DETAILED ACTION

Response to Arguments
Applicant's arguments are moot based on the new grounds of rejection necessitated by applicants amended claim scope.

Election/Restrictions
Examiner acknowledges applicant's election response.  As such, examiner is withdrawing claims 8-14 on the basis previously presented in the restriction requirement dated 4/30/2021.


Claim Rejections - 35 USC § 112
The previous 112 rejections to claim 2 are withdrawn in view of applicant's amended claim language.

The following is a quotation of the first paragraph of 35 U.S.C. 112(a):
(a) IN GENERAL.—The specification shall contain a written description of the invention, and of the manner and process of making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it pertains, or with which it is most nearly connected, to make and use the same, and shall set forth the best mode contemplated by the inventor or joint inventor of carrying out the invention.

The following is a quotation of the first paragraph of pre-AIA  35 U.S.C. 112:
The specification shall contain a written description of the invention, and of the manner and process of making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it pertains, or with which it is most nearly connected, to make and use the same, and shall set forth the best mode contemplated by the inventor of carrying out his invention.

Claims 1-7 are rejected under 35 U.S.C. 112(a) or 35 U.S.C. 112 (pre-AIA ), first paragraph, as failing to comply with the written description requirement. The claim(s) contains subject matter which was not described in the specification in such a way as to reasonably convey to one skilled in the relevant art that the inventor or a joint inventor, or for applications subject to pre-AIA  35 U.S.C. 112, the inventor(s), at the time the application was filed, had possession of the claimed invention. Examiner finds no written support for the amended limitation in claim 1 of renewing the secret….by the SMS without being prompted by the node.
Claims 2-7 are further rejected because they depend from rejected claim 1.




Claim Rejections - 35 USC § 101
35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.

Claims 1-7 are rejected under 35 U.S.C. 101 because 
the claimed invention is directed to an abstract idea without significantly more. The claim(s) recite(s) claim 1 recites receiving a rollover policy for a secret, installing a secret, pushing a secret, renewing a secret, and releasing the renewed secret.  These limitations amount to methods of organizing human activity wherein the human activity is  keeping and managing secrets This judicial exception is not integrated into a practical application because the additional details of the claim amount to linking the abstract idea to a particular technical field  i.e. implemented by one or more computers  as well as required data gathering to support the abstract idea.
 The claim(s) does/do not include additional elements that are sufficient to amount to significantly more than the judicial exception because the claim elements beyond the abstract idea amount to transmitting, storing, and retrieving a secret according to a rollover policy which correspond to claim elements that are well-understood, routine, and conventional as per the art rejection below.  
Moreover, the claim elements beyond the abstract idea amount to mere instructions to apply  the abstract idea see MPEP 2106.05(f). 
Moreover, the claim elements beyond the abstract idea amount to insignificant extra-solution activity e.g. data gathering and Insignificant application see MPEP 2106.05(g). 

To overcome this 101 rejection, applicant should take care to include in the claim an actual inventive concept.  The claim should include a demonstration of a problem to be solved, elements for solving it,  element of solving it  including one or more inventive elements that demonstrates a novel and inventive concept for solving the problem.  The examiner suggests a claim that readily demonstrates and does not seek to diminish  the problem, the solution, how the solution is realized.  An innovative improvement over the prior art that is readily recognizable should be included in the claims.  This improvement should not require a telephone interview to be explained.  The innovative improvement should be conspicuously apparent in the written text of the claim.     see MPEP 2106.05 (I) and (II)  

Claims 2-7 are further rejected because they depend from a rejected parent claim. 




Allowable Subject Matter
Claim 4 is objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims.

