DETAILED ACTION
This Non Final Office Action is in response to Application filed on 09/24/2020.
Claims 1-20 filed on 09/24/2020 are being considered on the merits.

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Drawings
The drawings filed on 09/24/2020 are accepted.

Information Disclosure Statement
The information disclosure statements (IDS) submitted on 12/18/20200 have been considered. The submission is in compliance with the provisions of 37 CFR 1.97.  Accordingly an initialed and dated copy of Applicant's IDS form 1449 filed 12/18/20200 are attached to the instant Office action. 

Claim Objections
Claims 3, 9, 12 objected to because of the following informalities:  
Claim 3 recites “wherein the access key is created generated 30based at least in part”, examiner recommends replacing the above excerpt with “wherein the access key is created 
claims 9 and 12 recite “the gateway” there is insufficient antecedent bases for “the gateway”, which is recited in the disclosure* of the instant application in claim 7 and [0011, 0013, 0016, 0020]. For examination purpose, “the gateway” is interpreted as “a gateway”
Appropriate correction is required.

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459 (1966), that are applied for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.

Claims 1, 4, 9-10, 12-13 and 17 are rejected under 35 U.S.C. 103 as being unpatentable over Vasic et. al. (US 7885413 B2), hereinafter Vasic in view of Saylor et. al. (US 10257179 B1), hereinafter Saylor.
	
