DETAILED ACTION

Notice of Pre-AIA  or AIA  Status
1. 	The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Claim Rejections - 35 USC § 103
2. 	The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.


3. 	Claims 1-20 are rejected under 35 U.S.C. 103 as being unpatentable over Campagna (US 2018/0054309 A1) in view of Ronda (US 201/0250972 A1).

4. 	Regarding Claim 1, Campagna discloses, a method for encrypting an object such that the creator of the encrypted object can be identified comprising: receiving, by a processor, an unencrypted object that comprises plaintext and metadata that describes the plaintext (Campagna, [0074], a processor of the server [0035], a client may receive the unencrypted data key, encrypted data key, and nonce and perform an encryption operation on a plaintext message using the unencrypted data key); 
Campagna does not explicitly disclose the following limitations that Ronda teaches:
obtaining, by the processor in response to a request from a user, a data encryption key (DEK) and a nonce key for the unencrypted object, the nonce key being unique to the user (Ronda, [0183], a processor of the user device, [0005],  in response to the first request, the data bundle identifying one or more attributes associated with a user. [0215], a data bundle ownership public key for the user agent (UaboPub) and a data encryption key (DEK). [0056], a first data encryption key; a cryptographic nonce); 
It would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to include the data encryption key with the nonce to retrieve the request from the user and to unencrypt the entity. 

encrypting, by the processor, the unencrypted object, the encrypting comprising: generating a nonce based at least in part of the plaintext and the nonce key (Campagna, [0032], the cryptography service may generate the nonce. [0035], encrypted data key, and nonce and perform an encryption operation on a plaintext message using the unencrypted data key, the nonce); and generating ciphertext and a metadata authentication tag comprising a signature of the metadata, the generating based at least in part on the plaintext, the metadata, the DEK, and the nonce (Campagna [0027], The client may then use the nonce and the data key to encrypt the data, thereby generating ciphertext. [0016], in response to the encrypted data key, nonce, additional authenticated data, and plaintext message to encrypt. [0024], he authentication tag may be associated to a plaintext or ciphertext message.); and creating an encrypted object that includes the ciphertext, the metadata, and the metadata authentication tag (Campagna, [0015], ciphertext produced by the encryption includes an authentication tag. Encrypted data may comprise a ciphertext and an authentication tag).  

5. 	Regarding Claim 2, Campagna and Ronda disclose, the method of claim 1, wherein the nonce is generated once, and in response to the encrypted object being created the nonce is linked to the encrypted object via a pointer to the nonce in the encrypted object or linked to the encrypted object via inclusion of the nonce in the encrypted object (Campagna, [0003], Many encryption algorithms rely on the use of a cryptographic nonce, a number or bits of information that are to be only used once in the context. [0016], in response to the encrypted data key, nonce, additional authenticated data, and plaintext message to encrypt. The same nonce provided to the authenticated encryption module is also included in the additional authenticated data.).  

6. 	Regarding Claim 3, Campagna and Ronda disclose, the method of claim 1, wherein the generating the nonce comprises executing a nonce encryption algorithm that takes as input the plaintext and the nonce key, and that outputs the nonce (Campagna, [0015],  the nonce or other information based at least in part on the nonce is input into the encryption algorithm as AAD and used to encrypt a data key, and the same nonce and data key  [0017],  the encrypted cryptographic key, nonce, additional authenticated data, and plaintext message. In some embodiments, the authenticated encryption module requires at least these inputs to perform encryption although some inputs, such as a plaintext message).
  
7. 	Regarding Claim 4, Campagna and Ronda disclose, the method of claim 3, wherein the nonce encryption algorithm is an Advanced Encryption Standard with Cipher-based Message Authentication Code (AES-CMAC) encryption algorithm (Campagna, [0033], The data key is encrypted 308 by an encryption function using at least a symmetric key and a nonce. The cryptographic data key may be encrypted using any of several symmetric key algorithms including AES, DES, 3DES, and so forth.).  

8. 	Regarding Claim 5, Campagna and Ronda disclose, the method of claim 1, 
Campagna does not explicitly disclose the following limitations that Ronda teaches:
wherein a plurality of nonce keys correspond to the DEK and the nonce key is included in the plurality of nonce keys (Ronda, [0215], The DEK can be generated using, for example, a random key generation algorithm. [0228], a cryptographic nonce of a suitable length added to the data).  
It would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to include the plurality of nonce to the data encryption keys. 

9. 	Regarding Claim 6, Campagna and Ronda disclose, the method of claim 1, wherein the encrypting the unencrypted object is performed using an Advanced Encryption Standard with Galois/Counter Mode (AES- GCM) encryption algorithm (Campagna, [0015], a service provider uses an authenticated encryption mode of a cipher, such as the Galois counter mode or the counter with cipher block chaining message authentication code mode of the advanced encryption standard (AES-GCM and AES-CBC, respectively).  

