DETAILED ACTION
Notice of Pre-AIA  or AIA  Status

1.  The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Response to Amendment
2.  This is in response to the amendments filed on 7/6/2021. Claims 1 and 3-15 have been amended. Claims 1, 3, 5-8, 10-12, and 14-15 are currently pending and have been considered below.

Examiner’s Amendment
3. An examiner’s amendment to the record appears below. Should the changes and/or additions be unacceptable to applicant, an amendment may be filed as provided by 37 CFR 1.312. To ensure consideration of such an amendment, it MUST be submitted no later than the payment of the issue fee.

Authorization for this examiner’s amendment was given in via electronic correspondence on 8/19/2021 in response to an Examiner Initiated Interview with Michael A. Dryja, Reg. No. 39,662 on 8/18/2021.

Please amend only claims 1-4, 8-9, and 12:

		1.	(currently amended)  A method comprising:

		responsive and subsequent to receipt of the request, verifying, by the service and using the credential, that the local process is authorized to access the encryption function specified in the encryption request; 
		responsive and subsequent to verification, performing, by the service, the encryption function specified in the encryption request using a security key unique to the system, without exposing the security key to the local process, to generate a result of the encryption function; and
		subsequent to performance of the encryption function[[,]]:			providing, by the service, a first segment of the result of the encryption function to the local process via the secure channel;			storing, by the service, a second segment of the result of the encryption function within a secure location accessible by the service; and			providing, by the service, a third segment of the result of the encryption function to a trusted third party,		wherein the provided data is decryptable from any two of the first, second, and third segments.

		2.	(cancelled)  

		3.	(currently amended)  The method of claim 1, where 

		4.	(cancelled)

		5.	(previously presented)  The method of claim 1, further comprising generating the security key during an initial setup of the system.  



		7.	(previously presented)  The method of claim 1, where the credential associated with the local process is a path associated with the local process, a process identifier, or proof of access to a system file.  

		8.	(currently amended)  A system comprising:
		a secure storage to store a security key unique to the system; and
		an encryption service to perform encryption and decryption using the security key for local processes executable on the system by:		 	receiving an encryption request from a local process via a secure channel, where the encryption service is not the local process, the encryption request includes a credential associated with the local process, the encryption request provides data and specifies an encryption function that is requested to be performed by the service on the data, and the encryption function is to encrypt 
			responsive and subsequent to receipt of the request, verifying, using the credential, that the local process is authorized to access the encryption function specified in the encryption request; 
			responsive and subsequent to verification, performing the encryption function specified in the encryption request using the security key, without exposing the security key to the local process, to generate a result of the encryption function; and			subsequent to performance of the encryption function[[,]]:				providing a first segment of the result of the encryption function to the local process;				storing a second segment of the result of the encryption function within the secure storage; and				providing a third segment of the result of the encryption function to a trusted third party,		wherein the provided data is decryptable from any two of the first, second, and third segments.

		9.	(cancelled)



		11.	(previously presented)  The system of claim 8, where the encryption services verifies that the local process is authorized to access the encryption function also based on a current time, a date, whether an application is operating on the system, whether a time-to-live has expired, and/or how many times data has been decrypted. 

		12.	(currently amended)  A non-transitory computer-readable medium storing processor executable instructions that when executed causes a service of a system to:
		receive, via a secure channel, an encryption request from a local process, where the service is not the local process, where the encryption request identifies a credential associated with the local process, a data string, and an encryption function that is requested to be performed by the service on the data string, and where the encryption function is to encrypt 
		responsive and subsequent to receipt of the encryption request, verify that the local process is authorized to access the encryption function based on the credential associated with the local process; 
		responsive and subsequent to verification
			perform the encryption function on the data string using a security key unique to the system to encrypt the data string, without exposing the security key to the local process, to generate an encrypted string; and
			subsequent to performance of the encryption function[[,]]:				provide a first segment of the encrypted string store a second segment of the encrypted string within a secure location accessible by the service;				provide a third segment of the encrypted string to a trusted third party,		wherein the data string is decryptable from any two of the first, second, and third segments 


		13.	(cancelled)

		14.	 (previously presented)  The non-transitory computer-readable medium of claim 12, where the instructions further cause the service to provide a credential to the local process. 

		15.	(previously presented)  The non-transitory computer-readable medium of claim 12, where whether the local process is authorized to access the encryption function further depends on a current time, a date, whether a security process is being co-executed by the processor, whether a time-to-live has expired, and/or how many times the data string has been decrypted.  

Allowable Subject Matter
4.    Claims 1, 3, 5-8, 10-12, and 14-15 are allowed as amended.

Examiner’s Reason for Allowance
5.    The following is an examiner’s statement of reasons for allowance: The examiner finds novel the feature of submitting an encryption request from a local process via a secure channel performed by the service on the data whereby the service does not use the security key to the local process.  The closest prior art being "Chu" (US 20160234176 A1), “Fujibayashi” (US 20070180239 A1), “Roth” (US 9887836 B1), and Chu discloses a method of an electronic device having a secure element using a personal identification number in the trusted execution environment; collecting data related to personal information of a user, after obtaining the ownership; encrypting the data in the secure element; and outputting the encrypted data to an external server. Fujibayashi discloses a storage system including: a host interface connected via a network to a host computer; a disk interface connected to a disk drive; a memory module that stores control information of a cache memory for an access to the disk drive and the storage system; a processor that controls the storage system. Roth discloses a cryptography service allows for management of cryptographic keys in multiple environments. The service allows for specification of policies applicable to cryptographic keys, such as what cryptographic algorithms should be used in which contexts. In some contexts, the cryptography service, upon receiving a request for a key, provides a referral to another system to obtain the key. Newly cited “Chow” discloses a computer-implemented devices, apparatuses, and processes that, among other things, perform dynamic biometric authentication based on distributed ledger data. A device may compute a first hash value based on first biometric data captured by a sensor unit, and may transmit a request to, and receive a response from, a computing system across a communications network via the communications unit.
 
6.   What is missing from the prior art of record is a computer-readable storage media, a method, and a system whereby responsive and subsequent to verification, performing, by the service, the encryption function specified in the encryption request using a security key unique to the system, without exposing the security key to the local 

Thus the prior art does not teach or suggest, either individually or in combination, the subject matter as claimed in claims 1 and 3-15. Therefore claims 11 and 3-15 are deemed allowable over the prior art of record. The corresponding depending claims that further limit claims 1 and 3-15 also contain allowable subject matter by virtue of their dependency.

Any comments considered necessary by applicant must be submitted no later than the payment of the issue fee and, to avoid processing delays, should preferably accompany the issue fee. Such submissions should be clearly labeled “Comments on Statement of Reasons for Allowance.”

Contact Information
Any inquiry concerning this communication or earlier communications from the examiner should be directed to WILLIAM B. JONES whose telephone number is (571) 272-9637.  The examiner can normally be reached on Mon - Fri., 5:30 a.m. to 2:00 p.m.  If attempts to reach the examiner by telephone are unsuccessful, the examiner’s 
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

 /WILLIAM B JONES/Examiner, Art Unit 2491
/ASHOKKUMAR B PATEL/Supervisory Patent Examiner, Art Unit 2491