The following is a statement of reasons for the indication of allowable subject matter:  
Mityagin (US 2016/0105283 hereinafter Mityagin) discloses:
tracking, with the SMS, an internal state of the agent
[0077] sever 404 can change the flag value of the candidate security key from 1 to 0

 	a first rollover state
[0075] server 404 can store the newly generated candidate inside server 404 until it is 
determined whether the candidate key would become the active key		

		rollover initiation
[0075] client determines either by itself or after being notified by server 404, a key 
rotation is needed

a second rollover state
[0072] request 408 may be a normal operation request to update information

	rollover complete
[0080] After one round of key rotation process 400 is complete, 402 and 404 may 
communicate with each other using the newly issued key e.g. operation 408

	the second state
Fig 4 430 mark candidate key as new active key for client

		a plurality of other agents  [0068] more than one client device

		and a corresponding internal state for the plurality of agents
Fig 4 436 mark candidate key as new active key  
in view of  [0068] multiple candidate keys can be managed by server 304 when 
performing key rotation for multiple client devices

Although Mityagin discloses that the method of Fig 4 may be used to manage keys for multiple clients, Mityagin is silent with respect to 
whether each of the clients is managed within a single instance of  method 400 indicative of  each client performing a respective Fig 4 step 436 sequentially before the key renewal process is considered concluded thereby allowing normal communications using the new keys to be resumed 

or whether each of the clients key rotation process is independent of each of the other client key rotation processes.  

The former being indicative of the claim limitation and the latter being contrary to the claim limitation.

None of the art searched could cure Mityagin's deficiency.
As such, the prior art of record does not explicitly disclose in light of the other features recited in the independent claims, 
a second rollover state indicating rollover is complete, in response to determining that a corresponding internal state for each of a plurality of agents associated with the service application has been set to the second state.  



 Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459 (1966), that are applied for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.
This application currently names joint inventors. In considering patentability of the claims the examiner presumes that the subject matter of the various claims was commonly owned as of the effective filing date of the claimed invention(s) absent any evidence to the contrary.  Applicant is advised of the obligation under 37 CFR 1.56 to point out the inventor and effective filing dates of each claim that was not commonly owned as of the effective filing date of the later invention in order for the examiner to consider the applicability of 35 U.S.C. 102(b)(2)(C) for any potential 35 U.S.C. 102(a)(2) prior art against the later invention.

Claims  1 and 2    are rejected under 35 U.S.C. 103 as being unpatentable over  Mityagin (US 2016/0105283 hereinafter Mityagin).

As to claim 1,  Mityagin discloses a method for managing secrets, the method comprising: 
receiving, from a customer  [0062] user request
of a provider [0038] service provider
of a distributed computing platform Fig 3 300
comprising nodes  Fig 3 304, 302, 306
configured to execute [0055] executing software
a service application Fig 3 310 client application
for the customer,  [0062] user in view of Fig 4 408 operation request

at a secrets management service ("SMS")    Fig 3 server 304 / Fig 4 server 404
deployed in the distributed computing platform  Fig 3 304, 302, 306, and 300
and configured to orchestrate  Fig 4 408-436
secrets [0020] secret keys
renewal [0024] key rotation i.e. key renewal in view of  Fig 4
and distribution 
[0020] periodically distributing keys from a server to client devices
			to the nodes Fig 3 304, 302, 306
 
a rollover policy 
[0073] security policy dictates (for example) that every security key needs to rotate every 24 hours
in view of [0062] timer module 314 may adjust the key rotation interval depending on dynamic 
factors such as user request in view of Fig 4 412, 414
for a secret [0071] At the outset, client 402 may already have an active security key.  The security key 
may have been installed when the client application was first installed on the client device
of 
[0060] security module 312  works in conjunction with server 304 to insure client access is 
authorized 
and further in [0060]  server 304 may provide device 320 with a key so that application 310 need 
not provide credentials each time it attempts to communication with server 304
the service application; Fig 3 310 client application

installing 
[0071]  Server 404 may also have stored inside it, the identical security key.
the secret [0071] an active security key / the security key
in a first secrets store 
Fig 3 322 Authenticator Module
in view of  [0065] module 322 may include storage 326 and 328
in further view of  [0067] any keys may be places in storage 326 or storage 328
of the SMS; Fig 3 server 304 / Fig 4 server 404

pushing [0071] the security key may have been issued when the client application was first installed
the secret, [0071] an active security key / the security key
from the SMS, [0071] security key issued by server 404
during an initial deployment 
	[0071] the security key may have been issued when the client application was installed
of the service application Fig 3 310 client application
to an agent Fig 3 312 security module in view of  Fig 3 310 includes ACTIVE KEY 316
on a node Fig 3 302 client device
of the nodes Fig 3 304, 302, 306
operated in in the distributed computing platform, Fig 3   300
by the provider [0038] service provider

