DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Information Disclosure Statement
The information disclosure statement (IDS) submitted on 05/19/2020 is in compliance with the provisions of 37 CFR 1.97. Accordingly, the information disclosure statement is being considered by the examiner.

Claim Rejections - 35 USC § 101
35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.


Claims 8-14 are rejected under 35 U.S.C. 101 because the claimed invention is directed to non-statutory subject matter.  
The claim(s) does/do not fall within at least one of the four categories of patent eligible subject matter because claim 8 recites a “computer program product comprising a computer readable storage medium”, and a “computer readable storage medium” under the broadest reasonable interpretation can encompass non-statutory transitory forms of signal transmission, such as, a propagating electrical or electromagnetic signal or carrier wave. See In re Nuijten, 500 F.3d 1346, 84 USPQ2d 1495 (Fed. Cir. 2007). 

Furthermore, claims 1-20 are rejected under 35 U.S.C. 101 because the claimed invention is directed to an abstract idea without significantly more. Claim 1 recites a computer-implemented method comprising: padding a plaintext message, randomly generating an ephemeral key, randomly generating an initialization vector, encrypting the padded plaintext message with the ephemeral key and the initialization vector using a block cipher to produce an encrypted data block, calculating a hash value of the encrypted data block, prepending the hash value, the ephemeral key, and the initialization vector to the encrypted data block, and performing RSA encryption on the encrypted data block prepended with the hash value, the ephemeral key, and the initialization vector. 
The limitations of encrypting the padded plaintext message with the ephemeral key and the initialization vector using a block cipher to produce an encrypted data block, calculating a hash value of the encrypted data block, and performing RSA encryption on the encrypted data block prepended with the hash value, the ephemeral key, and the initialization vector, under its broadest reasonable interpretation, cover performance of the limitations in the mind but for the recitation of generic computer components. That is, other than reciting “computer-implemented”, “processor” (seen in claim 8), or “data processing component” (seen in claim 15), nothing in the claims preclude the step from being performed in the human mind. For example, but for the recitation of “computer-implemented”, “processor” (seen in claim 8), or “data processing component” (seen in 
This judicial exception is not integrated into a practical application because as explained above, the claims do not include any components for performing said limitations and preventing said limitations from being performed in the mind. Furthermore, the claim recites the combination of additional elements of 1) padding a plaintext message, 2) generating an ephemeral key, 3) generating an initialization vector, and 4) perpending the hash value, the ephemeral key, and the initialization vector to the encrypted data block. These additional elements similarly do not include any specific components for performing said additional elements and preventing said additional elements form being performed by a human. Furthermore, the additional elements merely establish well known inputs to an equation (i.e., block cipher encryption or hashing), which is a form of insignificant extra-solution activity (See MPEP 2106.05(g)). Accordingly, these additional elements do not integrate the abstract idea 
The claims do not include additional elements that are sufficient to amount to significantly more than the judicial exception because as discussed above with respect to the integration of the abstract idea into a practical application, the elements of a computer implementation, processor (seen in claim 8), or data processing component (seen in claim 15) amounts to no more than mere instructions to apply the exception using a generic computer component. Mere instructions to apply an exception using a generic computer component cannot provide an inventive concept. The claim is not patent eligible.
Independent claims 8 and 15 include limitations similar to the limitations of independent claim 1 and are rejected under 35 U.S.C. 101 for being directed to an abstract idea for similar reasons as discussed above with respect to claim 1. Claims 2-7 depend on claim 1 and do not remedy the deficiencies of claim 1. Claims 9-14 depend on claim 8 and do not remedy the deficiencies of claim 8. Claims 16-20 depend on claim 15 and do not remedy the deficiencies of claim 15. Therefore, claims 2-7, 9-14, and 16-20 are similarly rejected under 35 U.S.C. 101 because of their dependencies.

Claim Interpretation
The following is a quotation of 35 U.S.C. 112(f):
(f) Element in Claim for a Combination. – An element in a claim for a combination may be expressed as a means or step for performing a specified function without the recital of structure, material, or acts in support thereof, and such claim shall be construed to cover the corresponding structure, material, or acts described in the specification and equivalents thereof. 


An element in a claim for a combination may be expressed as a means or step for performing a specified function without the recital of structure, material, or acts in support thereof, and such claim shall be construed to cover the corresponding structure, material, or acts described in the specification and equivalents thereof.