Regarding claim 1, Vasic teaches an electronic device (Vasic illustrates in Figure 1 a computer system (20), including Remote Computer Systems (1610) and a repository server (1620) in Figure 16), comprising: 
5a network node (Vasic Figure 16 illustrates the repository server (1620) as a network node in network nodes communicating with Remote Computer Systems (1610) as network nodes accessing repository over the network); 
an interface circuit communicatively coupled to the network node (Vasic illustrates in Figure 16, the repository server (1620) and Remote Computer Systems (1610) comprising “key exchange modules” and smart card readers for authentication and to share keys, Col. 17 line 41-56 “the repository server 1620 contains a repository key exchange module 1634 and an authentication/authorization (A/A) module 1636. The repository key exchange module 1634 enables two separate cryptographic engines to share keys. The A/A module 1636 identifies and/or authenticates users by, for example, a challenge response protocol in connection with smart cards or user name/password combinations”, where the key sharing and smart card (Col. 18, line 1-7) reading from different nodes/engines are performed through interface circuitry); 
a processor coupled to the interface circuit (Vasic discloses a processor on a general purpose computer, Col. 8 line 54-58 “Each of the key servers is a general purpose computer having various components including, for example, one or more processors, fast main memory, and persistent storage. The certificate server 46 also is a general purpose computer.” col. 24, line 14-18 further discloses the process of authentication through the smart card); and 
memory, coupled to the processor, configured to store program instructions, wherein, when executed by the processor, the program instructions cause the electronic 10device to perform operations (Vasic Col. 8 line 54-58 “Each of the key servers is a general purpose computer having various components including, for example, one or more processors, fast main memory, and persistent storage. The certificate server 46 also is a general purpose computer.” Col. 10, line 31-33 and col. 22, line 48-55 further discloses software components on the computer system in Figure 1 to be executed to perform the cryptographic process), comprising: 
(Vasic discloses that during the operations performed, a user accesses an interface to log in and thereby authenticate himself/herself to the system, where the user roles include an administrative level, i.e. administrator is logged in, col. 10 line 23-30 “…user identification and password, can be used to control access and user authentication…users have one or more roles for authorization. The role identifications can include… administrative level, and others”, col. 18 line 40-44 discloses user logging in, col. 23 line 46-49, Vasic discloses the process to encrypt data to be stored or decrypt data to be retrieved, which is based on retrieving encrypted session key (SEK) and consequently decrypting the encrypted SEK, where this process is only achieved if the user is successfully authenticated, i.e. successfully logged in, see e.g. Col. 10 line 18-25, Col. 16 line 1-57): 
receiving, at the interface circuit, a link key using a secure widget (Vasic discloses Col. 6 line 33-38 “A cryptographic method is provided for facilitating the secure storage of information. First, a key request is received for a session key from a requesting key exchange module at a remote computer system. The key request includes a hidden link. Next, the session key is accessed and encrypted based on the hidden link using a protection key.”, where the session key corresponds to the link key,
col. 17 line 15-21 “…the business application stores the encrypted information and the associated hidden link at the database server. When it becomes necessary to access the encrypted information, the encrypted information and the associated hidden link are provided to the core engine and the core engine decrypts the information for the business application if the user has sufficient rights.”, 
col. 18, line 33-39 “The remote computer system 1610 optionally uses a smart card reader 1632 and a remote key exchange module 1630 to authenticate with the A/A module 1636 of the repository server 1620 to obtain appropriate keys to encrypt and decrypt information in the media store 1620. The remote core engine 1622 performs encryption and decryption functions.”,
where the hidden link corresponds to the secure widget, examiner notes that the secure widget in the instant application is described broadly in [0008, 0042, 0065, 0102, 0109 and 0160]), 
wherein the link key facilitates secure communication via a link (Vasic discloses secure communication for secure storage of data, e.g. Figure 15 illustrates secure communication, via SSL link, as disclosed in Col. 16 line 9-12, for access to secure data, where the data is encrypted/decrypted via session key (SEK), corresponding to the link key, Col. 50-66 “Distributed application 1500 generally provides an interface to information in database server 1520 by way of application server 1510. Information at rest is protected in database server 1520 by way of SEKs provided by cryptography server 1530. When a requesting user of the distributed application 1500 interacts with business application 1542, the business application 1542 receives any necessary information from the database server 1520. Sensitive information in database store 1522 is encrypted. Accordingly, in order to use the encrypted information, the business application 1542 must decrypt the encrypted information…The business application 1542 utilizes the cryptography server 1530 by providing the cryptographic agent 1544 with data to encrypt and to decrypt and with an optional hidden link that is stored with the encrypted information in the data store 1522… the requesting user provides authentication information to business application 1542.”, Col. 17 line 22-32 “When storing information that has an associated hidden link, for example when a field in the database is modified, the business application can elect not to generate a new key. To achieve this result, the business application provides information to be encrypted in connection with the existing hidden link. When the core engine receives information to be encrypted and an existing hidden link, the engine encrypts the provided information with the SEK corresponding to the existing hidden link.”); 
creating an access key; 15generating an encrypted version of the link key based at least in part on the access key and the link key (Vasic discloses the session key is encrypted, i.e. encrypted version of the link key, using a session-key-protection key that Is created using Advanced Encryption Standard, i.e. access key created, col. 6, line 1-6 and line 15-20 “An associated key data store includes a session key encrypted with a session-key-protection key. The session key is used to encrypt and decrypt the remote data entity. The system also includes a repository key exchange module operable to exchange the session key with a remote key exchange module.”, “…the session-key-protection key is a symmetric cryptographic key…the session-key-protection key and the protection key are equivalent. The symmetric cryptographic key is optionally the triple Data Encryption Standard or the Advanced Encryption Standard.”, where the protection key stored as illustrated in Figure 19 (1902), and stores a timestamp at which the protection key is created, as disclosed in Col. 20 line 43-51), 
wherein the access key enables access to the link key based at least in part on the encrypted version of the link key (Col. 16 line 36-49 “…examining the hidden link, the a core engine 1554 can determine whether the hidden link is was generated locally or whether it is from a foreign cryptography server (not shown) by examining the cryptographic server identifier associated with the hidden link. Further, the core engine can identify the protection key with which to decrypt the encrypted SEKID in the hidden link by examining the protection key pointer contained in the hidden link. The core engine decrypts an encrypted SEKID and uses the decrypted SEKID to access the encrypted session key from a key database 1540…looking up the encrypted SEK is accomplished by querying an SEK table having SEKID as a primary relational database-key. The core engine decrypts the encrypted SEK with a corresponding protection key”, where the protection key accesses the session key by decrypting the encrypted session key); and 
storing at least two of the link key, the access key and the 20encrypted version of the link key in a trusted envelope or partition in the memory with encryption (Vasic Figure 19 illustrates: - Protection key 1902, i.e. access key, in memory stored in encrypted form, and illustrates the time/timestamp at which the protection key is created, Col. 20 line 43-51 “A protection key information table 1902 has the primary key of protection key identifier (protectionkeyid). The protection key information table 1902 contains the columns of "created," which is a time stamp, "keyblob," which is an encrypted binary representation of the protection key, and a signature which is, for example an HMAC data authenticator…the "keyblob" field is encrypted in a master key that is protected at rest by a K of M encryption scheme. ”, - Session key 1904, i.e. link key, in memory encrypted with a protection key, Col. 20 line 51-58 “session key information table 1904 is also provided. The session key information table has a primary key called "SEKID," which corresponds to an unencrypted SEKID. Accordingly, once a core engine decrypts an SEKID from a hidden link, it can identify and decrypt "keyblob" from the session key information table 1904. The session key "keyblob" is preferably encrypted with the same protection key as the SEKID.”,
Where the protection key and session key are stored in memory in encryption form and are utilized/accessed only when the user is authenticated and authorized, i.e. successful log in, as disclosed in Col. 16 line 2-6, 18-28, where the storage corresponds to trusted envelope or partition in the memory with encryption); and 
While Vasic discloses the aforementioned limitations, where a user with admin privileges is authenticated/logged-in, where a session key and protection key are stored in memory in encrypted form, are accessed in response to successful authentication, i.e. successful log-in, where part of the authentication and log-in is performed by placing a smart card into the smart card reader as disclosed in Col. 18 line 65-67 and Col. 19 line 1-5, which would indicate that when the user removing the smart card from the smart card reader, which would require another authentication, i.e. smart card to be inserted, to enable access to the session key and protection key, however, Vasic does not explicitly disclose logs out in the below limitation.
Saylor discloses when the administrator logs out, disabling access to the trusted envelope (Saylor discloses in Col. 10 line 45-59 and Col. 12 line 49-57, where when a user logging out, the certificate associated with the client device is deleted therefore, the client device is deactivated from accessing the client account, and would require another authentication, where upon log out, the certificate corresponding to the authorization information associated with the holder of the certificate is deleted, and consequently access is prevented).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Vasic to incorporate the teaching of Saylor to utilize the above feature, with the motivation of providing additional security by causing a user to perform another authentication to access their user account from the device., as recognized by (Saylor Col. 12 line 49-60).