0071] the security key issued when the client application was first installed
installing
[0071]  The security keys can be stored in client 402 
in view of Fig 3 316 comprised by Fig 3 302 client device
in further view of  [0061] keys 316 may be stored in a secure or obscure location
the secret [0071] an active security key / the security key
in a second secrets store
 [0061] keys 316 (i.e. Fig 3 316 of client) may be stored in a secure or obscure location
in view of Fig 3 316 comprised by Fig 3 302 client device
of the node; Fig 3 302 client device in view of  Fig 3 316 ACTIVE KEY

automatically renewing Fig 4 420 GENERATE CANDIDATE KEY
the secret [0071] an active security key / the security key
in the first secret store, 
Fig 3 322 Authenticator Module
 in view of  [0067] any keys may be places in storage 326 or storage 328  see  Fig 3
by the SMS, Fig 3 server 304 / Fig 4 server 404
[[without being prompted ]]
by the node Fig 3 302 client device
pursuant to [0074] expiration method 412 ….timer 414 may inform client when key needs to be rotated
the rollover policy,
[0073] security policy dictates (for example) that every security key needs to rotate every 24 hours
in view of [0062] timer module 314 may adjust the key rotation interval depending on dynamic 
factors such as user request in view of Fig 4 412, 414
thereby obtaining a renewed secret; [0075] server 404 can generate a candidate key (in step 420)

and in response to Fig 4 422 follows Fig 4 418
receiving a periodic [0087] the timer periodically triggering the client device to renew the security key
polling request Fig 4 418
from a credentials management component Fig 3 308 COMMUNICATIONS INTERFACE
associated with the agent, Fig 3 312 security module
releasing [0075] Server 404 may then issue the generated candidate key to client 402
the renewed secret [0075] candidate key
to the credentials management component. Fig 3 308 COMMUNICATIONS INTERFACE



Before the effective filing date, it would have been obvious to a person having ordinary skill in the art to combine the teachings of Mityagin  to arrive at the claim limitation of :
automatically renewing  the secret  in the first secret store, by the SMS without being prompted 

because in  [0080] and Fig 4 410, Mityagin teaches that the server may initiate key rotation, as such one of ordinary skill in the art would find it obvious to that Fig 4 410 may serve as the claimed prompt or that Fig 4 418 may be sent form sever 404 to sever 404 upon key expiration or that Timer 414 may be separate from client 402 and issue message 418 from a location other than client 402 because it is know that in a distributed networked system component may be located in different combinations, the different configurations being obvious variations of the embodiments shown in Fig 4

As to claim 2,  Mityagin discloses 
wherein the service application Fig 3 310 client application
is associated with a service model or file
[0068] Active key storage 326 may store more than one active security keys
that references a location 
Fig 4 steps 430 and steps 436 mark candidate key as new active key
in view of [0068] Active key storage 326 may store more than one active security keys
in other words after Fig 4 428 KEY RECEIPT CONFIRMATION, the active key 
database 326 is updated to reflect active key 316 which is the current key of client app 310 
which corresponds to the claimed references a location 
because the client may only use the active key to for operations with the server when the client's 
active key matches the server's active key stored in Fig 3 326 active key storage i.e. references a location
of the secret  [0071] an active security key / the security key
in the first secrets store  instead of a version of the secret
Fig 3 322 Authenticator Module
 in view of  [0067] any keys may be places in storage 326 or storage 328  see  Fig 3





Claims  3 and 5    are rejected under 35 U.S.C. 103 as being unpatentable over  Mityagin in view of    Li et al (US 2020/0235945 hereinafter Li)

As to claim 3, Mityagin    teaches all the subject matter pointed out in the above 102 rejection of parent claim 1.


