Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Claims 1-12 and 15-22 are pending 
Claims 13-14 are canceled. 

Priority
2.	Application 16955129, filed 06/18/2020 is a national stage entry of PCT/CN2018/117234 , International Filing Date: 11/23/2018 claims foreign priority to 201711366204.7 , filed 12/18/2017 claims foreign priority to 201711366203.2 , filed 12/18/2017. Thus, the effective filing date of applicant’s claimed invention is 20/18/2017. 


Drawings
3.	Applicant’s drawings filed on 06/18/2020 has been inspected and it is compliance with MPEP 608.02.

Specification
4.	The specification filed on 06/18/2020 is acceptable for examination proceedings.

Information Disclosure Statement
5.	The information disclosure statement (IDS) submitted on 10/27/2021, 05/20/2021, 03/01/2021, 06/18/2020 and 10/12/2020.  The submission is in compliance with the provisions of 37 CFR 1.97.  Accordingly, the information disclosure statement is being considered by the examiner.

Internet Communications
6. 	Applicant is encouraged to submit a written authorization for Internet communications (PTO/SB/439,
http://www.uspto.gov/sites/defauit/files/documents/sb0439.pdf) in the instant patent application to authorize the examiner to communicate with the applicant via email. The authorization will allow the examiner to better practice compact prosecution. The written authorization can be submitted via one of the following methods only. (1) Central Fax which can be found in the Conclusion section of this Office action; (2) regular postal mail; (3) EFS WEB; or (4) the service window on the Alexandria campus. EFS web is the recommended way to submit the form since this allows the form to be entered into the file wrapper within the same day (system dependent). Written authorization submitted via other methods, such as direct fax to the examiner or email, will not be accepted. See MPEP § 502.03. 
Claim Rejections – 35 USC §103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  

The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains.  Patentability shall not be negated by the manner in which the invention was made.

7.	Claims 1-3, 11-12, 15-18 and 20-22 are rejected under 35 U.S.C. 103 as being unpatentable over Tucker et al. (US Pub. No. US 2016/0306750 A1, hereinafter refer as to Tucker) in view of Kitani (US Pub. No. US 2005/0198529 A1, hereinafter refer as to Kitani).

Tucker provide a system may encrypt the contents of a memory using an encryption key that is generated based on an entropy-based key derivation function. The system may generate a random value as a key split associated with an instance of writing data to memory. The system may generate an encryption key for encrypting the data using an entropy-based key derivation function based at least in part on the key split. The system may encrypt the 

Kitani provide the apparatus has a CPU executing data processing in accordance with various programs e.g. authentication processing programs. A ROM has a storage region for programs and parameters. An input/output I/F inputs and outputs digital signals. The apparatus has a recording medium e.g. hard disc and a drive for driving the medium and inputting and outputting data recording/playback signals.

As per claim 1, Tucker discloses a method of encrypted storage of data, applied to a client having an application (APP) installed thereon (para. 0018 discloses Memory 14 is configured to store data in encrypted form, for example), the method comprising: encrypting data of a target field by using a first encryption key according to a first risk control level corresponding to the target field to obtain first encrypted data (para. 0005 and para. 0028 discloses a unique key split can be generated for each data write to memory, and an encryption key for writing the data to memory can be non-linearly generated based on the key split associated with the data write. As a result, the encryption key may be generated using multiple levels of entropy, and the encryption key used to encrypt data that is stored to memory is unique and specific not only to a memory location in memory but is also unique to the specific instance of writing of the data to memory, for example); and dividing the first encrypted data into ni portions, and respectively storing the portions in ni media of the client, wherein ni is a natural number greater than 1(fig. 1 depicted encryption algorithm with which control system 2 encrypts data stored by memory 14 results in a unique encryption key for each instance of a data write to memory 14, such that control system 2 generates unique encryption keys for data writes to different memory locations and generates unique encryption keys even for each instance of writing data to the same memory location of memory 14 … the adversary must determine multiple encryption keys in order to decrypt data stored at more than one location of memory 14, and the adversary must also determine multiple encryption keys for the same memory location of memory 14 if data is written to a memory location of memory 14 multiple times, for example).

Tucker failed to explicitly discloses dividing the first encrypted data into ni portions and a first risk control level corresponding to the target field to obtain first encrypted data.

