DETAILED ACTION
This non-final office action is in response to claims 1-12 filed on 09/27/2021 for examination. Claims 1-12 are being examined and are pending.

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  

Information Disclosure Statement
The information disclosure statements (IDS) submitted on 09/27/2021 and 11/11/2021 have been considered by the examiner. 

Response to Amendment
The amendment filed September 27, 2021 has been entered. Claims 1-9 are pending in the application. Claims 10-12 are newly added. Applicant’s arguments and amendments to the disclosure have overcome each and every drawings objection previously set forth in the Non-Final Office Action mailed June 28, 2021. Further, claims 1 and 8-9 have been amended and have necessitated a new ground(s) of rejection in this Office Action. While Applicant’s amendments and arguments filed on 
Particularly, Applicant opines that the combination of Marion et al. (US20200380090) and Bitfury Group (NPL: “Bitfury: On Blockchain Auditability”, Nov. 14, 2016) fail to specifically disclose securely transferring the cryptographic key from the first secure computing component to the second secure computing component so as to provide access to the cryptographic key to the key requester via the second secure computing component. Remarks, pg. 10. However, Examiner directs Applicant to Marion at [0116-117] and [0124], wherein the server <i.e., first computing component> verifies the access rights of a requestor <i.e., second computing component> and then the server provides the decryption key to the requestor <i.e., transfers the cryptographic key from the first computing component to the second computing component>. Further, [0061] teaches that the server may be a host for the blockchain, and in [0134] and [0138] that the decryption key may be retrieved from the blockchain by the requestor <i.e., decryption key transferred from server’s blockchain to requestor>. The exchange may occur over a private communication network <i.e., secure network>. See [0052]. Accordingly, Applicant’s remarks regarding Marion failing to disclose a secure transfer of the decryption key between a first and second computing component are unpersuasive. Bitfury then discloses performing all blockchain logic in hardware security modules <i.e., secure computing components> (see pg. 28, § 4.1). It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to implement Marion with the teachings of Bitfury, utilize secure computing components, to prevent tampering by system maintainers or malicious actors (see, e.g., Bitfury at pg. 28, § 4.1).
In view of the foregoing, applicant’s arguments regarding claims 1 and 8-9 have been fully considered by are not persuasive to differentiate over the prior art.

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1-12 is/are rejected under 35 U.S.C. 103 as being unpatentable over Marion (US20200380090, Hereinafter “Marion”) in view of Bitfury Group (NPL: “Bitfury: On Blockchain Auditability”, Nov. 14, 2016, Hereinafter “Bitfury”).
Regarding claim 1, Marion teaches a computer implemented method of a first computing component to provide access to a cryptographic key ([0116] – reader 110 sends request to server for access to a decryption key; [0027-028] – server may be a user computing device), the cryptographic key being associated with the first computing component by a [[digitally signed]] record in a blockchain ([0081-083] – a token is created, which contains ownership information and the decryption key <i.e., owner’s device and decryption key become associated>; [0093-094] – the token is recorded onto the blockchain <i.e., token is a record>), wherein the blockchain is accessible via a network and includes a plurality of records validated by miner computing components ([0057-059] – new blocks added to the blockchain must be validated by the consensus peers <i.e., minors>, blockchain is accessible via network 120; [0093-094] – a plurality of tokens <i.e., records> are recorded onto the blockchain in block transactions), the method comprising: 
receiving a request from a second computing component to associate the cryptographic key with the second computing component ([0116] and [0123-125] – request is received from reader device 110 to access a decryption key), the request having associated identification information for a requester of the cryptographic key ([0116-117] – request for decryption key from reader device 110 comprises user identification information of the requestor); 
responsive to a verification of an entitlement of the requester ([0117] – the access right of the reader device 110 identification information is confirmed; [0130-0134] – reader device 110 access right <i.e., entitlement> is confirmed, and transfer/rights are added to the blockchain; [0058-059] – verified information is added to the blockchain via blocks), generating a new record for storage in the blockchain ([0117] – the access right of the reader device 110 is confirmed; [0130-0134] – reader device 110 access right <i.e., entitlement> is confirmed, and ownership transfer/rights are added to the blockchain; [0058-059] – verified information is added to the blockchain via blocks), the new record associating the cryptographic key with the second computing component and being validated by the miner components ([0117] – the access right of the reader device 110 is confirmed; [0130-0134] – reader device 110 access right of the user to access the key/digital content is confirmed, and the rights <i.e., a new record> are added to the blockchain; [0058-059] – verified information is added to the blockchain via blocks, by reaching a consensus of the verifiers <i.e., miners>); and 
further responsive to the verification ([0117] – the access right of the reader device 110 is confirmed; [0130-0134] – reader device 110 access right <i.e., entitlement> is confirmed, and transfer/rights are added to the blockchain), securely transferring the cryptographic key from the first computing component to the second computing component so as to provide access to the cryptographic key to the key requester via the second computing component ([0116-117] and [0124] –  the server <i.e., first computing component> verifies the access rights of a requestor <i.e., second computing component> and then the server provides the decryption key to the requestor <i.e., transfers the cryptographic key from the first computing component to the second computing component>; see also: [0061] – the server may be a host for the blockchain; with [0134] and [0138] – the decryption key .
While Marion discloses adding access rights to a blockchain using standard blockchain techniques (see, e.g., [0058-061], [0130-134]), Marion appears to fail to specifically disclose wherein (1) the records are digitally signed when added to the blockchain, and (2) the first computing component and second computing component are secure computing components.
However, Bitfury discloses a known system for adding information to a blockchain (abstract), wherein blockchain transactions <i.e., records> include digital signatures in the block header (see, e.g., pg. 14, para. 1: “In consensus with known validators, consensus-related data in the block header could be a set of digital signatures of the previous block belonging to more than 2/3 of validators”; see also pg. 26, 3.3.2 for detailed transaction signature process). Bitfury further discloses performing all blockchain logic in hardware security modules <i.e., secure computing components> (see pg. 28, § 4.1).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to implement Marion with the teachings of Bitfury, wherein (1) the record is digitally signed when added to the blockchain to conform to standard blockchain practice (see, e.g., Marion at [0061] with Bitfury at pg. 26, 3.3.2) and (2) wherein the first computing component and second computing component comprise secure computing components, to improve security of the system and prevent tampering by system maintainers (see, e.g., Bitfury at pg. 28, § 4.1).