10. 	Regarding Claim 7, Campagna and Ronda disclose, the method of claim 1, 
Campagna does not explicitly disclose the following limitations that Ronda teaches:
further comprising: receiving, by the processor, a second encrypted object, the second encrypted object having been previously generated by encrypting a second object based at least in part on the DEK and a second nonce (Ronda, [0386], the user portion DEK1 of the data encryption key—in some cases, if more than one IdP is the source of the attributes in the response data bundle, each DEK1 may be included, along with metadata to identify the attributes to which it corresponds. [0405], At 990, RP server 310 receives the encrypted key, decrypts it to obtain the DEK2, and reconstructs the data encryption key DEK using the user portion of the key DEK1, which was received as part of the response data bundle.); 
Campagna does not explicitly disclose the following limitations that Ronda teaches:
obtaining a plurality of nonce keys correspond to the DEK, wherein each of the plurality of nonce keys corresponds to a specific user (Ronda, [0405], At 990, RP server 310 receives the encrypted key, decrypts it to obtain the DEK2, and reconstructs the data encryption key DEK using the user portion of the key DEK1, which was received as part of the response data bundle.); 
Campagna does not explicitly disclose the following limitations that Ronda teaches);
Campagna does not explicitly disclose the following limitations that Ronda teaches:
obtaining a copy of a second unencrypted object corresponding to the second encrypted object (Ronda, [0273], A portion of the data bundle, which is left unencrypted, or else appended to the encryption portion of the data bundle in unencrypted for); 
Campagna does not explicitly disclose the following limitations that Ronda teaches:
creating a plurality of nonces, each of the plurality of nonces being created using one of the plurality of nonce keys (Ronda, [0218], IdP server 350 encrypts the one or more attributes using the data encryption key (DEK) to generate one or more encrypted attributes. Encryption may be performed using a nonce); 
It would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to include the plurality of nonce by corresponding to the data encryption key and user and to obtain and create the plurality of nonce to enhance security features.

determining that one of the plurality of nonces that matches the second nonce and identifying the specific user associated with nonce key used to generate the one of the plurality of nonces as the creator of the second encrypted object (Campagna, [0044],  In an embodiment, the authorization check may be performed in the decryption operation, where the component performing the decryption operation (e.g., the authenticated encryption module 104) may check that the nonce in the AAD matches the nonce used to encrypt the encrypted data key.).  

11. 	Regarding Claim 8, Campagna and Ronda disclose, the method of claim 7, wherein obtaining the copy of a second unencrypted object includes decrypting the second encrypted object using the DEK and the second nonce (Campagna, [0038], the unencrypted data key is also provided. In some embodiments, a client may receive the unencrypted data key and encrypted data key and perform an encryption operation on a plaintext message using the unencrypted data key, the nonce that was provided to the cryptography service, and optionally an AAD. The encrypted data key and encrypted message may be stored such that they may be retrieved later and decrypted.). 
 
12. 	Regarding Claim 9, Campagna and Ronda disclose, a system comprising: one or more processors for executing computer-readable instructions, the computer-readable instructions controlling the one or more processors to perform operations comprising: receiving an unencrypted object that comprises plaintext and metadata that describes the plaintext (Campagna, [0074], a processor of the server [0035], a client may receive the unencrypted data key, encrypted data key, and nonce and perform an encryption operation on a plaintext message using the unencrypted data key); 
Campagna does not explicitly disclose the following limitations that Ronda teaches:
obtaining, in response to a request from a user, a data encryption key (DEK) and a nonce key for the unencrypted object, the nonce key being unique to the user (Ronda, [0183], a processor of the user device, [0005],  in response to the first request, the data bundle identifying one or more attributes associated with a user. [0215], a data bundle ownership public key for the user agent (UaboPub) and a data encryption key (DEK). [0056], a first data encryption key; a cryptographic nonce); encrypting the unencrypted object, the encrypting comprising: generating a nonce based at least in part of the plaintext and the nonce key (Campagna, [0032], the cryptography service may generate the nonce. [0035], encrypted data key, and nonce and perform an encryption operation on a plaintext message using the unencrypted data key, the nonce); and generating ciphertext and a metadata authentication tag comprising a signature of the metadata, the generating based at least in part on the plaintext, the metadata, the DEK, and the nonce (Campagna [0027], The client may then use the nonce and the data key to encrypt the data, thereby generating ciphertext. [0016], in response to the encrypted data key, nonce, additional authenticated data, and plaintext message to encrypt. [0024], he authentication tag may be associated to a plaintext or ciphertext message. ); and creating an encrypted object that includes the ciphertext, the metadata, and the metadata authentication tag (Campagna, [0015], ciphertext produced by the encryption includes an authentication tag. Encrypted data may comprise a ciphertext and an authentication tag).  

