Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
The present Office Action is responsive to communications received 10/7/2021. Claims 1-18 and 21-22 are pending. Claims 19-20 are cancelled.

Response to Arguments
Applicant’s arguments received on 10/7/2021 are addressed as follows:
Regarding the 101 rejection of claims 1-11, the amendments overcome the rejection. The rejection is withdrawn.
Regarding the prior art rejection, the scope of the claim has changed, a new ground of rejection addressing the trusted first channel for transmitting the seed value.

Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.


The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.


Claim 22 is rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA  35 U.S.C. 112, the applicant), regards as the invention.
Claim 22 recites “the seed value is caused to be stored in a cache of the web browser ... such that the web browser is operable to encrypt and decrypt data using the transient encryption key”. The phrase “such that” expresses a purpose or result, however, it is not understood the relationship between the storing of the seed value in the cache and the acts of encrypting/decrypting data using the transient encryption key. Clarification is kindly requested.


Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1-2, 4, 12, 17 and 21 are rejected under 35 U.S.C. 103 as being unpatentable over US 20090245516 to Ravikiran, hereinafter Ravikiran, in view of “Network Time Protocol Based Time-Varying Encryption System for Smart Grid Meter”, by Wang et al., IEEE, 2004, p. 99-104, hereinafter Wang, and further in view of US 20120063597 to Tropp et al., hereinafter Tropp..
Regarding claims 1 (and substantially claims 12 and 17), Ravikiran discloses:
 a security system comprising by one or more hardware processors, the security system being configurable to cause (Fig. 1: System comprising two parties communicating over a network):  
using the one or more processors, after establishing a first channel between a client system and a server system as a channel, transmitting, via the first channel, a seed value from the server system to the client system ([0062][0089] send seed over a different medium on the network such as mail, meaning the mail communication is pre-established); processing a request for a transaction between the client system and the server system, the transaction being associated with transmission of data, via a second channel, between the client system and the server system ([0031] –[0032]: process sending or receiving encrypted data over a channel, different from the channel used for sending the seed ([0076])) ; using a transient encryption key generated based on the seed value ([0046]-[0048]: K=F.sub.h(SK1, T), where K is the encryption key, F.sub.h is a hashing function , SK1 the seed, T is Time), encrypting, the data to form encrypted data, the transient encryption key being a synced-clock random number configured to automatically change when a designated time interval elapses, the synced-clock random number being accessible to the server system and the client system, the synced-clock random number being accessible to the server and the client system ([0069] construct a pseudo random number as a key changing periodically to encrypt data based on a seed and random number, hashed ([0040][0041], the communicating parties have synced clock [0023]) ; and transmitting the encrypted data between the client system and the server system ([0049]-[0052]: transmit the ciphertext to the other party over the secure channel), the encrypted data being configurable to be decrypted at the server system or the client system based on the transient encryption key ([0056]: decrypt the ciphertext with the computed key, generated using the same method [0053]).
Ravikiran does not explicitly teach  the synced-clock random number being based on a designated clock accessible to the server and the client system.
In an analogous art, Wang discloses a NTP server used to synchronize clocks for two parties (Fig. 2, p. 99, II and p.100, III, left column). It would have been obvious to a skilled artisan before the instant application was filed to use a time server as taught by Wang as a designated clock because it would allow an accurate synchronization of the clocks at a millisecond level (Wang, Abstract), therefore preventing discrepancies in the time-based encryption key and ensuring a correct encryption/decryption as taught by Ravikiran.
Ravikiran in view of Wang does not explicitly teach a trusted channel used to transmit the seed value.
In an analogous art, Tropp discloses communication between a sending device and a receiving device (Fig 1), the sending device establishing a secure communication with the receiving device and transmitting a seed value (Fig. 8, [0058]). The seed value may be generated from clock data ([0063]). The seed value is used to generate a RND table (Fig. 9) from which a session key is generated ([0066]), the session key used to encrypt content, sent after creating a connection between the sending and receiving devcies ([0073]). Therefore Tropp discloses after establishing a first channel between a client system and a server system as a trusted channel, transmitting, via the first channel, a seed value from the server system to the client system. 
It would have been obvious to a skilled artisan before the instant application was filed to transmit the seed over a trusted channel as taught by Tropp because it would ensure the confidentiality of the seed and prevent an attacker from intercepting the seed and calculating the session key, which would compromise the encrypted communications between the two parties.
Regarding claim 2, Ravikiran in view of Wang and Tropp discloses the security system of claim 1, the security system further configurable to cause:  generating, based on the seed value and a time-stamp associated with the designated clock, the transient encryption key (Ravikiran [0040][0044]: seed and timestamp used to compute the encryption key); 
Regarding claim 4, Ravikiran in view of Wang and Tropp discloses the security system of claim 2, wherein generating the transient encryption key comprises applying, using the seed value and the time-stamp, a secure hash algorithm (SHA), the time-stamp being based on the designated clock (Ravikiran [0040][0041][0046]: generate pseudo random number or timestamp with clocks, combine with seed, and hash to generate the key).
Regarding claim 21, Ravikiran in view of Wang and Tropp discloses the security system of claim 1, wherein: the second channel comprises a web browser operating on the client system (Ravikiran [0062] teaches sending encrypted data over any suitable network, which would include a web browser transmitted over the channel, without any undue effort; Tropp also discloses the sender and receiver are computing devices (Fig. 2) such as mobile device, communicating using wifi, it would have been obvious to use a web browser to transmit the encrypted data, as known in the art) ; and the first .