However, Kitani discloses dividing the first encrypted data into ni portions  (fig. 6 furthermore para. 0096 discloses the encrypted content 111 is divided into prescribed units, and stored in the data storage region 101 of the information recording medium 100 in an encrypted state encrypted by the application of unit keys corresponding to each unit, for example) and a first risk control level corresponding to the target field to obtain first encrypted data (para. 0103 discloses details of the recording configuration of the encrypted content 111 stored in the information recording medium 100 is described in detail with reference to fig. 7 to fig. 9. fig. 7(a) is a recording structure for data stored in an information recording medium. Eighteen bytes of user control data (UCD: User Control Data) and 2048 bytes of user data (User Data) containing data for actual AV content and the like is configured as data for a single sector, for example).

Tucker and Kitani are analogous art because they both are directed to Information processing apparatus and one of ordinary skill in the art would have had a reasonable expectation of success to modify Tucker with the specified features of Kitani because they are from the same field of endeavor.

Therefore, it would have been obvious to one ordinary skilled in the art before the effective filing date of applicant’s claimed invention to combine the teachings of Kitani with the teaching of Tucker in order for the apparatus effectively eliminates an illegal acquisition of content through connection or an illegal application [Kitani: para. 0002]. 

As per claim 2, Tucker as modified by Kitani discloses wherein the method further comprises: generating the first encryption key based on a preset algorithm (para. 0027 of Tucker discloses the encryption algorithm implemented by system 2 to encrypt the contents of memory 14, for example); and dividing the first encryption key into mi portions, and respectively storing the portions in mi media of the client, wherein mi is a natural number greater than 1 (para. 0028 Of Tucker discloses control system 2 generates unique encryption keys for data writes to different memory locations and generates unique encryption keys even for each instance of writing data to the same memory location of memory 14. As a result, the adversary must determine multiple encryption keys in order to decrypt data stored at more than one location of memory 14, and the adversary must also determine multiple encryption keys for the same memory location of memory 14 if data is written to a memory location of memory 14 multiple times, for example). 

As per claim 3, Tucker as modified by Kitani discloses wherein dividing the first encrypted data into the ni portions, and respectively storing the portions in the ni media according to the first risk control level corresponding to the target field comprises: acquiring the first risk control level corresponding to the target field (para. 0103 of Kitani discloses details of the recording configuration of the encrypted content 111 stored in the information recording medium 100 is described in detail with reference to fig. 7 to fig. 9. fig. 7(a) is a recording structure for data stored in an information recording medium. Eighteen bytes of user control data (UCD: User Control Data) and 2048 bytes of user data (User Data) containing data for actual AV content and the like is configured as data for a single sector, for example).; dividing the first encrypted data into the ni portions according to the first risk control level; and respectively storing the ni portions of the first encrypted data in the ni media (figs. 7(b), fig 10 of Kitani depicted shown in fig. 1 is, for example, a DVD video disc. A secured disc key 11, secured title key 12 corresponding to the title of the content stored on the information recording medium 10, for example and furthermore  paras. 0011-0015, 0104, for example).
The same motivational statement applies as set forth above in claim 1. 

As per claim 11, Tucker as modified by Kitani discloses wherein the ni media are any combination selected from media indicated by the following identifiers: a key chain (KeyChain), a file folder (File), and user defaults (UserDefaults) (para. 0023 of Kitani discloses a management center issues a revoke list (CRL: Certificate Revocation List) listing identifiers (IDs) of invalidated public key certificates, for example). 
The same motivational statement applies as set forth above in claim 1. 

As per claims 12 and 15, Tucker discloses a method of encrypted storage of data, applied to a client having an application (APP) installed thereon (para. 0018 discloses Memory 14 is configured to store data in encrypted form, for example), the method comprising: generating an encryption key based on a preset algorithm (para. 0015 discloses an encryption algorithm for--establishing the confidentiality of data stored by a memory, based on a cryptographic key to protect the data against authorized access, for example) ; dividing the encryption key into m portions, and respectively storing the portions in m media of the client, wherein m is a natural number greater than 1 (fig. 1 of Tucker depicted encryption algorithm with which control system 2 encrypts data stored by memory 14 results in a unique encryption key for each instance of a data write to memory 14, such that control system 2 generates unique encryption keys for data writes to different memory locations and generates unique encryption keys even for each instance of writing data to the same memory location of memory 14 … the adversary must determine multiple encryption keys in order to decrypt data stored at more than one location of memory 14, and the adversary must also determine multiple encryption keys for the same memory location of memory 14 if data is written to a memory location of memory 14 multiple times, for example); encrypting target data by using the encryption key to obtain encrypted data; and storing the encrypted data (para. 0005 discloses the encryption key may be generated using multiple levels of entropy, and the encryption key used to encrypt data, for example and para. 0028 discloses a unique key split can be generated for each data write to memory, and an encryption key for writing the data to memory can be non-linearly generated based on the key split associated with the data write. As a result, the encryption key may be generated using multiple levels of entropy, and the encryption key used to encrypt data that is stored to memory is unique and specific not only to a memory location in memory but is also unique to the specific instance of writing of the data to memory, for example

