DETAILED ACTION
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
This is in response to Application with case number 16/489,692, filed on 8/28/2018 in which claims 1-19 are presented for examination.
Status of Claims
	Claims 1-19 are pending, of which claims 1, 5, 9, 13, 18, and 19 are in independent form.
Specification
The examiner notes that the Specification does not include any URL links and Trademark terms requiring capitalization.
The examiner notes that the abstract is in narrative form and is limited to a single paragraph on a separate sheet within the range of 50 to 150 words in length. The examiner also notes that Abstract includes no legal phraseology.
Priority
Applicant’s claim for the benefit of priority based on Chinese Patent Application CN201710116619.2 filed on 2/28/2017 is acknowledged. 
IDS
References cited in the IDS filed on 8/28/2019 have been considered by the examiner.
Allowable Subject Matter
Claims 2, 6, 10, and 14 are objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims.
The following is a statement of reasons for the indication of allowable subject matter:
The prior arts of record and further search does not explicitly teach or suggest the following limitations in claims 2, 6, 10 and 14 - wherein before the hardware security module entitlement management message and the encrypted control word transmitted from the main chip are received, the method further comprises: receiving an activation message transmitted from the main chip, wherein the activation message comprises at least one of: a pairing key, the re-encryption key and the hardware security module root key; storing the re-encryption key and the hardware security module root key, and establishing a security authentication channel between the hardware security module and the main chip based on the pairing key; wherein the hardware security module entitlement management message and the encrypted control word transmitted from the main chip are received through the security authentication channel; and the reencrypted control word is transmitted to the main chip through the security authentication channel.
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
Claim(s) 1, 5, 7, 9, 13, 15, 18, and 19 is/are rejected under 35 U.S.C. 103 as being unpatentable over Yu Bin et al (CN 102082971 A1) hereinafter Yu, in view of Li Dong et al. (CN 101924907 A) hereinafter Li. 
As to claim 1, Yu teaches a method for protecting an encrypted control word, comprising: 
	receiving a hardware security module entitlement management message and an encrypted control word transmitted from a main chip (see para. [0030]-[0035]. It is noted that STB software transmits ECM and EMM data packets to a CA security reception entitle module 130 by means of a hardware interface. The examiner views CA security reception entitle module as equivalent to the hardware security module receiving the HSM EMM.) , wherein the hardware security module entitlement management message comprises a key for decrypting the encrypted control word (see para. [0030]-[0035], e.g. SK key obtained from the HSM EMM); reencrypting, based on a re-encryption key stored in the hardware security module, the control word to obtain a reencrypted control word; and transmitting the reencrypted control word to the main chip, so that the main chip decrypts, based on a main chip entitlement management message transmitted from the front end, the reencrypted control word to obtain the control word, wherein the main chip entitlement management message comprises a key for decrypting the reencrypted control word (see para. [0030]-[0035]; It is noted that Yu teaches that a HSM of a terminal re-encrypts a control word and transmits the encrypted CW to a main chip, and the main chip decrypts the re-encypted control word. It is noted that in mentioning main chip decrypting the re-encrypted CW, Yu that storing of a re-encryption key in the terminal storage.)
Yu does not explicitly teach but Li teaches decrypting, based on the hardware security module entitlement management message and a hardware security module root key stored in a hardware security module, the encrypted control word to obtain a control word (see para. [0036]-[0042]). 
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention, having the teachings of Yu and Li before him or her, to modify the scheme of Yu by including Li. The suggestion/motivation for doing so would have been to further protect the control word being transported to the main chip of the terminal without exposing the control word while in transit from the HSM to the main chip.
As to claim 5, Yu teaches a method for protecting an encrypted control word, comprising: receiving an encrypted control word, a scrambled content, a main chip entitlement management message and a hardware security module entitlement management message transmitted from a front end; transmitting the hardware security module entitlement management message and the encrypted control word to a hardware security module, and reencrypts the control word based on a re-encryption key stored in the hardware security module to obtain a reencrypted control word; and receiving the reencrypted control word transmitted from the hardware security module, decrypting, based on a main chip root key derived from a main chip and the main chip entitlement management message, the reencrypted control word to obtain the control see para. [0030]-[0035], e.g. SK key obtained from the HSM EMM). 