Regarding claims 13 and 17, claims 13 and 17are directed to a non-transitory computer-readable storage medium and a method, respectively, associated with the electronic device claimed in claim 1. Claims 13 and 17 are similar in scope to claim 1, and are therefore rejected with the same rationale and motivation as claim 1. 

Regarding claim 4, Vasic in view of Saylor teaches  the electronic device of claim 3, wherein the administrator credential comprises a password (Vasic col. 10 line 23-30 “…user identification and password, can be used to control access and user authentication…users have one or more roles for authorization. The role identifications can include… administrative level, and others”, Col. 17 line 41-56 “the repository server 1620 contains a repository key exchange module 1634 and an authentication/authorization (A/A) module 1636. The repository key exchange module 1634 enables two separate cryptographic engines to share keys. The A/A module 1636 identifies and/or authenticates users by, for example, a challenge response protocol in connection with smart cards or user name/password combinations”).

Regarding claim 9, Vasic in view of Saylor teaches  the electronic device of claim 1, wherein the access request is associated with a 20second electronic device that is associated with the gateway (Vasic illustrates distributed system with plurality of remote computer systems (1610) as illustrated in Figure 17, and further illustrates in Col. 20 line 13-25, Figure 18D one user terminal (1816), through access point (1814) performing the authentication and key exchange steps, where a user requests a key for consequently access data for encryption, as disclosed in Col. 21 line 42-45 and illustrated in Figure 20, and access data by decryption in Figure 22).  

