Notice of Pre-AIA  or AIA  Status
The present application is being examined under the pre-AIA  first to invent provisions.
DETAILED ACTION
This Office Action is in response to the application 17/250,088 filed on 11/23/2020.
Claims 1-7 have been examined and are pending in this application.
Information Disclosure Statement
The information disclosure statement (IDS), submitted on 11/23/2020, is in compliance with the provisions of 37 CFR 1.97.  Accordingly, the information disclosure statement is being considered by the examiner.
Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(d):
(d) REFERENCE IN DEPENDENT FORMS.—Subject to subsection (e), a claim in dependent form shall contain a reference to a claim previously set forth and then specify a further limitation of the subject matter claimed. A claim in dependent form shall be construed to incorporate by reference all the limitations of the claim to which it refers.

The following is a quotation of 35 U.S.C. 112 (pre-AIA ), fourth paragraph:
Subject to the [fifth paragraph of 35 U.S.C. 112 (pre-AIA )], a claim in dependent form shall contain a reference to a claim previously set forth and then specify a further limitation of the subject matter claimed. A claim in dependent form shall be construed to incorporate by reference all the limitations of the claim to which it refers.
Claim 6 is rejected under 35 U.S.C. 112(d) or pre-AIA  35 U.S.C. 112, 4th paragraph, as being of improper dependent form for failing to further limit the subject matter of the claim 
Regarding claim 6; claim 6 is rejected under 35 U.S.C. 112(d) or pre-AIA  35 U.S.C. 112, 4th paragraph, as being of improper dependent form for failing to further limit the subject matter of the claim upon which it depends, or for failing to include all the limitations of the claim upon which it depends.  “[A] proper dependent claim must be narrower than the claim upon which it depends and must not be broader in any respect.” D. Chisum, Chisum on Patents § 8.06[5] (2011) (citing Pfizer Inc. v. Ranbaxy Laboratories Ltd., 457 F3d 1284 (Fed. Cir. 2006) (claim held invalid for failing to comply with 35 U.S.C. 112(d)).   A non- transitory computer readable medium claim 6 relies on method claim 1. However, claim 6 fails to specify a further limitation of the subject matter of the claim 1 to which it refers, because is complete outside the scope of claim 1 .  Applicant may cancel the claim(s), amend the claim(s) to place the claim(s) in proper dependent form, rewrite the claim(s) in independent form, or present a sufficient showing that the dependent claim(s) complies with the statutory requirements.
The following is a quotation of 35 U.S.C. 112(b):
(B)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.

The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:

The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention. 