Tucker failed to explicitly discloses dividing the first encrypted data into ni portions.

However, Kitani discloses dividing the first encrypted data into ni portions   (fig. 6 furthermore para. 0096 discloses the encrypted content 111 is divided into prescribed units, and stored in the data storage region 101 of the information recording medium 100 in an encrypted state encrypted by the application of unit keys corresponding to each unit, for example).

Tucker and Kitani are analogous art because they both are directed to Information processing apparatus and one of ordinary skill in the art would have had a reasonable expectation of success to modify Tucker with the specified features of Kitani because they are from the same field of endeavor.

Kitani: para. 0002]. 

As per claim 16, Tucker as modified by Kitani discloses a computing device, comprising: a processor; and a storage medium, storing instructions executable by the processor (para. 0046 of Kitani discloses in the authentication processing, the data processor verifies device type of an authentication counterpart based on data stored in a public key certificate held by the authentication counterpart, for example), wherein by executing the instructions, the processor is caused to : encrypt data of a target field by using a first encryption key according to a first risk control level corresponding to the target field to obtain first encrypted data; and divide the first encrypted data into ni portions, and respectively store the portions in ni media of a client, wherein ni is a natural number greater than 1(fig. 1 of Tucker depicted encryption algorithm with which control system 2 encrypts data stored by memory 14 results in a unique encryption key for each instance of a data write to memory 14, such that control system 2 generates unique encryption keys for data writes to different memory locations and generates unique encryption keys even for each instance of writing data to the same memory location of memory 14, for example).
The same motivational statement applies as set forth above in claim 12

As per claim 17, Tucker as modified by Kitani discloses wherein the processor is further caused to: generate the first encryption key based on a preset algorithm (para. 0027 of Tucker discloses the encryption algorithm implemented by system 2 to encrypt the contents of memory 14, for example); and divide the first encryption key into mi portions, and respectively store the portions in mi media of the client, wherein mi is a natural number greater than 1(para. 0028 Of Tucker discloses control system 2 generates unique encryption keys for data writes to different memory locations and generates unique encryption keys even for each instance of writing data to the same memory location of memory 14. As a result, the adversary must determine multiple encryption keys in order to decrypt data stored at more than one location of memory 14, and the adversary must also determine multiple encryption keys for the same memory location of memory 14 if data is written to a memory location of memory 14 multiple times, for example).

As per claim 18, Tucker as modified by Kitani discloses wherein when dividing the first encrypted data into the ni portions, and respectively storing the portions in the ni media according to the first risk control level corresponding to the target field, the processor is caused to: acquire the first risk control level corresponding to the target field; divide the first encrypted (para. 0028 of Tucker discloses control system 2 encrypts data stored by memory 14 results in a unique encryption key for each instance of a data write to memory 14, such that control system 2 generates unique encryption keys for data writes to different memory locations and generates unique encryption keys even for each instance of writing data to the same memory location of memory 14. As a result, the adversary must determine multiple encryption keys in order to decrypt data stored at more than one location of memory 14, and the adversary must also determine multiple encryption keys for the same memory location of memory 14 if data is written to a memory location of memory 14 multiple times, for example). 

As per claim 20, Tucker as modified by Kitani discloses wherein the processor is further caused to: generate the second encryption key based on a preset algorithm; and divide the second encryption key into m2 portions, and respectively store the portions in m2 media of the client, wherein m2 is a natural number greater than 1    (para. 0028 of Tucker discloses the adversary must determine multiple encryption keys in order to decrypt data stored at more than one location of memory 14, and the adversary must also determine multiple encryption keys for the same memory location of memory 14 if data is written to a memory location of memory 14 multiple times. Indeed, even if the adversary determines one encryption key for one location of memory 14, the data stored at the location may not provide the adversary with any useful information due to its relatively small content (e.g., a single data word), and the data stored at multiple memory locations may be necessary to obtain useful information (e.g., a sufficient amount of information to reverse engineer system 1), for example). 