Regarding claim 10, Vasic in view of Saylor teaches the electronic device of claim 1, wherein the access key is further provided based at least in part on an authorization associated with the administrator, an identifier of the second electronic device or both (Vasic Col. 16 line 24-28 “If the requesting user is authorized to perform an instruction associated with a particular session key, the core engine 1554 determines which protection key is associated with the requested session key and decrypts the session key with its protection key.”).

Regarding claim 12, Vasic in view of Saylor teaches the electronic device of claim 1, 
wherein the gateway comprises an access point or an eNodeB (Vasic illustrates in Figure 18D (1814) an access point connecting the user mobile device (1816) capable of communicating with repository server (1806), Col. 20 line 13-25 “FIG. 18D is a schematic block diagram illustrating mobile data protection. In this embodiment, mobile computer 1816 is connected through wireless access point 1814. The mobile computer 1816, such as a personal digital assistant, contains a version of a storeless cryptographic engine that is capable of performing key exchange with repository server 1806. The mobile computer system 1816 can securely retrieve the encrypted data from data store 1802 over the public network 1810”).

Claims 2, 14 and 18 are rejected under 35 U.S.C. 103 as being unpatentable over Vasic et. al. (US 7885413 B2), hereinafter Vasic in view of Saylor et. al. (US .

Regarding claim 2, Vasic in view of Saylor teaches  the electronic device of claim 1, wherein the operations comprise storing 25metadata with the link key, the access key and the encrypted version of the link key in the trusted envelope; and wherein the metadata specifies when the access key was created [and how long it is valid or when the access key expires] (Vasic illustrates in Figure 19 – protection key storage with associated information (1902), where the protection key information/metadata indicates when the protection key was created, Col. 20 line 43-51 “A protection key information table 1902 has the primary key of protection key identifier (protectionkeyid). The protection key information table 1902 contains the columns of "created," which is a time stamp, "keyblob," which is an encrypted binary representation of the protection key, and a signature which is, for example an HMAC data authenticator…the "keyblob" field is encrypted in a master key that is protected at rest by a K of M encryption scheme. ”, similarly, Figure 19 (1904) illustrates the encrypted session key, i.e. encrypted version of the link key, stored with its associated information/metadata, as further disclosed in Col. 20 line 51-58, Col. 12 line 28-30 discloses assigning expiration time information/metadata associated with the session key SEK such that the SEK is renewed when the set time expired).  
Vasic in view of Saylor do not disclose the below limitations.
how long the access key is valid or when the access key expires (Belenky discloses period keys, i.e. access keys, which encrypts session keys, i.e. link keys, are periodically generated, indicating that the system is keeping track of time to when to generate the period keys, Abstract and Page 2 line 13-15, 19-21, 29-32  “…encrypting at least one of the plurality of session keys generated in the first device according to a second of the two period keys included in the first secure hardware… encrypting at least one of the plurality of session keys generated in the second device according to a first of the two period keys included in the second secure hardware… wherein the at least two period keys included in the first device and the at least two period keys included in the second device are periodically regenerated in order to produce new period keys, thereby rendering useless any session keys encrypted according to an old period key.”).
Therefore, It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Vasic in view of Saylor to incorporate the teaching of Belenky to utilize the above feature, with the motivation of securing the session keys and rendering the session keys useless when old period keys, i.e. access keys, are used, as recognized by (Belenky Page 2 line 29-32).

Regarding claims 14 and 18, claims 14 and 18 are directed to a non-transitory computer-readable storage medium and a method, respectively, associated with the electronic device claimed in claim 2. Claims 14 and 18 are similar in scope to claim 2, and are therefore rejected with the same rationale and motivation as claim 2.

Claims 3 and 5-6 are rejected under 35 U.S.C. 103 as being unpatentable over Vasic et. al. (US 7885413 B2) , hereinafter Vasic in view of Saylor et. al. (US 10257179 B1), hereinafter Saylor and further in view of Kassner et. al. (US 20210288804 A1) hereinafter Kassner.