Claims 1-7 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the 
Regarding claims 1 and 5, claims 1 and 5 recites “such that a rate of generation of the cryptographic keys is unconstrained by resources of the HSM ……” which renders the claim indefinite because the language is unclear and confusing. It is unclear whether or the limitation is intended to mean “such that a rate of generation of the cryptographic keys is unconstrained by resources of the HSM.” The key is generating based on a plurality of statistically random entropy data sources originating from natural phenomena so as to increase a degree of randomness. How the rate of generation is unconstrained by resource?” The applicant is required to clarify the limitation so that the meaning is unambiguous. For the examination purpose, Examiner interpreted “the generation of the cryptographic keys is unconstrained by resources of the HSM”.
Regarding claims 2-4 and 6-7; claims 2-4 and 6-7 are dependent on claim 1 and therefore inherit 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph issues of the independent claims.
Claim Rejections - 35 USC § 103
The following is a quotation of pre-AIA  35 U.S.C. 103(a) which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
Claims 1-2 and 4-6 are rejected under pre-AIA  35 U.S.C. 103(a) as being unpatentable over Oberheide (US 2016/0352516) and in view of Peirce (US 2009/0323967).
Regarding claim 1, Oberheide discloses a computer implemented method of generating cryptographic keys for a hardware security module (HSM) (Oberheide par. 0028), the method comprising: 
generating a plurality of cryptographic keys (Oberheide par. 0012; The key management system 110 functions to enable creation, storage, retrieval, and/or use of cryptographic keys by an electronic device), and 
storing the generated plurality of cryptographic keys for use by the HSM in providing cryptography functions (Oberheide par. 0017 and 0028; The key management system store keys in tamper protected data storage (e.g., key storage of a hardware security module). The HSM stores keys in a protected storage solution. In many variations, the key may not be readable or obtainable from the HSM, and the HSM provides an interface to use a stored key such as to generate and output a signature made with the key. See also par. 0013), wherein the plurality of cryptographic keys are generated based on numerical data generated by a hardware random number generator (Oberheide par. 0014; the key management system 110 preferably additionally uses random number generators (RNGs) or pseudo -random number generators (PRNGs) in the key generation process. If the electronic device operating the key management system 110 includes a hardware RNG, the key management system 110 preferably uses this RNG), 
wherein the hardware random number generator operates based on a plurality of statistically random entropy data sources originating from natural phenomena so as to (Oberheide par. 0014; If the electronic device operating the key management system 110 does not have a dedicated RNG, but is capable of providing potential RNG sources (e.g., radio noise, thermal noise), the key management system 110 preferably uses the RNG sources to generate random numbers. The key management system 110 may perform any suitable signal processing on RNG sources to extract random numbers, including the use of randomness extractors. If the electronic device operating the key management system 110 does not have access to RNG sources, the key management system 110 preferably produces pseudo-random numbers using a PRNG. The PRNG preferably runs on general purpose computing hardware of the electronic device (e.g., a main CPU), but may additionally or alternatively run on more specialized hardware (e.g., a GPU, or hardware dedicated to security functions).
Oberheide discloses generating, storing and the key management system offload some or all of key generation computations to an external source (e.g., an internet-connected key generation server, or a locally connected key generator) (Oberheide par. 0012-0015). However, Oberheide does not explicitly disclose such that a rate of generation of the cryptographic keys is unconstrained by resources of the HSM.
However, in an analogous art, Peirce teaches wherein such that a rate of generation of the cryptographic keys is unconstrained by resources of the HSM (Peirce par. 0013; The telematics unit includes a pseudo random number generator and is operable under control of the processor to obtain entropy data from at least one independent data source external to the telematics unit and to generate cryptographic keys using the pseudo random number generator and the entropy data. See also par. 0004).
(Peirce par. 0013). 
Regarding claim 2, Oberheide and Peirce disclose the method of claim 1,
Oberheide further discloses wherein the generated plurality of cryptographic keys are stored in the HSM by invoking a storage function of the HSM (Oberheide par. 0017; the key management system store keys in tamper protected data storage (e.g., key storage of a hardware security module)).
Regarding claim 4, Oberheide and Peirce disclose the method of claim 1,
Peirce further discloses wherein the natural phenomena include one or more of: one or more statistically random noise signals; or quantum phenomena (Peirce par. 0003; general purpose computers such as desktop, laptop, and notebook personal computers can include entropy hardware or software engines that generate entropy data as a quantifiable form of random or near-random data for use in generating the cryptographic keys. This entropy data can be obtained in a variety of different ways, such as through software by, for example, timing the intervals between a user's keystrokes, detecting the user's movement of a mouse or other serial input device, or timing the arrival of packets at the computer from an attached network. Such data can also be obtained through entropy hardware engines in the computer that, for example, generate random data based on measured physical effects such as thermal noise (e.g., temperature variations about some given threshold).).
Therefore, it would have been obvious to one of ordinary skill in the art, before the effective filing date of the claimed invention, to modify the system of generating random number of Oberheide using the system taught in Peirce in order to provide an electronics system for self-generating cryptographic keys used for secure wireless communication (Peirce par. 0013). 
Regarding claims 5 and 6; claims 5 and 6 are directed to a system and a non-transitory computer readable medium associated with the method claimed in claim 1. Claims 5 and 6 are similar in scope to claim 1, and are therefore rejected under similar rationale.
Claim 3 is rejected under pre-AIA  35 U.S.C. 103(a) as being unpatentable over Oberheide (US 2016/0352516), in view of Peirce (US 2009/0323967) and further in view of Shetty (US 2017/0286698).
Regarding claim 3, Oberheide and Peirce disclose the method of claim 1,
Oberheide and Peirce failed to disclose but Shetty discloses wherein storage of the plurality of cryptographic keys in the HSM is scheduled to occur at times when the HSM is operating in a low utilization state relative to an average utilization state of the HSM (Shetty par. 0143; HSM proxy 704 receives the plaintext object key and forwards it to download service 326, which in some deployments occurs via load balancer).
 (Shetty par. 0104). 
Claim 7 is rejected under pre-AIA  35 U.S.C. 103(a) as being unpatentable over Oberheide (US 2016/0352516), in view of Peirce (US 2009/0323967) and further in view of Courtney (US 2018/0323967).
Regarding claim 7, Oberheide and Peirce disclose the method of claim 4,
Oberheide and Peirce failed to disclose but Courtney discloses wherein the quantum phenomena are photoelectric effects (Courtney par. 0042; Some host OS level entropy sources can have a hardware component, such as specially configured circuits that generate statistically random noise signals based on various effects such as thermal noise, the photoelectric effect or other quantum phenomena, timing of certain events, etc. For example, a counter and timing system can be used to aggregate entropy values based on system events (e.g., keystrokes, system calls, etc.)).
Therefore, it would have been obvious to one of ordinary skill in the art, before the effective filing date of the claimed invention, to modify the system of providing entropy of Oberheide and Peirce using the system taught in Courtney in order to increase the security of the function against attack (Courtney par. 0019). 
Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to SANCHIT K SARKER whose telephone number is (571)270-7907. The examiner can normally be reached M-F 8:30 AM-5:30 PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, FARID HOMAYOUNMEHR can be reached on 571-272-3739. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/SANCHIT K SARKER/Examiner, Art Unit 2495