Regarding claim 2, the combination of Marion and Bitfury teach the method of claim 1, wherein the new record for storage in the blockchain includes a reference to an original record for the cryptographic key such that the new record supersedes the original record to associate the cryptographic key with the second secure computing component and to disassociate the cryptographic key from first secure computing component (Marion at [0134] – a new record Bitfury at pg. 28, § 4.1 – blockchain processes may be securely performed via HSMs <i.e., secure computing components>).  It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to implement the combination of Marion and Bitfury with the teachings of Bitfury, wherein the first computing component and second computing component comprise secure computing components, to improve security of the system and prevent tampering by system maintainers (see, e.g., Bitfury at pg. 28, § 4.1).

Regarding claim 3, the combination of Marion and Bitfury teach the method of claim 1, wherein the entitlement of the requester is verified based on the identification information for the requester ([0117] – the access right of the reader device 110 is confirmed based on the requestor’s identification information; [0130-0134] – reader device 110 access right <i.e., entitlement> is confirmed, and transfer/rights are added to the blockchain).  

Regarding claim 4, the combination of Marion and Bitfury teach the method of claim 1, wherein each of the first secure computing component and the second  secure computing component is a hardware security module (HSM) (Bitfury at pg. 28, § 4.1: computing components performing the blockchain logic are hardware security modules). It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to implement the combination of Marion and Bitfury as taught in Bitfury, wherein each of the first secure computing component and the see, e.g., Bitfury at pg. 28, § 4.1).

Regarding claim 5, the combination of Marion and Bitfury teach the method of claim 1, wherein at least some of the miner components are hardware security modules (HSMs) (Bitfury at pg. 28, § 4.1: computing components performing the blockchain logic are hardware security modules, including the proof of work modules <i.e., miners>). It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to implement the combination of Marion and Bitfury as taught in Bitfury, wherein at least some of the miner components are hardware security modules (HSMs), to improve security of the system and prevent tampering by system maintainers (see, e.g., Bitfury at pg. 28, § 4.1).

Regarding claim 6, the combination of Marion and Bitfury teach the method of claim 1, wherein the blockchain is a distributed transactional database (Marion at [0010] – the blockchain is a distributed database providing secure and accessible transaction record of ownership rights).  