13. 	Regarding Claim 10, Campagna and Ronda disclose, the system of claim 9, wherein the nonce is generated once, and in response to the encrypted object being created the nonce is linked to the encrypted object via a pointer to the nonce in the encrypted object or linked to the encrypted object via inclusion of the nonce in the encrypted object (Campagna, [0003], Many encryption algorithms rely on the use of a cryptographic nonce, a number or bits of information that are to be only used once in the context. [0016], in response to the encrypted data key, nonce, additional authenticated data, and plaintext message to encrypt. The same nonce provided to the authenticated encryption module is also included in the additional authenticated data.).  

14. 	Regarding Claim 11, Campagna and Ronda disclose, the system of claim 9, wherein the generating the nonce comprises executing a nonce encryption algorithm that takes as input the plaintext and the nonce key, and that outputs the nonce (Campagna, [0015],  the nonce or other information based at least in part on the nonce is input into the encryption algorithm as AAD and used to encrypt a data key, and the same nonce and data key  [0017],  the encrypted cryptographic key, nonce, additional authenticated data, and plaintext message. In some embodiments, the authenticated encryption module requires at least these inputs to perform encryption although some inputs, such as a plaintext message).  

15. 	Regarding Claim 12, Campagna and Ronda disclose, the system of claim 11, wherein the nonce encryption algorithm is an Advanced Encryption Standard with Cipher-based Message Authentication Code (AES-CMAC) encryption algorithm (Campagna, [0033], The data key is encrypted 308 by an encryption function using at least a symmetric key and a nonce. The cryptographic data key may be encrypted using any of several symmetric key algorithms including AES, DES, 3DES, and so forth.).  

16. 	Regarding Claim 13, Campagna and Ronda disclose, the system of claim 9, 
Campagna does not explicitly disclose the following limitations that Ronda teaches:
wherein a plurality of nonce keys correspond to the DEK and the nonce key is included in the plurality of nonce keys (Ronda, [0215], The DEK can be generated using, for example, a random key generation algorithm. [0228], a cryptographic nonce of a suitable length added to the data).  

17. 	Regarding Claim 14, Campagna and Ronda disclose, the system of claim 9, wherein the encrypting the unencrypted object is performed using an Advanced Encryption Standard with Galois/Counter Mode (AES- GCM) encryption algorithm (Campagna, [0015], a service provider uses an authenticated encryption mode of a cipher, such as the Galois counter mode or the counter with cipher block chaining message authentication code mode of the advanced encryption standard (AES-GCM and AES-CBC, respectively).  

18. 	Regarding Claim 15, Campagna and Ronda disclose, the system of claim 9, 

Campagna does not explicitly disclose the following limitations that Ronda teaches:
wherein the operations further comprise: receiving, by the processor, a second encrypted object, the second encrypted object having been previously generated by encrypting a second object based at least in part on the DEK and a second nonce (Ronda, [0386], the user portion DEK1 of the data encryption key—in some cases, if more than one IdP is the source of the attributes in the response data bundle, each DEK1 may be included, along with metadata to identify the attributes to which it corresponds. [0405], At 990, RP server 310 receives the encrypted key, decrypts it to obtain the DEK2, and reconstructs the data encryption key DEK using the user portion of the key DEK1, which was received as part of the response data bundle.); 
Campagna does not explicitly disclose the following limitations that Ronda teaches:
obtaining a plurality of nonce keys correspond to the DEK, wherein each of the plurality of nonce keys corresponds to a specific user (Ronda, [0405], At 990, RP server 310 receives the encrypted key, decrypts it to obtain the DEK2, and reconstructs the data encryption key DEK using the user portion of the key DEK1, which was received as part of the response data bundle.); 
Campagna does not explicitly disclose the following limitations that Ronda teaches:
obtaining a copy of a second unencrypted object corresponding to the second encrypted object (Ronda, [0273], A portion of the data bundle, which is left unencrypted, or else appended to the encryption portion of the data bundle in unencrypted for); 
Campagna does not explicitly disclose the following limitations that Ronda teaches:
creating a plurality of nonces, each of the plurality of nonces being created using one of the plurality of nonce keys (Ronda, [0218], IdP server 350 encrypts the one or more attributes using the data encryption key (DEK) to generate one or more encrypted attributes. Encryption may be performed using a nonce); determining that one of the plurality of nonces that matches the second nonce and identifying the specific user associated with nonce key used to generate the one of the plurality of nonces as the creator of the second encrypted object (Campagna, [0044],  In an embodiment, the authorization check may be performed in the decryption operation, where the component performing the decryption operation (e.g., the authenticated encryption module 104) may check that the nonce in the AAD matches the nonce used to encrypt the encrypted data key.).  