Yu does not explicitly teach but Li teaches the following limitation - so that the hardware security module decrypts, based on the hardware security module entitlement management message and a hardware security module root key stored in the hardware security module, the encrypted control word to obtain a control word (see para. [0036]-[0042]). 
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention, having the teachings of Yu and Li before him or her, to modify the scheme of Yu by including Li. The suggestion/motivation for doing so would have been to further protect the control word being transported to the main chip of the terminal without exposing the control word while in transit from the HSM to the main chip.
As to claim 9, Yu teaches a hardware security module, applied to a downloadable conditional access system, comprising a processor and a storage device for storing computer executable instructions that when executed by the processor cause the processor to perform functions of the followings: a first reception unit configured to receive a hardware security module entitlement management message and an encrypted control word transmitted from a main chip, wherein the hardware security module entitlement management message comprises a key for decrypting the encrypted control word; a security storage area configured to store a hardware security module root key, a re-encryption key and the hardware security module entitlement see para. [0030]-[0035], e.g. SK key obtained from the HSM EMM). 
Yu does not explicitly teach but Li teaches the following limitation - a first decryption engine configured to decrypt, based on the hardware security module entitlement management message and the hardware security module root key, the encrypted control word to obtain a control word (see para. [0036]-[0042]). 
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention, having the teachings of Yu and Li before him or her, to modify the scheme of Yu by including Li. The suggestion/motivation for doing so would have been to further protect the control word being transported to the main chip of the terminal without exposing the control word while in transit from the HSM to the main chip.
As to claim 13, Yu teaches a main chip, applied to a downloadable conditional access system, comprising a processor and a storage device for storing computer executable instructions that when executed by the processor cause the processor to perform functions of the followings: a third reception unit configured to receive an see para. [0030]-[0035], e.g. SK key obtained from the HSM EMM). 
Yu does not explicitly teach but Li teaches the following limitation - so that the hardware security module decrypts, based on the hardware security module entitlement management message and a hardware security module root key stored in the hardware security module, the encrypted control word to obtain a control word (see para. [0036]-[0042]). 
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention, having the teachings of Yu and Li before him or her, to modify the scheme of Yu by including Li. The suggestion/motivation for doing so would have been to further protect the control word being transported to the 
Claim 17 includes similar limitation as claim 13 above and thus is rejected under the same rationale as claim 13.
Claim 18 includes similar limitation as claim 1 above and thus is rejected under the same rationale as claim 1.
As to claim 7, in view of claim 5, Li teaches: wherein before the reencrypted control word is decrypted, the method further comprises: deriving, based on a main chip security key and a derivation identifier, the main chip root key by using a derivation algorithm built-in the main chip (see para. [0036]-[0042]). 
As to claim 15, in view of claim 13, Li teaches wherein the processor is further caused to perform functions of the followings: a root key derivation unit configured to derive, based on a main chip security key and a derivation identifier, the main chip root key by using a derivation algorithm built-in the main chip (see para. [0036]-[0042]).
Claim(s) 3-4, 8, 11-12, 16 is/are rejected under 35 U.S.C. 103 as being unpatentable over Yu, in view of Li, and further in view of Fuller et al. (US 9,722,974 B1) hereinafter Fuller. 