Regarding claim 3, Vasic in view of Saylor teaches the electronic device of claim 1, 
Vasic in view of Saylor do not explicitly disclose the below limitation.
Kassner discloses wherein the access key is created generated 30based at least in part on an administrator login credential (Kassner discloses a password used for generating a key, i.e. access key, used for encrypting and decrypting the session key, i.e. link key, [0097] and [0105] “Processor 44 then uses the new password, which was generated by the processor, to decrypt the session key, at a session-key-decrypting step 57. (For example, the processor may generate a key from the new password, and then use this key to decrypt the session key.) Subsequently, at a session-key-re-encrypting step 58, processor 44 re-encrypts the session key using the user's previous password (or a new password that was chosen by the user during a password-changing operation).”, where the user may be a network administrator [0111] “receive the user's authentication factor from a network administrator.”).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Vasic to incorporate the teaching of 
  
Regarding claim 5, Vasic in view of Saylor teaches the electronic device of claim 1, 
Vasic in view of Saylor do not explicitly disclose the below limitation.
Kassner discloses wherein the access key is a random or a pseudorandom number (Kassner discloses a password used for generating a key, i.e. access key, used for encrypting and decrypting the session key, i.e. link key, [0105] “Processor 44 then uses the new password, which was generated by the processor, to decrypt the session key, at a session-key-decrypting step 57. (For example, the processor may generate a key from the new password, and then use this key to decrypt the session key.) Subsequently, at a session-key-re-encrypting step 58, processor 44 re-encrypts the session key using the user's previous password (or a new password that was chosen by the user during a password-changing operation).”, [0097] “This password may be generated from one or more authentication factors provided by the user (including the user's current password), and/or may include a randomly-generated sequence of characters.”, where the password used for generating the key is randomly generated, therefore, the key, i.e. access key, is randomly generated).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Vasic to incorporate the teaching of 

Regarding claim 56, Vasic in view of Saylor teaches the electronic device of claim 1, 
Vasic in view of Saylor do not explicitly disclose the below limitation.
Kassner discloses wherein the access key is created based at least in part on a policy or privilege associated with the administrator (Kassner discloses a password used for generating a key, i.e. access key, used for encrypting and decrypting the session key, i.e. link key, [0105] “Processor 44 then uses the new password, which was generated by the processor, to decrypt the session key, at a session-key-decrypting step 57. (For example, the processor may generate a key from the new password, and then use this key to decrypt the session key.) Subsequently, at a session-key-re-encrypting step 58, processor 44 re-encrypts the session key using the user's previous password (or a new password that was chosen by the user during a password-changing operation).”, where the user may be a network administrator [0111] “ receive the user's authentication factor from a network administrator.”, where the password to create the key is generated based on authentication factors, associated with and to assert privileges, provided by user/administrator).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Vasic to incorporate the teaching of .
  	
