generate a random number”, [0021], “The cryptographic unit can generate a random number using the noise amplifying memory”); and 
based on the deterministic algorithm (Nix, [0236], “utilize deterministic ECDSA 158”, “Elliptic Curve Digital Signature Algorithm (ECDSA)”): 
interacting with the SM to regenerate the seed according to both the reference key and the previously stored random number (Rostin, [0032], “The SSGP server”, “generates a seed 226 by applying a hash function 224 to a combination of the two random numbers 210 and 212 and its public key”); and 
seeding the random number generator with the regenerated seed, and using one or more of the regenerated cryptographic objects to perform the cryptographic operation (Nix, [0091], “The random number generator 128 in module 101 can include a random number generator seed 128b”, i.e. the generator is seeding with the seed, [0115], “where the output is a seemingly random number”, i.e. crypto object).

Regarding Claim 4, the combined teaching of Hauge, Nix and Rostin teaches at the SM, deriving said reference key based on a key of a deeper key hierarchy level of a key hierarchy in the SM, prior to generating the seed (Rostin, [0037], “The generated seed may be generated, for example, based on a combination of a 

Regarding Claim 5, the combined teaching of Hauge, Nix and Rostin teaches 
wherein said random number is a first random number (Nix, [0021], “The cryptographic unit can generate a random number), and the method further comprises, prior to generating the seed: 
accessing a second entropy-based random number (Nix, [0021], “generate (second) a random number using the noise amplifying memory”); 
instructing to store the second random number (Nix, Abstract, “The removable data storage unit” to store the second random number); and 
interacting with the SM for it to derive said reference key using both the second random number and the key of the deeper key hierarchy level (Nix, [0021], “The random number and cryptographic parameters can be subsequently input into a key generation algorithm to derive a PKI key pair comprising a private key and a public key).  

Regarding Claim 6, the combined teaching of Hauge, Nix and Rostin teaches wherein the random number generator is seeded to generate two cryptographic objects including a private key and a public key, and the method further comprises: sending out the public key and using the private key to perform a cryptographic operation (Nix, [0091], “a random number generator seed”, [0021], “The random number and cryptographic parameters can be subsequently input into a key generation algorithm to derive a PKI key pair comprising a private key and a public key. The private key can be recorded in protected memory accessible only to the cryptographic unit, and the public key along with an identity transmitted by the cryptographic unit through an external electrical interface of the storage unit”, [0022], “the cryptographic unit to perform digital signature operations with the private key”).

Regarding Claim 7, the combined teaching of Hauge, Nix and Rostin teaches wherein sending out the public key comprises sending the public key to a certificate authority for it to issue a digital certificate for said public key (Nix, [0022], “A certificate authority can subsequently receive the public key and identity, while also recording the cryptographic parameters used to generate the PKI keys, and issue a (digital) certificate for the public key”).  

Regarding Claim 8, the combined teaching of Hauge, Nix and Rostin teaches wherein accessing the random number, generating the seed (Rostin, [0032], “The SSGP server”, “generates a seed”), and seeding the random number generator are performed by a client communicating with said SM, whereby the public key is sent from the client to the certificate authority (Nix, [0022], “A certificate authority can subsequently receive the public key and identity”, [0052], “a client”, [0082], “an http client”, “Cryptographic unit”, [0084], “Additional remote computers with which module 

Regarding Claim 9, the combined teaching of Hauge, Nix and Rostin teaches at the client, instructing to store the public key on an external storage system that is distinct from the client (Nix, [0021], “The random number and cryptographic parameters can be subsequently input into a key generation algorithm to derive a PKI key pair comprising a private key and a public key”, “the public key along with an identity transmitted by the cryptographic unit through an external electrical interface of the storage unit”).

Regarding Claim 11, the combined teaching of Hauge, Nix and Rostin teaches wherein the steps of accessing the random number, generating the seed (Rostin, [0032], “generates a seed”), and seeding the random number generator are carried out in a container (Nix, [0084], “Additional remote computers with which module 101 communicates may include another module 101 or mobile device, an M2M node within a capillary network, a personal computer, other servers, a client, a router, a network PC, a peer device, a wireless network 102, or other common network node”, i.e. carried out in a container).  

Regarding Claim 18, the combined teaching of Hauge, Nix and Rostin teaches prior to accessing said entropy-based random number, instructing to generate said entropy-based random number (Nix, [0013], “a source of information entropy or noise used to generate a random number”, [0021], “The cryptographic unit can generate a random number using the noise amplifying memory”).

Regarding Claim 19, the combined teaching of Hauge, Nix and Rostin teaches wherein interacting with the SM comprises: 
forwarding the random number accessed to the SM (Rostin, [0031], “sends the encrypted random number”); 
instructing the SM to generate the seed according to the random number forwarded to it and the reference key (Rostin, [0032], “generates a seed 226 by applying a hash function 224 to a combination of the two random numbers 210 and 212 and its public key”); and 
receiving the generated seed (Rostin, [0032], “sends the generated seed”).  

Regarding Claim 20, the combined teaching of Hauge, Nix and Rostin teaches
wherein said seed is generated by encrypting the random number using the reference key (Rostin, [0031], “generates a random number 212 and encrypts it in operation 216 with the public key”).  

Regarding Claim 21, the combined teaching of Hauge, Nix and Rostin teaches
wherein the reference key as used to generate the seed is a key pre-loaded on the SM (Nix, [0101], “secret symmetric key can be uniquely associated with cryptographic unit …and can also be (pre-) loaded in storage unit”).