As to claim 3,  Mityagin discloses 
tracking, [0077] sever 404 can change the active flag value of the candidate security key from 1 to 0
with the SMS,  Fig 3 server 304 / Fig 4 server 404
an internal state  [0077] active flag
of the agent,  Fig 3 312 security module

wherein tracking comprises: 
setting a first state 
	[0076] message 428 can be doubly encrypted with the old key and the new key to prove 
to the server that message 428 originates from trusted source
of the agent  Fig 3 312 security module
indicating delivery  
[0076]  confirmation 428 signifies to server 404 that client 402 has received the 
candidate key
of the renewed secret  [0075] candidate key
to the agent,  Fig 3 312 security module
in response to delivering  Fig 422 ISSUE CANDIDATE KEY message
the renewed secret  [0075] candidate key
to the agent;  Fig 3 312 security module

and setting a second state  Fig 4 430 mark candidate key as new active key for client
of the agent  Fig 3 312 security module
indicating the delivery is confirmed,  
[0077] if server 404 determines client 402 is indeed in possession of the correct candidate 
key, server 404 can mark the candidate security key that it is storing as the new active key.
0076] when server 404 receives confirmation message 428
in a subsequent Fig 4 428 	follows Fig 4 418
periodic [0087] the timer periodically triggering the client to renew the security key
polling Fig 4 428 may be interpreted as at least a request  for Fig 4 434 
ACKNOWLEDGMENT which corresponds to the claimed  polling
request,  Fig 4 428 KEY RECEIPT CONFIRATION
[[metadata]] [0076] client 402 may include the newly received candidate key in message 428
indicating the renewed secret  [0075] candidate key
is installed  [0076] that the trusted source is now in possession of the newly issued security key
in the second secret store 
[0061] keys 316 may be stored in a secure or obscure location
in view of  Fig 3 316
of the node. Fig 3 302 client device

Mityagin does not disclose 
receiving metadata indicating that the renewed secret is installed in the second secret store of the node
Li teaches
	Fig 1 107 TA entity 
corresponding to   Mityagin's Fig 3 312 security module 
according to  Li[0052] TA entity 107 configured to provide a security function to a client application

Fig 1 105 SE  +  Fig 1 101 Server
corresponding to   Mityagin's Fig 3 304 server 
according to  Li [0051] stating  SE 105 corresponds to a server 
 and Li [0085] – [0087] wherein Li teaches that Fig 1 105 SE receives a key update request from 
the TA entity 107 and subsequently requests a new key from Server 101 to then provides a new key generated by Server 101 to client, TA entity 107

Fig 1 Secure channel
 corresponding to  Mityagin's [0060] secure channel using SSL over Fig 3 306 for network 
    communications therebetween
    
More particularly Li teaches in:
	[0079] – [0082] the TA entity 107 determines if the current key is valid by checking an expiration timer 
and if so, issues [0082] key update request	
corresponding to   Mityagin's [0074] wherein client 402 determines a new key is necessary based on a an 
expiration of timer 414 and if so, issues Fig 4 418 KEY 
RENEWAL REQUEST

[0085] the target SD receiving the key update request from the TA entity
corresponding to   Mityagin's Fig 4 418 KEY RENEWAL REQUEST

[0087] the target SD then sends the new key to the TA entity
	corresponding to   Mityagin's Fig 4 422 ISSUE CANDIDATE KEY

	[0086] and [0089] determine whether a version number of the first key included in the key update request 
sent by the TA matches with a version number that is stored in the SE

therefore 
Mityagin combined with Li teaches
receiving metadata indicating that the renewed secret is installed in the second secret store of the node



because 
Li teaches that a version number of a key may be compared to a version number of a 2nd key to determine if the key and the 2nd key are the same key.  Whereas Mityagin teaches that the keys can be compared or a hash of the keys can be compared to determine if the key of the client matches the key of the server, Li provides a different method to establish the same,  which is to compare version numbers of keys.