Claims 7-8, 15-16 and 19-20 are rejected under 35 U.S.C. 103 as being unpatentable over Vasic et. al. (US 7885413 B2), hereinafter Vasic in view of Saylor et. al. (US 10257179 B1), hereinafter Saylor and further in view of Dangooret. al. (US 8375207 B2) hereinafter Dangoor and Pedersen et. al. (US 20170180419 A1), hereinafter Pedersen.
Regarding claim 7, Vasic in view of Saylor teaches the electronic device of claim 1, wherein the operations comprise: 
when the administrator logs in: re-enabling access to the trusted envelope (Vasic discloses col. 10 line 23-30 a user with admin privileges is authenticated/logged-in, where a session key and protection key are stored in memory in encrypted form as illustrated in Figure 19, Col. 20 line 43-58, are accessed in response to successful authentication, i.e. successful log-in, as disclosed in Col. 16 line 2-6 and 36-49, where authentication and log-in is first performed by placing a smart card into the smart card reader as disclosed in Col. 18 line 65-67 and Col. 19 line 1-5, where the access is always re-enabled whenever the user/administrator is authenticated, i.e. logged-in, and the smart card is placed in the smart card reader. Col. 13 line 57-67 and Col. 14 line 1-13 discloses an example of doctor creating and editing the private information and decides who to grant access, where the doctor creating the private information can always access the created private information, i.e. re-enabling access).
Vasic does not disclose the administrator logging out.
Saylor discloses when the administrator logs out, disabling access to the trusted envelope (Saylor discloses in Col. 10 line 45-59 and Col. 12 line 49-57, where when a user logging out, the certificate associated with the client device is deleted therefore, the client device is deactivated from accessing the client account, and would require another authentication, where upon log out, the certificate corresponding to the authorization information associated with the holder of the certificate is deleted, and consequently access is prevented).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Vasic to incorporate the teaching of Saylor to utilize the above feature, with the motivation of providing additional security by causing a user to perform another authentication to access their user account from the device., as recognized by (Saylor Col. 12 line 49-60).
Vasic in view of Saylor do not disclose the below limitations.
Dangoor discloses  10when the electronic device receives information that indicates that a gateway has joined a network, providing, from the interface circuit, the encrypted version of the link key addressed to the gateway (Dangoor illustrates in Figure 4 joining device 415, i.e. gateway, sending information to the trust center 405, i.e. electronic device, indicating the joining device joining the network, accordingly, the trust centre, after mutual authentication sends secured/encrypted network key, i.e. the encrypted version of the link key, to the joining device for encryption/decryption of network traffic,
Col. 5 line 36-40 “The message sequence chart 400 starts following the joining (unauthenticated) of a communication device 415 to the network. For example, if the joining communication device 415 joined the network by communicating directly with the trust centre 405”, 
Col. 5 line 53-61 “The trust centre 405 begins the authentication process by deciding 420 whether to accept the joining communication device 415 into the network. The decision to accept the joining communication device 415 may be based on various factors, such as whether the trust centre 405 is in a mode that allows new devices to join, whether the joining communication device 415 is eligible, for example, as identified by an address of the joining communication device 415, to join the network, etc.”, 
Col. 6 line 64-67 “Once the symmetric-key key establishment 445 has been performed, the trust centre 405 may send a secured transport-key command 450 comprising a network key. In this manner, the trust centre 405 is able to provide a network key, for example for encrypting/decrypting broadcast traffic throughout the network, etc., without the need to transmit a master key in an unsecured manner.”).

Vasic in view of Saylor and Dangoor do not disclose the below limitations.
Pedersen discloses when the electronic device receives, at the interface circuit and associated with the gateway, an access request for the access key, providing, from the 15interface circuit, the access key addressed to the gateway (Pedersen illustrates in Figure 3A when the server 111, i.e. electronic device, receives through its interface a request (304) from the client 110, i.e. gateway, the server 111 provides the gateway a key, i.e. access key, used for decrypting the encrypted session key, i.e. link key, at the client device, [0095] “The hearing device 101 sends to the client device 110 a session response 302 comprising the encrypted session key (i.e. link key)…The client device 110 receiving the session response 302 may request 304 the server device 111 to decrypt the encrypted session key comprised in the session response 302, or to decrypt the encrypted session response 302. Based on the request 304, the server device 111 may send the decrypted session key in a response 305 to the client device 110. This may be when the hearing device key used at the hearing device 101 is a public key of a private-public key pair of the server 101. When the hearing device key is a symmetric key, the server device 111 may send the decrypted session key in a response 305 to the client device 110 or send the hearing device key (i.e. access key) in the response 305 to the client device 110 which is then capable of decrypting the session key”).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Vasic in view of Saylor and Dangoor to incorporate the teaching of Pedersen to utilize the above feature, with the motivation of circumventing attacks and preserve the functionality of the devices, e.g. hearing device, as recognized by (Pedersen [0003]).