Regarding claim 7, the combination of Marion and Bitfury teach the method of claim 1, wherein the miner components confirm a state of the blockchain by reaching a consensus as to the state of the blockchain based on a proof of work (Marion at [0058-059] – validation consensus must be reached by peer-to-peer network to add new block on the blockchain; Bitfury at pg. 22, § 3.2 – blockchain uses proof of work for adding blocks via the consensus). It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to implement the combination of Marion and Bitfury as taught in Bitfury, wherein the miner components confirm a state of the blockchain by reaching a consensus as to the state of the blockchain based on a proof of work, to achieve Bitfury at pg. 22, § 3.2).

Regarding claim 8, Marion teaches A computer system (abstract) comprising: a processor and memory storing computer program code ([0026] – processor executes instructions stored in memory) for a first computing component to provide access to a cryptographic key ([0116] and [0027-028] – reader 110 sends request to server/user device for access to decryption key), the cryptographic key being associated with the first computing component by a [[digitally signed]] record in a blockchain ([0081-083] – a token is created, which contains ownership information and the decryption key <i.e., decryption key is associated with the owner’s device via token owner>; [0093-094] – the token is recorded onto the blockchain <i.e., token is a record>), wherein the blockchain is accessible via a network and includes a plurality of records validated by miner computing components ([0057-059] – new blocks added to the blockchain must be validated by the consensus peers <i.e., minors>, blockchain is accessible via network 120; [0093-094] – a plurality of tokens <i.e., records/blocks> are recorded onto the blockchain), by: 
receiving a request from a second computing component to associate the cryptographic key with the second computing component ([0116] and [0123-125] – request is received from reader device 110 to access a decryption key), the request having associated identification information for a requester of the cryptographic key ([0116-117] – request for decryption key from reader device 110 comprises user identification information of the requestor); 
responsive to a verification of an entitlement of the requester ([0117] – the access right of the reader device 110 is confirmed; [0130-0134] – reader device 110 access right <i.e., entitlement> is confirmed, and transfer/rights are added to the blockchain; [0058-059] – verified information is added to the blockchain via blocks), generating a new record for storage in the blockchain ([0117] – the access , the new record associating the cryptographic key with the second computing component and being validated by the miner components ([0117] – the access right of the reader device 110 is confirmed; [0130-0134] – reader device 110 access right of the user to access the key/digital content is confirmed, and the rights <i.e., a new record> are added to the blockchain; [0058-059] – verified information is added to the blockchain via blocks, by reaching a consensus of the verifiers <i.e., miners>); and 
further responsive to the verification ([0117] – the access right of the reader device 110 is confirmed; [0130-0134] – reader device 110 access right <i.e., entitlement> is confirmed, and transfer/rights are added to the blockchain), securely transferring the cryptographic key from the first computing component to the second computing component so as to provide access to the cryptographic key to the key requester via the second computing component ([0116-117] and [0124] –  the server <i.e., first computing component> verifies the access rights of a requestor <i.e., second computing component> and then the server provides the decryption key to the requestor <i.e., transfers the cryptographic key from the first computing component to the second computing component>; see also: [0061] – the server may be a host for the blockchain; with [0134] and [0138] – the decryption key may be retrieved from the blockchain by the requestor <i.e., decryption key transferred from server’s blockchain to requestor>; [0052] – transfer uses private network <i.e., securely transferred>).  
While Marion discloses adding access rights to a blockchain using standard blockchain techniques (see, e.g., [0058-061], [0130-134]), Marion appears to fail to specifically disclose wherein (1) the records are digitally signed when added to the blockchain, and (2) the first computing component and second computing component are secure computing components.
Bitfury discloses a known system for adding information to a blockchain (abstract), wherein blockchain transactions <i.e., records> include digital signatures in the block header (see, e.g., pg. 14, para. 1: “In consensus with known validators, consensus-related data in the block header could be a set of digital signatures of the previous block belonging to more than 2/3 of validators”; see also pg. 26, 3.3.2 for detailed transaction signature process). Bitfury further discloses performing all blockchain logic in hardware security modules <i.e., secure computing components> (see pg. 28, § 4.1).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to implement Marion with the teachings of Bitfury, wherein (1) the record is digitally signed when added to the blockchain to conform to standard blockchain practice (see, e.g., Marion at [0061] with Bitfury at pg. 26, 3.3.2) and (2) wherein the first computing component and second computing component comprise secure computing components, to improve security of the system and prevent tampering by system maintainers (see, e.g., Bitfury at pg. 28, § 4.1).