As to claim 3, in view of claim 1, the combination of Yu and Li does not explicitly teach but Fuller teaches - wherein the hardware security module entitlement management message comprises a hardware security module second-level key and a hardware security module third-level key (see Fig. 3A, e.g., any other keys other than Key 0 (root key)). It is noted that KEY 2-2 is used to encrypt and/or decrypt data at node(N), that KEY 2-2 is encrypted with KEY 1-1, and that Key 1-1 is encrypted with key 0.); 
wherein decrypting, based on the hardware security module entitlement management message and a hardware security module root key stored in a hardware security module, the encrypted control word to obtain a control word comprises: decrypting, based on the hardware security module root key stored in the hardware security module, the hardware security module second-level key and the hardware security module third-level key, the encrypted control word level by level to obtain the control word (see col. 12, lines 19-33 “As an example, key 0 is used to encrypt key 1-1, key 1-2, and key 1-3. Key 1-1 is then used to encrypt key 2-1 and key 2-2. If key 2-1 and key 2-2 are exhausted (e.g., compromised, use limit exceeded, etc.), Tier(2) may add an additional encryption key. The additional encryption key could be encrypted by key 1-1 if key 1-1 is not exhausted as well. For illustrative purposes, key 1-1, key 2-1, and key 2-2 are all exhausted. Thus, Tier(2) may add an additional encryption key, key 2-3, when an encrypt operation is pending. However, key 2-3 may be encrypted by key 1-2 instead of key 1-1 because key 1-2 is the next available encryption key in Tier(1). Thus, if key 2-3 is to be used to encrypt data received from a requesting device, such as the requesting device 105, key 1-2 can be used to decrypt key 2-3 and key 0 can be used to decrypt key 1-2.”).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention, having the teachings of Yu, Li and Fuller before him or her, to modify the scheme of Yu and Li by including Fuller’s automated  efficiently minimize data integrity breakdown on data that have been protected by encryption with multi-tiers of encryption keys via multi-tiered encryption system, as briefly discussed in Fuller, col. 2, lines 2-62.
As to claim 4, in view of claim 1, the combination of Yu and Li does not explicitly teach but Fuller teaches  - receiving a key refreshing instruction transmitted from the main chip, updating and storing the hardware security module entitlement management message, the hardware security module root key and the re-encryption key (see col. 12, lines 34-50 “In an embodiment, the node(N) 130 (and specifically the re-encryption service module 132) receives a re-encryption operation request from the requesting device 105 when the graph structure 350 is as illustrated in FIG. 3B. The request may include the data encrypted using key 2-2 and a logical encryption key that identifies the key 2-2. Accordingly, the re-encryption service module 132 may decrypt the encrypted data using the key 2-2 (though the key 2-2 is exhausted, the key 2-2 may still be used for decrypt operations). Given that the key 2-2 is exhausted, the re-encryption service module 132 may use the next available literal encryption key, key 2-3 to encrypt the decrypted data. Thus, the re-encryption service module 132 encrypts the decrypted data using the key 2-3, associates the logical encryption key with the key 2-3 in place of the key 2-2, and transmits the data encrypted using the key 2-3 along with an updated logical encryption key to the requesting device 105.”). 
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention, having the teachings of Yu, Li and Fuller  efficiently minimize data integrity breakdown on data that have been protected by encryption with multi-tiers of encryption keys via multi-tiered encryption system, as briefly discussed in Fuller, col. 2, lines 2-62.
As to claim 8, in view of claim 5, the combination of Yu and Li does not explicitly teach but Fuller teaches - wherein the main chip entitlement management message comprises a main chip second-level key and a main chip third-level key; wherein decrypting, based on a main chip root key derived from the main chip and the main chip entitlement management message, the reencrypted control word to obtain the control word comprises: decrypting, based on the main chip root key, the main chip second-level key and the main chip third-level key, the reencrypted control word level by level to obtain the control word, wherein the main chip third-level key corresponds to the re-encryption key (see col. 12, lines 19-33 “As an example, key 0 is used to encrypt key 1-1, key 1-2, and key 1-3. Key 1-1 is then used to encrypt key 2-1 and key 2-2. If key 2-1 and key 2-2 are exhausted (e.g., compromised, use limit exceeded, etc.), Tier(2) may add an additional encryption key. The additional encryption key could be encrypted by key 1-1 if key 1-1 is not exhausted as well. For illustrative purposes, key 1-1, key 2-1, and key 2-2 are all exhausted. Thus, Tier(2) may add an additional encryption key, key 2-3, when an encrypt operation is pending. However, key 2-3 may be encrypted by key 1-2 instead of key 1-1 because key 1-2 is the next available encryption key in Tier(1). Thus, if key 2-3 is to be used to encrypt data received from a requesting device, such as the requesting device 105, key 1-2 can be used to decrypt key 2-3 and key 0 can be used to decrypt key 1-2.”).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention, having the teachings of Yu, Li and Fuller before him or her, to modify the scheme of Yu and Li by including Fuller’s automated data re-encryption process in multi-tiered encryption system. The suggestion/motivation for doing so would have been to efficiently minimize data integrity breakdown on data that have been protected by encryption with multi-tiers of encryption keys via multi-tiered encryption system, as briefly discussed in Fuller, col. 2, lines 2-62.