Therefore, Li teaches the claimed metadata indicating the renewed secret is installed (i.e. key version number)
	
Although Mityagin does not particularly state that version numbers of keys may be compared to determine if the keys are the same, Mityagin is suggestive that version numbers of keys may be compared to determine if the keys are the same.  For example, Mityagin teaches in:
	[0035] that  file version control that tracks different versions of files
 [0039] that   content management system 106 can verify security keys
and in  [0021] that  the term 'security key' may refer a file that contains the key value

As such, before the effective filing date, it would have been obvious to a person having ordinary skill in the art to combine the teachings of Mityagin  with those of Li as elements previously known in the prior art combined to yield predictable results. Mityagin is directed to a method of automatic security key rotation shown in Fig 4, the key issuance process being triggered by a key expiration timer.  Li is also directed to a method of automatic security key rotation also wherein the key issuance process being triggered by a key expiration timer.   Mityagin teaches a comparison of the key included in Fig 4 step 428 to the key stored in Sever 404 to verify that client 402 is indeed in possession of  the same key issued to the client by the server in Fig 4 step 422.  In [0076], Mityagin discloses more than one embodiment of the verification including key comparison, key hash comparison, and successful message decryption.  However, Mityagin does not particularly disclose an embodiment of metadata comparison.  Li cures Mityagin's deficiency to arrive at the claimed invention by teaching metadata comparison to establish key possession. 

As to claim 5,  Mityagin discloses wherein tracking further comprises 
setting a third state  Fig 4 432 RETIRE CLIENTS OLD KEY
of 
Fig 4 432 follows steps 430 which follows step 428 which is a message from the client 
subsequent to staging the key at step 424 which therefore corresponds to the claimed third state being of  the agent because step 432 only occurs when and if the claimed staging has occurred.
the agent Fig 3 312 security module
indicating Fig 4 432 only occurs subsequent to Fig 4 424 (i.e. client saves candidate key)
the renewed secret [0075] candidate key
has been staged.
[0022] candidate key which may be considered a key to become an active key 
 in view of Fig 3 318 /316  and  Fig 4 422-436

	



Claims  6 is rejected under 35 U.S.C. 103 as being unpatentable over  Mityagin in view of  Lototskiy (US 10581819 hereinafter Lototskiy)  

As to claim 6, Mityagin    teaches all the subject matter pointed out in the above 102 rejection of parent claim 1.

As to claim 6,  Mityagin discloses wherein
the SMS Fig 3 server 304 / Fig 4 server 404
is configured to deliver 
Fig 4 step 422
*the secret transmitted in step 422 is referred to as a candidate secret. The candidate secret becomes	the active secret after step 436.  The candidate secret and the active secrete are the same secret but are differentiated via meta data as disclosed by Mityagin in  [0067].  Therefore,  Fig 4 step 422 corresponds to the claimed delivery the secret.
the secret [0071] an active security key / the security key

Mityagin does not teach
deliver the secret packaged in a secure blob, wherein the secure blob is an opaque byte array 

Lototskiy teaches in C4 55-67
interception component 205 generating an event notification indicating an API call has imported a new security context data BLOB (binary large object) including a symmetric key from another layer of security protocol provider e.g. SSL

therefore 
Mityagin modified by  Lototskiy teaches
deliver the secret packaged in a secure blob, wherein the secure blob is an opaque byte array 

because  
Mityagin teaches in [0061], that keys 316 and 318 may be stored in both a secure and obscure location 
inside the client device.

Even though Mityagin is silent with respect to the form of the delivered secret (i.e. the claimed deliver the secret packaged in a secure blob), Mityagin is suggestive that the storage of the received renewed secret includes an opaque secure blob because Mityagin discloses in [0061] that the storage is secure which corresponds to the claimed secure blob and  that the storage is obscure which corresponds to the claimed opaqueness.  

Moreover, in [0060] Mityagin, teaches that a session key may be used to encrypt all messages that are communicated between client 203 and server 304 thereby suggesting that the message 422 is encrypted which those of  ordinary skill would find suggestive of communicating the secret within the claimed secure blob inclusive of the claimed opaque byte array because those of ordinary skill in the art understand that a fundamental unit of data is a byte and that collections of bytes are stored in data structures known as arrays and that byte arrays are used to transport data in networks such as the internet.  

Therefore, Mityagin [0060] renders obvious the limitation of delivering the secret packaged in a secure opaque byte array 

However, Mityagin does not particularly disclose that the secret is packaged in a secure blob that is an opaque byte array when it is communicated between client and server.