Regarding claims 15 and 19, claims 15 and 19 are directed to a non-transitory computer-readable storage medium and a method, respectively, associated with the electronic device claimed in claim 7. Claims 15 and 19 are similar in scope to claim 7, and are therefore rejected with the same rationale and motivation as claim 7. 

Regarding claim 8, Vasic in view of Saylor, Dangoor and Pedersen teaches the electronic device of claim 7, 
Vasic in view of Saylor and Dangoor do not disclose the below limitations.
Pedersen discloses wherein the encrypted version of the link key and the access key are provided using different communication channels (Pedersen illustrates in Figure 3A the encrypted session key, i.e. encrypted link key, provided to the client 110 from the hearing device 101 through a response (302), while the key used for decrypting the encrypted session key, i.e. access key, provided to the client 101 from the server 111 through a response (305), where (302) and (305) a responses provided from different devices, i.e. different channel responses, as disclosed in [0095]).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Vasic in view of Saylor and Dangoor to incorporate the teaching of Pedersen to utilize the above feature, with the motivation of circumventing attacks and preserve the functionality of the devices, e.g. hearing device, as recognized by (Pedersen [0003]).
 
Regarding Claims 16 and 20, claims 16 and 20 are directed to a non-transitory computer-readable storage medium and a method, respectively, associated with the electronic device claimed in claim 8. Claims 16 and 20 are similar in scope to claim 8, and are therefore rejected with the same rationale and motivation as claim 8.

Claims 11 is rejected under 35 U.S.C. 103 as being unpatentable over Vasic et. al. (US 7885413 B2), hereinafter Vasic in view of Saylor et. al. (US 10257179 B1), hereinafter Saylor and further in view of Yang et. al. (US 20190034235 A1) hereinafter Yang.

Regarding claim 11, Vasic in view of Saylor teaches the electronic device of claim 1, 
Vasic in view of Saylor do not disclose the link to be associated with a ZigBee.
Yang discloses wherein the link is associated with a ZigBee 25communication protocol (Yang Figure 1 and [0047] “Gateways 116 can also be utilized to extend the geographical reach of edge resources 110 with short-range, proprietary, or otherwise limited communication capabilities, such as IoT devices 114 with Bluetooth or ZigBee communication capabilities. For example, gateways 116 can serve as intermediaries between IoT devices 114 and remote networks or services, by providing a front-haul to the IoT devices 114 using their native communication capabilities (e.g., Bluetooth, ZigBee), and providing a back-haul to other networks 150 and/or cloud resources 130…”).  
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Vasic to incorporate the teaching of Yang to utilize the above feature, using any one of finite number of communication protocols to link devices with limited communication capabilities with cloud resources, as recognized by (Yang [0047, 0049]).

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure:
Shanks (US 20190182038 A1) discloses systems and methods for selective access to logs, where a computing system encrypt symmetric keys for accessing logs utilizing respective consumers’ public keys.
Basin (US 20170126642 A1) discloses systems and methods for smart key information management where an encrypted master key may be present at the time a smart key is created, an encrypted master key holds the master key used by an 
Douceur (US 20100318786 A1) discloses trusted hardware component for distributed systems, where trusted administrator  encrypts a copy of the symmetric key  (1)-(N) with each public key of each trusted hardware component 112(1)-(N), and sending the encrypted symmetric keys to computing devices.
Mittal (US 20100325732 A1) discloses managing keys for encrypted shared documents, where a key administrator receives a request for a change in group membership. If the request involves adding a member, the key administrator encrypts a group symmetric key with a new member public key. If the request involves removing a group member, the key administrator accesses and removes a group symmetric key encrypted with the ex-members public key.

Any inquiry concerning this communication or earlier communications from the examiner should be directed to BASSAM A NOAMAN whose telephone number is (571)272-2705. The examiner can normally be reached Monday-Friday 8:30 AM-5:00PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Eleni A. Shiferaw can be reached on (571) 272-3867. The fax phone 
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/BASSAM A NOAMAN/Examiner, Art Unit 2497