Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Drawings
2.	Applicant’s drawings filed on 09/14/2020 has been inspected and it is compliance with MPEP 608.02.

Specification
3.	The specification filed on 9/14/2020 is acceptable for examination proceedings.

Information Disclosure Statement
4.	The information disclosure statement (IDS) submitted on 09/14/2020.  The submission is in compliance with the provisions of 37 CFR 1.97.  Accordingly, the information disclosure statement is being considered by the examiner.

Internet Communications
5. 	Applicant is encouraged to submit a written authorization for Internet communications (PTO/SB/439,
http://www.uspto.gov/sites/defauit/files/documents/sb0439.pdf) in the instant patent application to authorize the examiner to communicate with the only. (1) Central Fax which can be found in the Conclusion section of this Office action; (2) regular postal mail; (3) EFS WEB; or (4) the service window on the Alexandria campus. EFS web is the recommended way to submit the form since this allows the form to be entered into the file wrapper within the same day (system dependent). Written authorization submitted via other methods, such as direct fax to the examiner or email, will not be accepted. See MPEP § 502.03. 
Claim Rejections – 35 USC §103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  

The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains.  Patentability shall not be negated by the manner in which the invention was made.

s 1-2 and 10 are rejected under 35 U.S.C. 103 as being unpatentable over Buchanan et al. (US Pub. No. US 2005/0021466 A1, hereinafter refer as to Buchanan) in view of Pearson et al. (US Pub. No. 2016/0112456 A1, hereinafter refer as to Pearson). 

Buchanan provide to a method and system for remotely processing checks through electronic interaction between the physical location of the instrument and a financial institution.
Pearson provide compliance to a policy about how to treat data in a computer network environment is ensured by checking that conditions in the policy are satisfied by the entity before access to the data is provided.
As per claim 1, Buchanan discloses a cryptographic apparatus receiving encryption-target data and encrypting the data, the cryptographic apparatus comprising (para. 0045 and fig. 2 show central site processor 203 maintains authentication, for example): a first storage area in which image data (fig. 4 illustrates central site processing of image data, for example) of first software is stored on the image data of the first software (figs. 2-4 and para. 0041 discloses Central site 198 also provides both electronic storage of image and information data as well as providing an interface to maker bank site 199, for example); and executes second assurance check processing, which is processing for satisfying the predetermined certification requirement (fig. 4 show Communications between remote site processor 201 and central site processor 203 preferably incorporates digital signature verification/certification performed by process 311 and data encryption performed by process 313 to ensure confidentiality, for example), on a verification target which is at least part of the image data of the second software (fig. 4 depicted Central site processor 203 maintains authentication and data integrity at check image document storage 405 through the use of digital signature verification and certification, as well as via data encryption as shown in processes 314 and 315, for example) and on which verification for satisfying the predetermined certification requirement is not performed by the device (para. 0062 discloses digital signature verification and certification and data encryption software to ensure confidentiality, for example and fig. 4 show data integrity at check image document storage 405 through the use of digital signature verification and certification, as well as via data encryption as shown in processes 314 and 315, for example). 

Buchanan failed to explicitly discloses a cryptographic module which encrypts data by executing the first software; a second storage area in which image data of second software is stored; and a device which executes predetermined processing by executing the second software, wherein the cryptographic module executes first assurance check processing, which is processing for satisfying a predetermined certification requirement, 

 (fig. 1 discloses cryptographic module 114, for example) which encrypts data by executing the first software; a second storage area in which image data of second software is stored (para. 0015 discloses the cryptographic module 114 encrypts a set of private data subject to a privacy policy into encrypted data by applying an encryption algorithm (e.g., a symmetric encryption algorithm as specified in ISO (International Standards Organization), for example); and a device which executes predetermined processing by executing the second software (para. 0012 discloses a privacy policy can be expressed in any suitable language, such as the Extensible Markup Language (XML), and may follow a set of predetermined grammar rules and/or semantics rules that can be understood by the service provider 120 and the trust authority 130, for example) , wherein the cryptographic module executes first assurance check processing, which is processing for satisfying a predetermined certification requirement, on the image data of the first software (para. 0015 discloses the cryptographic module 114 encrypts a set of private data subject to a privacy policy into encrypted data by applying an encryption algorithm (e.g., a symmetric encryption algorithm as specified in ISO (International Standards Organization)/IEC (International Electrotechnical Commission) 18033-3) using a cryptographic key (e.g., a locally generated symmetric key), and generates a sticky policy for the encrypted data to ensure that the corresponding privacy policy will be audited and assurance of policy compliance provided, for example) , and executes second assurance check processing, which is processing for satisfying the predetermined certification requirement (para. 0010 discloses the public/private key pair is certified by a trusted certification authority and can be used as asymmetric keys to encrypt/decrypt messages, for example).

Buchanan and Pearson are analogous art because they both are directed to treat data in a computer network environment and one of ordinary skill in the art would have had a reasonable expectation of success to modify Buchanan with the specified features of Pearson because they are from the same field of endeavor.

Therefore, it would have been obvious to one ordinary skilled in the art before the effective filing date of applicant’s claimed invention to combine the teachings of Pearson with the teaching of Buchanan in order to treat data in a computer network environment is ensured by checking that conditions in the policy are satisfied by the entity before access to the data is provided [Abstract: Pearson]. 