The claims in this application are given their broadest reasonable interpretation using the plain meaning of the claim language in light of the specification as it would be understood by one of ordinary skill in the art.  The broadest reasonable interpretation of a claim element (also commonly referred to as a claim limitation) is limited by the description in the specification when 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, is invoked. 
As explained in MPEP § 2181, subsection I, claim limitations that meet the following three-prong test will be interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph:
(A)	the claim limitation uses the term “means” or “step” or a term used as a substitute for “means” that is a generic placeholder (also called a nonce term or a non-structural term having no specific structural meaning) for performing the claimed function; 
(B)	the term “means” or “step” or the generic placeholder is modified by functional language, typically, but not always linked by the transition word “for” (e.g., “means for”) or another linking word or phrase, such as “configured to” or “so that”; and 
(C)	the term “means” or “step” or the generic placeholder is not modified by sufficient structure, material, or acts for performing the claimed function. 

Absence of the word “means” (or “step”) in a claim creates a rebuttable presumption that the claim limitation is not to be treated in accordance with 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph. The presumption that the claim limitation is not interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, is rebutted when the claim limitation recites function without reciting sufficient structure, material or acts to entirely perform the recited function. 
Claim limitations in this application that use the word “means” (or “step”) are being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, except as otherwise indicated in an Office action. Conversely, claim limitations in this application that do not use the word “means” (or “step”) are not being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, except as otherwise indicated in an Office action.
This application includes one or more claim limitations that do not use the word “means,” but are nonetheless being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, because the claim limitation(s) uses a generic placeholder that is coupled with functional language without reciting sufficient structure to perform “data processing component to:” in claim 15.
Because this/these claim limitation(s) is/are being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, it/they is/are being interpreted to cover the corresponding structure described in the specification as performing the claimed function, and equivalents thereof. Paragraph [0075] of the filed specification discloses a computer system 600 which can implement the padding oracle elimination system 100 using one or more processor circuits or computer processors 602 of the computer system 600. Per paragraph [0060] and Fig. 4, the processes of padding, generating, encrypting, prepending, and calculating (as seen in claim 15) may be executed by at least one hardware processor. Accordingly, “data processing component” will be interpreted as a hardware processor.
If applicant does not intend to have this/these limitation(s) interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, applicant may:  (1) amend the claim limitation(s) to avoid it/them being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph (e.g., by reciting sufficient structure to perform the claimed function); or (2) present a sufficient showing that the claim limitation(s) recite(s) sufficient structure to perform the claimed function so as to avoid it/them being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph.

Allowable Subject Matter

The following is a statement of reasons for the indication of allowable subject matter: 
The closest art of record Goncalves et al. (US 20200259647 A1; hereinafter “Goncalves”) teaches generating a message, random value, and symmetric key, wherein the message is concatenated with the random value and encrypted with the symmetric key to produce an intermediate ciphertext and the intermediate ciphertext is further hashed to produce a hashed value. The hashed value is then concatenated with the intermediate ciphertext and encrypted altogether using an asymmetric encryption module ([0001]-[0031], [0042] and Fig. 7). However, Goncalves fails to teach padding of the message and prepending the ephemeral key and initialization vector with the hash value and encrypted data block prior to RSA encryption.
Another art of record, Scheiblauer et al. (US 20180337778 A1) teaches encrypting a padded plaintext using an encryption key and an initialization vector together to create a ciphertext and prepending the initialization vector with the ciphertext (Fig. 4). However, Scheiblauer fails to teach hashing the ciphertext and prepending a hash of the ciphertext and the encryption key with the initialization vector and the ciphertext prior to RSA encryption. 
The prior arts mentioned above taken alone or in combination fails to reasonably teach or suggest the combination set forth in independent claim 1 and specifically do not show “prepending the hash value, the ephemeral key, and the initialization vector to the encrypted data block; and performing RSA encryption on the encrypted data block 
Similar reasoning is applied to independent claims 8 and 15. Claims 2-7 depend from claim 1 and are allowable by virtue of their dependencies. Claims 9-14 depend from claim 8 and are allowable by virtue of their dependencies. Claims 16-20 depend from claim 15 and are allowable by virtue of their dependencies.

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. Refer to PTO-892, Notice of References Cited for a listing of analogous art.
Karkkainen (EP 3178190 B1) teaches generating keys, generating an initialization vector (IV), encrypting a plaintext using a key and the IV, merging the IV and encrypted plaintext, generating and hashed message authentication code (HMAC) by hashing the merged encrypted plaintext and IV using a second key, and appending the HMAC with the merged encrypted plaintext and IV ([0123]-[0124]).
Vilvovsky (US 20180191506 A1) teaches concatenating an encrypted buffer, initialization vector and encrypted AES key in the context of multi-user encrypted secure cloud based storage scenarios (Abstract and [0081]).


Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Kristine Kincaid can be reached on 571-272-4063. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

ALEXANDER R. LAPIAN
Examiner
Art Unit 2437


/ALEXANDER R LAPIAN/Examiner, Art Unit 2437 

/KRISTINE L KINCAID/Supervisory Patent Examiner, Art Unit 2437