Lototskiy cures Mityagin deficiency's with respect to the secret being delivered in a secure blob that is an opaque byte array when it is communicated between client and server.  For example:

 Lototskiy specifically teaches in C4 55-67 that a BLOB including a symmetric key  may be imported from an SSL layer.  And referring back to Mityagin [0060]  an SSL link may be used to establish a secure communications between client 302 and server 304.  Therefore, because Mityagin suggest storing the key  in a secure and obscure location  and because Mityagin discloses encrypted communications using SSL, Mityagin provides the necessary environmental/structural pre-requisites to support the incorporation of Lototskiy secure BLOB including a key transported over an SSL connection…

 To thereby arrive at the claimed invention of the secret is delivered in a secure blob that is an opaque byte array when it is communicated between client and server

As such, before the effective filing date, it would have been obvious to a person having ordinary skill in the art to combine the teachings of Mityagin with those of Lototskiy as elements previously known in the prior art combined to yield predictable results because:
As detailed immediately above, Mityagin stores the keys in  in a secure and obscure location  and   discloses encrypted communications using SSL. 

Both references teach the messages between client and server are encrypted corresponding to the limitation of opaqueness with respect to the transmitted byte arrays. 

Lototskiy teaches that Mityagin' s encrypted key (i.e. secret) is sent over an SSL network connection and may further be sent within a secure BLOB.  

Lototskiy further teaches HTTP communications (see  C4 5-10) which those of ordinary skill in the art would understand includes the transfer of byte arrays because bytes are a fundamental unit of information and collections of bytes are known as byte arrays  and are well known as being used in HTTP communications as a fundamental unit of information used to communicate information between client and server using HTTP protocol.  



Claims  7 is rejected under 35 U.S.C. 103 as being unpatentable over  Mityagin in view of  Lototskiy in further view of   Mukkamala et al (US 2017/0192414 hereinafter Mukkamala) in further view of  Li 

As to claim 7, Mityagin  in view of  Lototskiy  teaches all the subject matter pointed out in the above 103 rejection of parent claim 6.

As to claim 7,  Mityagin discloses wherein 
the SMS  
Fig 3 server 304 / Fig 4 server 404  
in view of  [0058] server 304 can be part of content management system 106
is configured to 
[0035] content storage 160 may use file version control
in view of  Fig 1 160 is comprised by Fig 1 106 content management system
in further view of  [0058] server 304 can be part of content management system 106
indicating that Mityagin teaches the limitation:   the SMS is configured to version control
version control  
[0035] file version control that tracks different versions of files
in view of  [0039] content management system 106 can verify security keys
in further view of  [0021] the term 'security key' may refer a file that contains the key value
[the secure blob to]
	
facilitate a comparison 
[0076]  Fig 4 message 428  results in the server 404 checking for a match between the key 
     stored on the server and the key received in the message.
	[[of metadata from]]
	a subsequent [0080] key issuance phase 416 may be repeated to complete another cycle of key rotation
periodic [0087] the timer periodically triggering the client to renew the security key
polling  request,  Fig 4 418 RENEWAL REQUST
		
[[ indicating a first version  of the secure blob installed in]]
the second secret store 
[0061] keys 316 (i.e. Fig 3 316 of client) may be stored in a secure or obscure location
of the node Fig 3 302 client device

[[with metadata indicating a second version of the secure blob installed in]]
 the first secret store 
Fig 3 322 Authenticator Module
in view of  [0065] module 322 may include storage 326 and 328
in further view of  [0067] any keys may be places in storage 326 or storage 328
of the SMS.  Fig 3 server 304 / Fig 4 server 404

In Summary, Mityagin teaches the SMS is configured to version control of the security keys as well as comparing the a key from a subsequent periodic polling request  that came from the second secret store of the client to a key stored in the first secret store of the SMS  whereas the claim requires the comparison to be between metadata indicating a versions of the secure blob that each contain the key.


Mityagin does not teach
the secure blob
Lototskiy teaches 
a blob containing a key
 C4 55-67 interception component 205 generating an event notification indicating an API call has 
imported a new security context data BLOB (binary large object) including a symmetric key from another layer of security protocol provider e.g. SSL

As such, before the effective filing date, it would have been obvious to a person having ordinary skill in the art to combine the teachings of Mityagin with those of Lototskiy as elements previously known in the prior art combined to yield predictable results because as detailed immediately above, Mityagin stores the keys in  in a secure and obscure location  and   discloses encrypted communications using SSL. Both references teach the messages between client and server are encrypted corresponding to the limitation of opaqueness with respect to the transmitted byte arrays.  Lototskiy teaches that Mityagin' s encrypted key (i.e. secret) is sent over an SSL network connection and may further be sent within a secure BLOB.  