Regarding claim 9, Marion teaches a non-transitory computer-readable storage medium storing a computer program element comprising computer program code ([0026] and [0045] – processor executes instructions stored in physical memory) to, when loaded into a computer system and executed thereon ([0026] and [0045] – processor executes instructions stored in physical memory), cause the computer system to provide access to a cryptographic key ([0116] and [0027-028] – reader 110 sends request to server/user device for access to decryption key), the cryptographic key being associated with a first secure computing component by a [[digitally signed]] record in a blockchain ([0081-083] – a token is created, which contains ownership information and the decryption key <i.e., decryption key is associated with the owner’s device via token/owner>; [0093-094] – the token is recorded onto the blockchain <i.e., token is a record>), wherein the blockchain is accessible via a network and includes a plurality of records validated by miner computing components ([0057-059] – , by: 
receiving a request from a second secure computing component to associate the cryptographic key with the second secure computing component ([0116] and [0123-125] – request is received from reader device 110 to access a decryption key), the request having associated identification information for a requester of the cryptographic key ([0116-117] – request for decryption key from reader device 110 comprises user identification information of the requestor); 
responsive to a verification of an entitlement of the requester ([0117] – the access right of the reader device 110 is confirmed; [0130-0134] – reader device 110 access right <i.e., entitlement> is confirmed, and transfer/rights are added to the blockchain; [0058-059] – verified information is added to the blockchain via blocks), generating a new record for storage in the blockchain ([0117] – the access right of the reader device 110 is confirmed; [0130-0134] – reader device 110 access right <i.e., entitlement> is confirmed, and transfer/rights are added to the blockchain; [0058-059] – verified information is added to the blockchain via blocks), the new record associating the cryptographic key with the second secure computing component and being validated by the miner components ([0117] – the access right of the reader device 110 is confirmed; [0130-0134] – reader device 110 access right of the user to access the key/digital content is confirmed, and the rights <i.e., a new record> are added to the blockchain; [0058-059] – verified information is added to the blockchain via blocks, by reaching a consensus of the verifiers <i.e., miners>); and 
further responsive to the verification ([0117] – the access right of the reader device 110 is confirmed; [0130-0134] – reader device 110 access right <i.e., entitlement> is confirmed, and transfer/rights are added to the blockchain), securely transferring the cryptographic key from the first computing component to the second secure computing component so as to provide access to the cryptographic key to the key requester via the second secure computing component ([0116-117] and [0124] –  the server <i.e., first computing component> verifies the access rights of a requestor <i.e., second computing component> and then the server provides the decryption key to the requestor <i.e., transfers the cryptographic key from the first computing component to the second computing component>; see also: [0061] – the server may be a host for the blockchain; with [0134] and [0138] – the decryption key may be retrieved from the blockchain by the requestor <i.e., decryption key transferred from server’s blockchain to requestor>; [0052] – transfer uses private network <i.e., securely transferred>).
While Marion discloses adding access rights to a blockchain using standard blockchain techniques (see, e.g., [0058-061], [0130-134]), Marion appears to fail to specifically disclose wherein (1) the records are digitally signed when added to the blockchain, and (2) the first computing component and second computing component are secure computing components.
However, Bitfury discloses a known system for adding information to a blockchain (abstract), wherein blockchain transactions <i.e., records> include digital signatures in the block header (see, e.g., pg. 14, para. 1: “In consensus with known validators, consensus-related data in the block header could be a set of digital signatures of the previous block belonging to more than 2/3 of validators”; see also pg. 26, 3.3.2 for detailed transaction signature process). Bitfury further discloses performing all blockchain logic in hardware security modules <i.e., secure computing components> (see pg. 28, § 4.1).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to implement Marion with the teachings of Bitfury, wherein (1) the record is digitally signed when added to the blockchain to conform to standard blockchain practice (see, e.g., Marion at [0061] with Bitfury at pg. 26, 3.3.2) and (2) wherein the first computing component and second computing component comprise secure computing components, to improve security of the system and prevent tampering by system maintainers (see, e.g., Bitfury at pg. 28, § 4.1).