Claims 3, 13-14 and 18 are rejected under 35 U.S.C. 103 as being unpatentable over Ravikiran, Wang and Tropp, in view of US 20190394031 to Deng et al., hereinafter Deng.
Regarding claim 3 (and substantially claims 13 and 18), Ravikiran in view of Wang and Tropp discloses the security system of claim 2,  but does not teach the rest of the claim. In an analogous art, Deng discloses a client computing  a hash on a previous key, transmitted to the server ([0039]), which recalculates the hash and compares it with the hash sent by the client ([0042]). Therefore Deng teaches the security system further configurable to cause: evaluating that the seed has been applied correctly by processing a checksum of an initial value of the transient encryption key received from the client system.  It would have been obvious to a skilled artisan before the instant application was filed to verify the correctness of a previous transient key using the teachings of Deng because it would bring confidence in computing the encryption keys.
Regarding claims 13 and 18, please see rejection of claim 3.
Regarding claim 14, Ravikiran in view of Wang, Tropp and Deng discloses the method of claim 13, wherein generating the transient encryption key comprises applying, using the seed value and the time-stamp, a secure hash algorithm (SHA), the .

Claims 5, 7-8, 10 and 15 are rejected under 35 U.S.C. 103 as being unpatentable over Ravikiran, Wang and Tropp, in view of US 20150113264 to Wang et al, hereinafter Wang2.
Regarding claim 5  (and substantially claim 15), Ravikiran in view of Wang and Tropp discloses the security system of claim 1; although Ravikiran teaches a secure communication channel, the cited prior art does not teach  the security system further configurable to cause:  applying, before transmitting the encrypted data between the client system and the server system, transport layer security (TLS) encryption to the encrypted data.  In an analogous art, Wang2 discloses applying, before transmitting the encrypted data between the client system and the server system, transport layer security (TLS) encryption to the encrypted data ([0146]: firewall intercept packets, decrypt and re-encrypt before forwarding to server, the client and server communicating with SSL or TLS sessions ([0147]). It would have been obvious to skilled artisan before the instant application was effectively filed to establish the secure communication channel using TLS as taught by Wang2  because it would allow inline inspection of the packets (Wang2, [0006]).
Regarding claim 7, Ravikiran in view of Wang and Tropp discloses the security system of claim 1, but does not teach the rest of the limitations. In an analogous art, Wang2 discloses wherein encryption of the data occurs at an application layer 
Regarding claim 8, Ravikiran in view of Wang and Tropp discloses the security system of claim 1, but does not teach, however, Wang2 discloses wherein encryption of the data occurs at an application layer associated with a mobile application being interacted with by a user of the client system, the client system being a mobile device ([0046]: SSL or TLS session (see [0147]) between a client and server, the client being a mobile device using https protocol and browser application and encryption to access the server or website, the data encrypted using https. It would have been obvious to a skilled artisan before the application was filed to use an application layer associated with a mobile application because such interaction has become standard in retrieving web-based content and would not necessitate further testing).
. Regarding claim 10, Ravikiran in view of Wang and Tropp discloses the security system of claim 1, but does not teach, however, Wang2 discloses: wherein encrypting the data to form encrypted data is performed by one or more of: a browser plug-in operating at the client system, a web browser operating at the client system ([0046]: .  

Claims 9 and 11 are rejected under 35 U.S.C. 103 as being unpatentable over Ravikiran, Wang, Tropp and Wang2  in view of US 20130097308  to Le et al., hereinafter Le.
Regarding claim 9, Ravikiran in view of Wang, Tropp and Wang2 discloses the security system of claim 8, but does not teach the rest of the claim. In an analogous art, Le teaches wherein the mobile application comprises a customer relationship management (CRM) platform and/or a social networking system provided to a plurality of tenant organizations via an on-demand computing environment ([0118]: user using social media application). It would have been obvious to have the client uses a social media application because such application is widely used to share content on sharing  platforms and it would not need any testing to implement.
Regarding claim 11, Ravikiran in view of Wang, Tropp, Wang2 and Le discloses the security system of claim 9, wherein the security system is configured to automatically intercept further transactions between the client system and the server system (Wang2, [0146]).   

Claims 6 and 16 are rejected under 35 U.S.C. 103 as being unpatentable over Ravikiran, Wang and Tropp,  in view of US 20170163607 to Skuratovich et al., hereinafter Skuratovich.
Regarding claim 6 (and substantially claim 16), Ravikiran in view of Wang and Tropp discloses the security system of claim 1, but does not teach, yet Skuratovich discloses wherein the encrypted data is transmitted between the client system and the server system without TLS encryption ([0070]: data encrypted with session key and sent after TLS has terminated). It would have been obvious to skilled artisan before the instant application was effectively filed to establish send the encrypted data without TLS encryption  as taught by Skuratovich because it would be more efficient than imposing TLS encryption/decryption of the already encrypted data.

Allowable Subject Matter
Regarding claim 22, the claim recites:
The security system of claim 21, wherein the seed value is caused to be stored in a cache of the web browser operating on the client system such that the web browser is operable to encrypt and decrypt data using the transient encryption key.
Ravikiran, alone or in combination with Wang, Tropp or any other prior art of the record, fails to teach: wherein the seed value is caused to be stored in a cache of the web browser operating on the client system such that the web browser is operable to encrypt and decrypt data using the transient encryption key.
Therefore claim 22 is allowable.
 Claim 22 is objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims.



Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure:
Golino 20140281523 discloses a device generating and encrypting seed information to another device, for computing an encryption key.
Parrish 9584495 discloses distributing seed keys to computing devices for computing independently a session key.
Morioka 20090123131 discloses generating a time-based encryption key using seed information that changes over time.

Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to CATHERINE B THIAW whose telephone number is (571)270-1138. The examiner can normally be reached Monday-Friday 7am-4pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, CARL G COLIN can be reached on 571-272-3862. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.