As per claim 21, Tucker as modified by Kitani discloses wherein when encrypting the data of the target field by using the second encryption key according to the acquired second risk control level to obtain the second encrypted data, the processor is caused to: restore the data of the target field from the first encrypted data by using the first encryption key (para. 0005 of Tucker discloses the encryption key used to encrypt data that is stored to memory is unique and specific not only to a memory location in memory but is also unique to the specific instance of writing of the data to memory, for example); encrypt the restored data of the target field by using the second encryption key according to the second risk control level to obtain the second encrypted data; and delete the first encrypted data (fig. 1 of Tucker depicted the user, processor 4, or another component can cause data stored by memory 14 and internal memory 13 to be inaccessible, such as by physical, chemical, or electrical destruction or by deletion of stored encryption keys or information necessary to determine the encryption key (e.g., a key split used to generate the encryption keys and/or decryption keys or an entropy table in key derivation module 10 that stores random values) from memory 14 or internal memory 13, for example). 

As per claim 22, Tucker as modified by Kitani discloses wherein the processor is further caused to: receive a data acquisition request for the target field; acquire the second risk control level corresponding to the target field based on the data acquisition request (para. 0050 of Kitani discloses an authentication processing method is provided including: a public key certificate acquisition step of acquiring a public key certificate held by an authentication counterpart; an information acquisition step of acquiring channel type information from data stored in the public key certificate, for example); read the second encrypted data from the media of the client according to the second risk control level; read the second encryption key from the client; and decrypt the second encrypted data by using the second encryption key to obtain target data; or return the second encrypted data and the second encryption key to the server sending the data acquisition request (fig. 1 of Tucker discloses  electrical signals transmit between memory 14 and control system 2 via one or more electrically conductive pathways (e.g., a data bus and address bus). In other examples, memory 14 and control system 2 may wirelessly communicate with each other, for example). 
The same motivational statement applies as set forth above in claim 12.

8.	Claims 4-10 and 19 are rejected under 35 U.S.C. 103 as being unpatentable over Tucker et al. (US Pub. No. US 2016/0306750 A1, hereinafter refer as to Tucker) in view of Kitani (US Pub. No. US 2005/0198529 A1, hereinafter refer as to Kitani), further in view of Peppe et al. (Pub. No.: US 2017/0163652 A1, hereinafter refer as to Peppe). 

As per claims 4, 10 and 19, Tucker as modified by Kitani discloses  all the claimed language except for wherein the method further comprises: acquiring a second risk control level sent by a server, wherein the second risk control level is different from the first risk control level; encrypting the data of the target field by using a second encryption key according to the acquired second risk control level to obtain second encrypted data; dividing the second encrypted data into n2 portions; and respectively storing the n2 portions of the second encrypted data in n2 media of the client, wherein n2 is a natural number, when the first risk control level is higher than the second risk control level, ni > n2, and when the first risk control level is lower than the second risk control level, ni < n2.

However, Peppe discloses acquiring a second risk control level sent by a server, wherein the second risk control level is different from the first risk control level; encrypting the data of the target field by using a second (para. 0075 discloses a security model (based on SDC's) is used that is secure by design via a Container Based Access Control (CBAC) technique with integrated Risk Controls, where: (i) containers are classified by data sensitivity and define processing corridors; (ii) containers may securely host multiple data pools at different risk levels; (iii) containers may dynamically re-rate themselves based on their contents; (iv) data feeds imported into containers are controlled by a risk rating (e.g., corridor on write); (v) work products extracted from containers are controlled by a risk rating (e.g., corridor on read); and (vi) container data pools can participate in overlays, for example).

Tucker as modified by Kitani and Peppe are analogous art because they both are directed to Information processing apparatus and one of ordinary skill in the art would have had a reasonable expectation of success to modify Tucker as modified by Kitani with the specified features of Peppe because they are from the same field of endeavor.

Peppe: para. 0009]. 

As per claim 5, Tucker as modified by Kitani, further modified by Peppe discloses wherein the method further comprises: generating the second encryption key based on a preset algorithm (para. 0027 of Tucker discloses the encryption algorithm implemented by system 2 to encrypt the contents of memory 14, for example); and dividing the second encryption key into m2 portions, and respectively storing the portions in m2 media of the client, wherein m2 is a natural number greater than 1 (fig. 1 of Tucker depicted encryption algorithm with which control system 2 encrypts data stored by memory 14 results in a unique encryption key for each instance of a data write to memory 14, such that control system 2 generates unique encryption keys for data writes to different memory locations and generates unique encryption keys even for each instance of writing data to the same memory location of memory 14, for example). 