Neither Mityagin nor Lototskiy teaches 
	the SMS is configured to version control the secure blob
	a first version of the secure blob installed in the second secret store
	a second version of the secure blob installed in the first secret store of the SMS

 Mukkamala teaches in [0148]
A large binary object i.e. blob storage service can provide a highly available and horizontally scalable storage service that allows secure storage of byte arrays…..large amounts of data in any file type can be stored or retrieved using the BLOB store.

therefore 
Mityagin combined with Lototskiy further modified by  Mukkamala teaches
the SMS is configured to version control the secure blob
		a first version of the secure blob installed in the second secret store
		a second version of the secure blob installed in the first secret store of the SMS
because  
In Fig 3, Mityagin discloses that Active and Candidate keys are stored in respective storage locations in client 302 and server 304.  
and Lototskiy teaches that keys may be transported inside a secure blob via SSL, therefore it would be obvious in view of Lototskiy for Mityagin to transport the candidate keys communicated in Fig 4 422 and Fig 4 428 using SSL within a secure blob.   
and Mukkamala teaches that blobs may be used for secure storage of byte arrays and storage and retrieval of any file type therefore it would be obvious in view of Mukkamala for Mityagin to store the keys of   Fig 3 316, 318, 326, and 328  as secure blobs to arrive at the limitations of :
the SMS is configured to version control the secure blob
		a first version of the secure blob installed in the second secret store
		a second version of the secure blob installed in the first secret store of the SMS

In Summary, Mityagin as modified by Lototskiy and Mukkamala teaches the SMS is configured to version control of the secure blobs, each containing a secret key as well as comparing the a first version of a secure blob from a subsequent periodic polling request  that came from the second secret store of the client to a first second version of a secure blob stored in the first secret store of the SMS  whereas the claim requires the comparison to be between metadata indicating a versions of the secure blob that each contain the key.
before the effective filing date, it would have been obvious to a person having ordinary skill in the art to combine the teachings of Mityagin and Lototskiy with those of Mukkamala as elements previously known in the prior art combined to yield predictable results which, as just previously discussed, includes storing  the keys of  Mityagin Fig 3 316, 318, 326, and 328  as respective first and second versions of secure blobs  under the version control disclosed by Mityagin in [0035].
Neither Mityagin, Lototskiy or Mukkamala teach 
wherein the SMS is configured to version control the secure blob to facilitate a comparison of metadata   from a subsequent periodic polling request indicating a first version  of the secure blob installed in the second secret store of the node with metadata indicating a second version of the secure blob installed in the first secret store of the SMS.  

Li teaches
	Fig 1 107 TA entity 
corresponding to   Mityagin's Fig 3 312 security module 
according to  Li[0052] TA entity 107 configured to provide a security function to a client application

Fig 1 105 SE  +  Fig 1 101 Server
corresponding to   Mityagin's Fig 3 304 server 
according to  Li [0051] stating  SE 105 corresponds to a server 
 and Li [0085] – [0087] wherein Li teaches that Fig 1 105 SE receives a key update request from 
the TA entity 107 and subsequently requests a new key from Server 101 to then provides a new key generated by Server 101 to client, TA entity 107

Fig 1 Secure channel
 corresponding to  Mityagin's [0060] secure channel using SSL over Fig 3 306 for network 
    communications therebetween
    
More particularly Li teaches in:
	[0079] – [0082] the TA entity 107 determines if the current key is valid by checking an expiration timer 
and if so, issues [0082] key update request	
corresponding to   Mityagin's [0074] wherein client 402 determines a new key is necessary based on a an 
expiration of timer 414 and if so, issues Fig 4 418 KEY 
RENEWAL REQUEST

[0085] the target SD receiving the key update request from the TA entity
corresponding to   Mityagin's Fig 4 418 KEY RENEWAL REQUEST