As to claim 11, in view of claim 9,the combination of Yu and Li does not explicitly teach but Fuller teaches wherein the hardware security module entitlement management message comprises a hardware security module second-level key and a hardware security module third-level key; wherein the first decryption engine is configured to: decrypt, based on the hardware security module root key stored in the hardware security module, the hardware security module second-level key and the hardware security module third-level key, the encrypted control word level by level to obtain the control word (see col. 12, lines 19-33 “As an example, key 0 is used to encrypt key 1-1, key 1-2, and key 1-3. Key 1-1 is then used to encrypt key 2-1 and key 2-2. If key 2-1 and key 2-2 are exhausted (e.g., compromised, use limit exceeded, etc.), Tier(2) may add an additional encryption key. The additional encryption key could be encrypted by key 1-1 if key 1-1 is not exhausted as well. For illustrative purposes, key 1-1, key 2-1, and key 2-2 are all exhausted. Thus, Tier(2) may add an additional encryption key, key 2-3, when an encrypt operation is pending. However, key 2-3 may be encrypted by key 1-2 instead of key 1-1 because key 1-2 is the next available encryption key in Tier(1). Thus, if key 2-3 is to be used to encrypt data received from a requesting device, such as the requesting device 105, key 1-2 can be used to decrypt key 2-3 and key 0 can be used to decrypt key 1-2.”).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention, having the teachings of Yu, Li and Fuller before him or her, to modify the scheme of Yu and Li by including Fuller’s automated data re-encryption process in multi-tiered encryption system. The suggestion/motivation for doing so would have been to efficiently minimize data integrity breakdown on data that have been protected by encryption with multi-tiers of encryption keys via multi-tiered encryption system, as briefly discussed in Fuller, col. 2, lines 2-62.
As to claim 12, in view of claim 9, the combination of Yu and Li does not explicitly teach but Fuller teaches wherein the processor is further caused to perform functions of the followings: an updating unit configured to receive a key refreshing instruction transmitted from the main chip, and update the hardware security module entitlement management message, the hardware security module root key and the re-encryption key; wherein the security storage area is further configured to store the updated hardware security module entitlement management message, the updated hardware security module root key and the updated re-encryption key (see col. 12, lines 34-50 “In an embodiment, the node(N) 130 (and specifically the re-encryption service module 132) receives a re-encryption operation request from the requesting device 105 when the graph structure 350 is as illustrated in FIG. 3B. The request may include the data encrypted using key 2-2 and a logical encryption key that identifies the key 2-2. Accordingly, the re-encryption service module 132 may decrypt the encrypted data using the key 2-2 (though the key 2-2 is exhausted, the key 2-2 may still be used for decrypt operations). Given that the key 2-2 is exhausted, the re-encryption service module 132 may use the next available literal encryption key, key 2-3 to encrypt the decrypted data. Thus, the re-encryption service module 132 encrypts the decrypted data using the key 2-3, associates the logical encryption key with the key 2-3 in place of the key 2-2, and transmits the data encrypted using the key 2-3 along with an updated logical encryption key to the requesting device 105.”). 
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention, having the teachings of Yu, Li and Fuller before him or her, to modify the scheme of Yu and Li by including Fuller’s automated data re-encryption process in multi-tiered encryption system. The suggestion/motivation for doing so would have been to efficiently minimize data integrity breakdown on data that have been protected by encryption with multi-tiers of encryption keys via multi-tiered encryption system, as briefly discussed in Fuller, col. 2, lines 2-62.
As to claim 16, claim 16 includes similar limitations as claim 3 and thus claim 16 is rejected under the same rationale as in claim 3.



Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to HEE K SONG whose telephone number is (571)270-3260. The examiner can normally be reached on M-F 9:00 am – 5:00 pm. 
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Eleni Shiferaw can be reached on (571)272-3867 .  The fax phone number for the organization where this application or proceeding is assigned is 571-273-7291.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.


/HEE K SONG/Examiner, Art Unit 2497