As per claim 6, Tucker as modified by Kitani, further modified by Peppe discloses wherein encrypting the data of the target field by using the second encryption key according to the acquired second risk control level to obtain the (para. 0005 of Tucker discloses the encryption key used to encrypt data that is stored to memory is unique and specific not only to a memory location in memory but is also unique to the specific instance of writing of the data to memory, for example); encrypting the restored data of the target field by using the second encryption key according to the second risk control level to obtain the second encrypted data; and deleting the first encrypted data (para. 0028 of Tucker discloses the encryption key used to encrypt data that is stored to memory is unique and specific not only to a memory location in memory but is also unique to the specific instance of writing of the data to memory, for example).

As per claim 7, Tucker as modified by Kitani, further modified by Peppe discloses wherein the method further comprises: receiving a data acquisition request for the target field; acquiring the second risk control level corresponding to the target field based on the data acquisition request; reading the second encrypted data from the media of the client according to the second risk control level (fig. 1 of Tucker depicted Control system 2 includes processor 4, data buffer 6, key split generation module 8, encryption key derivation module 10 (also referred to as "key derivation module"), encryption and decryption module 12, and internal memory 13, for example); reading the second encryption key from the client; and decrypting (fig. 4 of Tucker depicted a flow diagram of an example technique for decrypting encrypted data stored in memory using a decryption key, for example).

As per claim 8, Tucker as modified by Kitani, further modified by Peppe discloses wherein reading the second encrypted data from the media of the client according to the second risk control level comprises: respectively reading the n2 portions of the second encrypted data from the n2 media of the client according to the second risk control level; and assembling the n2 portions into the complete second encrypted data (fig. 1 of Tucker depicted a block diagram illustrating an example system 1 that includes memory 14, and control system 2, which is configured to encrypt data, store (also referred to herein as "write") the encrypted data to memory 14, for example).

As per claim 9, Tucker as modified by Kitani, further modified by Peppe discloses wherein reading the second encryption key from the media of the client according to the second risk control level comprises: respectively reading the m2 portions of the second encryption key from the m2 media according to the second risk control level; and assembling the m2 portions into the complete second encryption key (fig 1 of Tucker discloses is a block diagram illustrating an example system 1 that includes memory 14, and control system 2, which is configured to encrypt data, store (also referred to herein as "write") the encrypted data to memory 14, read encrypted data stored by memory 14, and decrypt the encrypted data stored by memory 14. System 1 can be, for example, a digital electronic system. Control system 2 includes processor 4, data buffer 6, key split generation module 8, encryption key derivation module 10 (also referred to as "key derivation module"), encryption and decryption module 12, and internal memory 13, for example). 

Pertinent Art 
9.	The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.

 Yeo et al. (US 2020/0387615 A1) provide enterprises and individuals are using distributed storage systems (i.e., cloud storage services) to store data on memory overlying multiple memory locations. Many of these enterprises and individuals encrypt their data before uploading onto distributed storage system.

Durham et al. (US 2020/0125502 A1) provide tag values stored in memory are also encrypted as the data as shown herein, the memory tags themselves become dependent on the object's size and location in memory, allowing the heap manager 104 to freely assign the same tag  multiple allocations and frees), occupying the same locations in memory. In the encrypted tag scenario, each memory access for data also includes decryption and verification of the corresponding tag value stored in memory.

Cordella et al. (US 2014/0006797 A1) provide the cipher text and authentication tag are associated with a common memory location, sets of first and second encryption keys unique to respective locations in memory may be determined relatively quickly by key generation module, which may eliminate the need to store each set generated encryption keys in an internal look up table. While the random numbers used to generate the first and second encryption keys of each set may be stored, the random numbers may be less cumbersome to store and retrieve than encryption keys.
Conclusion
10.	Any inquiry concerning this communication or earlier communications from the examiner should be directed to ABIY GETACHEW whose telephone number is (571)272-6932. The examiner can normally be reached Mon.-Fri. 9:00 AM - 5:30 PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To 
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Kambiz Zand can be reached on (571) 272-3811. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





A.G.
December 3, 2021