Regarding Claim 24, the combined teaching of Hauge, Nix and Rostin teaches a subsystem configured to interact with the SM, the subsystem and the SM being distinct from one another (Nix, [0021], “the public key along with an identity transmitted by the cryptographic unit through an external electrical interface of the storage unit”).

Claims 12-15 are rejected under 35 U.S.C. 103 as being unpatentable over Hauge et al. (US 2006/0269063 A1) in view of John A. Nix (US 2018/0144147 A1) further in view of Rostin et al. (US 2006/0177056 A1) and further in view of Richard L. Brown (US 2013/0136255 A1).
Regarding Claim 12, the combined teaching of Hauge, Nix and Rostin teaches whereby the method comprises, at said each client: 
accessing the entropy-based random number (Nix, [0013], “a source of information entropy or noise used to generate a random number”, [0021], “The cryptographic unit can generate a random number using the noise amplifying memory”); 
instructing to store this random number (Nix, Abstract, “The removable data storage unit can include a nonvolatile memory, a noise amplifying memory, and a cryptographic unit”, “The cryptographic unit can (i) generate a random number”); and 
based on the deterministic algorithm (Nix, [0236], “utilize deterministic ECDSA 158”, “Elliptic Curve Digital Signature Algorithm (ECDSA)”):  
interacting with a SM to generate a seed according to the random number accessed and a reference key of the SM (Rostin, [0032], “The SSGP server”, “generates a seed 226 by applying a hash function 224 to a combination of the two random numbers 210 and 212 and its public key”); and 
seeding a random number generator with the generated seed to generate the one or more cryptographic objects (Nix, [0091], “The random number generator 128 in module 101 can include a random number generator seed 128b”, i.e. the generator is seeding with the seed, [0115], “where the output is a seemingly random number”, i.e. crypto object).  
The combined teaching of Hauge, Nix and Rostin does not explicitly teach but Brown teaches wherein the steps of the method are concurrently performed at each client of a set of clients, each communicating with a SM ([0036], “an organization may provide its members secret keys for encryption purposes, but retain a backup copy of the secret keys. The organization may use a deterministic pseudorandom number generator to generate secret keys for members”, i.e. each client of a set of clients),
Hauge, Nix, Rostin and Brown are analogous art as they are in the same field of endeavor of information security. It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Brown with the combined teaching of Hauge, Nix and Rostin. The motivation/suggestion would have been to enable secure communication over public channels (Brown, [0001]).

Regarding Claim 13, the combined teaching of Hauge, Nix, Rostin and Brown wherein the deterministic algorithm and the random number accessed are the same for each of the clients of the set, whereby the same one or more cryptographic objects are generated at each of the clients of the set (Brown, [0036], “an organization may provide its members secret keys for encryption purposes, but retain a backup copy of the secret keys. The organization may use a deterministic pseudorandom number generator to generate secret keys for members”, i.e. each client of a set of clients).  

Regarding Claim 14, the combined teaching of Hauge, Nix, Rostin and Brown teaches concurrently at the clients (Brown, [0036]) and prior to accessing the entropy-based random number, receiving entropy-based random numbers from one or more certificate authorities (Nix, [0061], “receive storage unit 109 (with random number) from a certificate authority 118”).  

Regarding Claim 15, the combined teaching of Hauge, Nix, Rostin and Brown teaches at each of the clients of the set (Brown, [0036]), using one or each of the one or more cryptographic objects generated to perform a cryptographic operation (Nix, [0022], “the cryptographic unit to perform digital signature operations with the private key”).

Claim 22 is rejected under 35 U.S.C. 103 as being unpatentable over Hauge et al. (US 2006/0269063 A1) in view of John A. Nix (US 2018/0144147 A1) further in view of Rostin et al. (US 2006/0177056 A1) and further in view of Cachin et al. (US .
Regarding Claim 22, the combined teaching of Hauge, Nix and Rostin teaches
wherein the SM further comprises a first key pre-loaded on the SM as a non-extractable token object (Nix, [0101], “secret symmetric key can be uniquely associated with cryptographic unit …and can also be (pre-) loaded in storage unit”); and using the unwrapped key to generate the seed (Rostin, [0032], “generates a seed 226 by applying a hash function 224 to a combination of the two random numbers 210 and 212 and its public key”),
The combined teaching of Hauge, Nix and Rostin does not explicitly teach but Cachin teaches importing a second key in a wrapped state in the SM; using the first key to unwrap the second key ([0072], “use his/her private key to unwrap the business symmetric keys”).
Hauge, Nix, Rostin and Cachin are analogous art as they are in the same field of endeavor of information security. It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Cachin with the combined teaching of Hauge, Nix and Rostin. The motivation/suggestion would have been for automated validation and execution of cryptographic key (Cachin, Abstract).

Allowable Subject Matter
Claims 10, and 16-17 are objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims.


Conclusion
Applicants are encouraged to take advantage of the After Final Consideration Pilot 2.0 (AFCP 2.0) which authorizes non-production time for consideration of responses filed after a final rejection. The purpose of the pilot is to compact prosecution of the case. The request must include 1) A signed AFCP request form (PTO/SB/434 or equivalent) that includes a statement that applicant is requesting consideration under .
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to CHENG-FENG HUANG whose telephone number is (571)272-6186.  The examiner can normally be reached on Monday-Friday: 9 am - 5 
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Eleni A Shiferaw can be reached on (571) 272-3867.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.






/CHENG-FENG HUANG/Primary Examiner, Art Unit 2497