As per claim 2 as applied above, the modified apparatus of Buchanan as modified Pearson discloses, wherein the cryptographic module (fig. 1 of Pearson show  cryptographic module 114 , for example) executes the second assurance check processing after the execution of the first assurance (para. 0010 of Pearson discloses   the trust authority 130 may request the service provider 120 to provide a message containing an assurance that the privacy policies will be complied with by the service provider 120 (the "assurance message"), and determine whether the provided assurance message is acceptable (e.g., whether the service provider 120 can satisfy all policy conditions), for example).

As per claim 10 as applied above, the modified apparatus of Buchanan as modified Pearson discloses, which is coupled to the persistent storage device and the storage controller, wherein the storage controller transmits write-target (fig. 2 depicted processor 201 is further coupled to central site processor 203 via an interface transmission or network media 202, for example) data for the persistent storage device and a cryptographic key of the data, the cryptographic apparatus receives the data (fig. 6 of Buchanan depicted processor software receives the digitized data from the scanner/reader/printer and validates data to ensure that the check information is readable and valid in a step 603. When the image is ready for transmission to the central site. The remote site processor contacts the transmission facility and, incorporating digital signature verification and certification and data encryption software to ensure confidentiality, transmits in a step 604 the item image and control information to the central site, for example) and the cryptographic key and encrypts the data by using the cryptographic key, and the encrypted data is (fig. 7C depicted process step 710 where the image is prepared for transmission to process step 711 where the date is encrypted and step 712 where the digital signature is added in preparation for transmitting the data to the central site in process step 713, for example). 

7.	Claims 9 is rejected under 35 U.S.C. 103 as being unpatentable over Buchanan et al. (US Pub. No. US 2005/0021466 A1, hereinafter refer as to Buchanan) in view of Pearson et al. (US Pub. No. 2016/0112456 A1, hereinafter refer as to Pearson), further in view of Matthews, JR. (US Pub. No. 2012/0069995 A1, hereinafter refer as to Matthews). 
Matthews provide data storage device that includes a control chip with a zeroizable root key. In one embodiment, the control chip comprises a digital memory, the zeroizable root key being a derived root key obtained by applying a firmware root key to a different root key stored within the digital memory such that the setting of each bit of the different root key is locked.
As per claim 9  Buchanan as modified Pearson discloses all claimed invention except for, wherein the predetermined certification requirement is a requirement of Level 2 of FIPS 140 certification, and configuration data which is loaded into a programmable device and the image data of the first software, which performs the second assurance check processing by being executed by .

However, Corona discloses wherein the predetermined certification requirement is a requirement of Level 2 of FIPS 140 certification (fig. 2 depicted the circuit board 102 configuration shown in FIG. 2 is potentially FIPS 140 compliant even if the boundaries of the cryptographic module are defined so as to encompass memory 122 and/or blended OTP root key 215, for example), and configuration data which is loaded into a programmable device and the image data of the first software, which performs the second assurance check processing by being executed by the programmable device into which the configuration data is loaded, are added to an existing circuit board on which the device has been mounted (the circuit board of fig. 2 is FIPS 140 compliant, for example).  

Buchanan as modified Pearson and Matthews are analogous art because they both are directed to data storage systems and one of ordinary skill in the art would have had a reasonable expectation of success to modify Buchanan with the specified features of Pearson because they are from the same field of endeavor.

Therefore, it would have been obvious to one ordinary skilled in the art before the effective filing date of applicant’s claimed invention to combine the  applying a firmware root key to a different root key stored within the digital memory such that the setting of each bit of the different root key is locked [Abstract: Matthews]. 

Allowable subject matter 
8.	Claims 3-5 and 7-8 are objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims.
Pertinent Art
9.	The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. 
10.	Eibach et al. (US 2003/0084350 A1) provide a system and method for configuration of access rights to sensitive information handled by a sensitive Web-Service. In a case of requested configuration changes initiated by the client system the Web-Server system provides a configuration data file to the client system preferably using a SOAP-communication protocol. The changes of the configuration data file are exclusively performed offline at the client side and the updated configuration data file is signed with authentication information and sent as a part of a SOAP-request to the Web-Server system. The Web-Server system provides a filter component for identifying and discarding non-SOAP requests as well as an access control manager for providing authentication examination for incoming SOAP-requests. After 
11.	Buchanan et al. (US 2004/0133516 A1) provide a the first processor and third processor store the check image(s) on an Internet enabled documents storage system allowing access by the depositor, their designee, or the first processor and/or third processor. The first processor and third processor for storing check images and associated information preferably employees incorporating digital signature verification and certification, and data encryption to ensure confidentiality.

12.	Corona (US 2007/0107042 A1) provide user data may be encrypted using an encryption method known in the industry such as those disclosed in the Federal Information Processing Standards FIPS No. 140-2 Security Requirements for Cryptographic Modules.

13.	Hershey (US 6,175,934 B1) provide Cryptographic module  performs message authentication and message encryption. Message encryption is utilized when it is desirable to make it difficult for unauthorized parties to decode DIME and DAME. Cryptographic module 218 is designed using the Data Encryption Standard (DES), as described in National Bureau of Standards FIPS PUB 46("Specifications for the Data Encryption Standard," Federal Information Processing Standards Publication 46, U. S. Department of Commerce, 1977),
Conclusion
14.	Any inquiry concerning this communication or earlier communications from the examiner should be directed to ABIY GETACHEW whose telephone number is (571)272-6932.  The examiner can normally be reached on Mon.-Fri. 9:00 AM - 5:30 PM.

Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.

If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Kambiz Zand can be reached on (571) 272-3811.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.

Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center 






A.G.
September 19, 2021
A.G.
/ABIY GETACHEW/Primary Examiner, Art Unit 2434