[0087] the target SD then sends the new key to the TA entity
	corresponding to   Mityagin's Fig 4 422 ISSUE CANDIDATE KEY

	[0086] and [0089] that  in addition to the timer expiration of [0080] that an additional step is taken before 
determining that a new key should be generated and returned to the client.   The additional step by Li in [0086] is to determine whether a version number of the first key included in the key update request sent by the TA matches with a version number that is stored in the SE
	

therefore 
Mityagin, Lototskiy, Mukkamala combined with Li teach
wherein the SMS is configured to version control the secure blob to facilitate a comparison of metadata   from a subsequent periodic polling request indicating a first version  of the secure blob installed in the second secret store of the node with metadata indicating a second version of the secure blob installed in the first secret store of the SMS.  

because 
Mityagin may incorporate Li's additional step of a version number comparison as taught by Li in [0086] into Mityagin's key renewal method of Fig 4  by inserting Li's additional step of version number comparison between Mityagin Fig 4 418 and 420 (i.e. as step 419)  to provide an additional determination to the key expiration timer determination as a combined criteria for triggering new key generation and update.    

The insertion of the additional step thereby arriving at the claimed invention  based on Mityagin's [0035] version control that tracks different versions of files,  the version control used by content management system 106 to verify security keys. 

In other words, Mityagin suggests that the version control that tracks different versions of files of [0035] may be used to facilitate the verification of security keys, but is silent with respect to how the suggested facilitation may be incorporated into the method of Fig 4.  

Li cures Mityagin's deficiency by teaching an additional step that may be inserted between Mityagin Fig 4 418 and 420 which compares a version number of the clients current key transmitted in the key update request to a version number of a key stored on the server  thereby corresponding to the claimed  comparison of metadata indicating a first version to metadata indicating a second version  to therefore arrive at the claimed invention of
wherein the SMS is configured to version control the secure blob to facilitate a comparison of metadata   from a subsequent periodic polling request indicating a first version  of the secure blob installed in the second secret store of the node with metadata indicating a second version of the secure blob installed in the first secret store of the SMS.  

As such, before the effective filing date, it would have been obvious to a person having ordinary skill in the art to combine the teachings of Mityagin, Lototskiy and Mukkamala with those of Li as elements previously known in the prior art combined to yield predictable results. 
Mityagin is directed to a method of automatic security key rotation shown in Fig 4, the key issuance process being triggered by a key expiration timer.  Li is also directed to a method of automatic security key rotation also wherein the key issuance process being triggered by a key expiration timer.  In addition to the timer, Li adds an additional criteria before a new key is generated which is a key version comparison.  

With respect to Mityagin Fig 4,  Li's version determination of [0086] may be inserted between steps 418 and 420 of Mityagin Fig 4 to arrive at the claimed invention via an improved operation.   
Whereas Mityagin relies only on Fig 4 418 to trigger the generation of a new key, Li provides and additional check.  Before generating a new key, Li determines if a new key generation is needed ( e.g. a new key may have been previously generated).  Therefore, Li checks to see if the version of key of  the client matches the version of the key of the server.  If they are matched, Li determines that a new key should be generated (i.e. otherwise the key update message would include the key that the client already has) before issuing Fig 3 303 including the updated key.

Mityagin and Li are silent with respect to the additional claimed feature of the secure blob.  However, Lototskiy teaches that a secure blob may include a key and Mukkamala  teaches that a blob may store files (i.e. keys) for retrieval.  In other words, Lototskiy and Mukkamala  teach that the combined method of Mityagin and Li can be further modified to use blob storage for the secret keys such that they secret keys can be retrieved from the blob as needed during the key evaluation steps of Mityagin Fig 4. 

As such the combination of Mityagin, Lototskiy Mukkamala and Li render obvious the limitations of claim 7.



Conclusion

 Any inquiry concerning this communication or earlier communications from the examiner should be directed to RICHARD A MCCOY whose telephone number is (313)446-6520.  The examiner can normally be reached on M - F 10 - 6.

Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.

If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Lynn Feild can be reached on 571 272 2092.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.

Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.






/RICHARD A MCCOY/Examiner, Art Unit 2431