Regarding claim 10, the combination of Marion and Bitfury teach the method of claim 1, further comprising: 
further responsive to the verification of the entitlement of the requester (Marion at [0024] – a confirmation of access rights including information for exchanging a rights token is received), effecting a change to the first secure computing component for providing the cryptographic key (Marion at [0024] – in response to receiving a confirmation of access rights for exchanging a rights token, a rights blockchain is updated to record an exchanging of the rights token. The token holds a decryption key <i.e., blockchain is updated>; [0061] – blockchain is hosted by the server <i.e., first computing component information is changed>), the change being relative to the resource cost of ownership of the cryptographic key (Marion at [0024] – in response to receiving a confirmation of access rights for exchanging a rights token, a rights blockchain is updated to record an exchanging of the rights token. The token holds a decryption key <i.e., blockchain is updated>; [0061] – blockchain is hosted by the server <i.e., first computing component information is changed>; [0011] and [0110] – different transaction types may be performed based on payment, e.g., renting, loaning, sharing <i.e., the change/update is reflective of the cost/payment).

Regarding claim 11, the combination of Marion and Bitfury teach the computer system of claim 8, wherein the processor and memory storing computer program code for the first secure computing component ([0026] and [0045] – processor executes instructions stored memory) to provide access to the cryptographic key ([0116] and [0027-028] – reader 110 sends request to server/user device for access to decryption key) includes: 
further responsive to the verification of the entitlement of the requester (Marion at [0024] – a confirmation of access rights including information for exchanging a rights token is received), effecting a change to the first secure computing component for providing the cryptographic key (Marion at [0024] – in response to receiving a confirmation of access rights for exchanging a rights token, a rights blockchain is updated to record an exchanging of the rights token. The token holds a decryption key <i.e., blockchain is updated>; [0061] – blockchain is hosted by the server <i.e., first computing component information is changed>), the change being relative to the resource cost of ownership of the cryptographic key (Marion at [0024] – in response to receiving a confirmation of access rights for exchanging a rights token, a rights blockchain is updated to record an exchanging of the rights token. The token holds a decryption key <i.e., blockchain is updated>; [0061] – blockchain is hosted by the server <i.e., first computing component information is changed>; [0011] and [0110] – different transaction types may be performed based on payment, e.g., renting, loaning, sharing <i.e., the change/update is reflective of the cost/payment).  

Regarding claim 12, the combination of Marion and Bitfury teach the non-transitory computer-readable storage medium of claim 9, wherein the Application No. 16/620,241computer program code ([0026] and [0045] – processor executes instructions stored in physical memory), when loaded into the computer system and executed thereon ([0026] and [0045] – processor executes instructions stored in physical memory), cause the computer system to provide access to the cryptographic key ([0116] and [0027-028] – reader 110 sends request to server/user device for access to decryption key) further including by: 
further responsive to the verification of the entitlement of the requester (Marion at [0024] – a confirmation of access rights including information for exchanging a rights token is received), effecting a change to the first secure computing component for providing the cryptographic key (Marion at [0024] – in response to receiving a confirmation of access rights for exchanging a rights token, a rights blockchain is updated to record an exchanging of the rights token. The token holds a decryption key <i.e., blockchain is updated>; [0061] – blockchain is hosted by the server <i.e., first computing , the change being relative to the resource cost of ownership of the cryptographic key (Marion at [0024] – in response to receiving a confirmation of access rights for exchanging a rights token, a rights blockchain is updated to record an exchanging of the rights token. The token holds a decryption key <i.e., blockchain is updated>; [0061] – blockchain is hosted by the server <i.e., first computing component information is changed>; [0011] and [0110] – different transaction types may be performed based on payment, e.g., renting, loaning, sharing <i.e., the change/update is reflective of the cost/payment).

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. Walker et al. (US20160364787) discloses receiving request for transfer of ownership of a device from a current owner to a new owner, and doing so via blockchain system (see abstract, [0053], [0076]). Further, Solow et al. (US20180322259) discloses a system for managing transfer of the right to use encrypted content, including transfer of a decryption key for the encrypted content using blockchain (see abstract, [0011]).
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to JOSHUA RAYMOND WHITE whose telephone number is (571)272-4365. The examiner can normally be reached Monday-Thursday, & Alternate Fridays.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Taghi Arani can be reached on 5712723787. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/J.R.W./Examiner, Art Unit 2438                                                                                                                                                                                                        



/TAGHI T ARANI/Supervisory Patent Examiner, Art Unit 2438