19. 	Regarding Claim 16, Campagna and Ronda disclose, the system of claim 15, wherein obtaining the copy of a second unencrypted object includes decrypting the second encrypted object using the DEK and the second nonce (Campagna, [0038], the unencrypted data key is also provided. In some embodiments, a client may receive the unencrypted data key and encrypted data key and perform an encryption operation on a plaintext message using the unencrypted data key, the nonce that was provided to the cryptography service, and optionally an AAD. The encrypted data key and encrypted message may be stored such that they may be retrieved later and decrypted.). 


20. 	Regarding Claim 17, Campagna and Ronda disclose, a computer program product comprising a computer-readable storage medium having program instructions embodied therewith, the program instructions executable by a processor to cause the processor to perform operations comprising: receiving an unencrypted object that comprises plaintext and metadata that describes the plaintext (Campagna, [0074], a processor of the server [0035], a client may receive the unencrypted data key, encrypted data key, and nonce and perform an encryption operation on a plaintext message using the unencrypted data key); 
Campagna does not explicitly disclose the following limitations that Ronda teaches:
obtaining, in response to a request from a user, a data encryption key (DEK) and a nonce key for the unencrypted object, the nonce key being unique to the user (Ronda, [0183], a processor of the user device, [0005],  in response to the first request, the data bundle identifying one or more attributes associated with a user. [0215], a data bundle ownership public key for the user agent (UaboPub) and a data encryption key (DEK). [0056], a first data encryption key; a cryptographic nonce); encrypting the unencrypted object, the encrypting comprising: generating a nonce based at least in part of the plaintext and the nonce key (Campagna, [0032], the cryptography service may generate the nonce. [0035], encrypted data key, and nonce and perform an encryption operation on a plaintext message using the unencrypted data key, the nonce); and generating ciphertext and a metadata authentication tag comprising a signature of the metadata, the generating based at least in part on the plaintext, the metadata, the DEK, and the nonce (Campagna [0027], The client may then use the nonce and the data key to encrypt the data, thereby generating ciphertext. [0016], in response to the encrypted data key, nonce, additional authenticated data, and plaintext message to encrypt. [0024], he authentication tag may be associated to a plaintext or ciphertext message.); and creating an encrypted object that includes the ciphertext, the metadata, and the metadata authentication tag (Campagna, [0015], ciphertext produced by the encryption includes an authentication tag. Encrypted data may comprise a ciphertext and an authentication tag).    

21. 	Regarding Claim 18, Campagna and Ronda disclose, the computer program product of claim 17, wherein the nonce is generated once, and in response to the encrypted object being created the nonce is linked to the encrypted object via a pointer to the nonce in the encrypted object or linked to the encrypted object via inclusion of the nonce in the encrypted object (Campagna, [0003], Many encryption algorithms rely on the use of a cryptographic nonce, a number or bits of information that are to be only used once in the context. [0016], in response to the encrypted data key, nonce, additional authenticated data, and plaintext message to encrypt. The same nonce provided to the authenticated encryption module is also included in the additional authenticated data.).  

22. 	Regarding Claim 19, Campagna and Ronda disclose, the computer program product of claim 17, wherein the generating the nonce comprises executing a nonce encryption algorithm that takes as input the plaintext and the nonce key, and that outputs the nonce (Campagna, [0015],  the nonce or other information based at least in part on the nonce is input into the encryption algorithm as AAD and used to encrypt a data key, and the same nonce and data key  [0017],  the encrypted cryptographic key, nonce, additional authenticated data, and plaintext message. In some embodiments, the authenticated encryption module requires at least these inputs to perform encryption although some inputs, such as a plaintext message).  

23. 	Regarding Claim 20, Campagna and Ronda disclose, the computer program product of claim 19, wherein the nonce encryption algorithm is an Advanced Encryption Standard with Cipher-based Message Authentication Code (AES-CMAC) encryption algorithm (Campagna, [0033], The data key is encrypted 308 by an encryption function using at least a symmetric key and a nonce. The cryptographic data key may be encrypted using any of several symmetric key algorithms including AES, DES, 3DES, and so forth.).



Conclusion
24. Any inquiry concerning this communication or earlier communications from the examiner should be directed to MAYASA SHAAWAT whose telephone number is (571)272-3939.  The examiner can normally be reached on M-F, 8 AM TO 5 PM. 
If attempts to reach the examiner by telephone are unsuccessful, the examiner's supervisor, JEFFREY PWU can be reached on (571)272-6789. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/MAYASA SHAAWAT/
Examiner, Art Unit 2433

/JEFFREY C PWU/Supervisory Patent Examiner, Art Unit 2433