DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

This office action is a response to an application filed 10/01/2021 wherein claims 21 – 27, 29 - 37, and 39 - 42 are pending and ready for examination. 

Response to Arguments
Applicant's arguments filed 10/01/2021 have been fully considered but they are not persuasive.

 Status of Claims 
 Applicant Asserts: Claims 21, 26-27, 29-30, 32, 37, 39 and 40 have been amended. Claims 28 and 38 have been cancelled. Claims 41 and 42 have been added. No new matter has been added. Support for
the amendments may be found, for example, in at least paras. [0046], [0062] and [0149] of the original specification, and in at least the non-limiting examples shown in FIGs. 10A and 10B of the original drawing. These amendments are made without prejudice or disclaimer. After amending the claims as set forth above, claims 21-27, 29-37, 39-42 remain pending in this application. Applicant respectfully requests reconsideration of these claims.
Examiner Response:  The Examiner thanks applicant representative for working to advance the prosecution of this application.  Applicant amends independent claims to include 21, 32 and 40
…determine, based on at least one policy configured to evaluate whether one or more
cryptographic attributes of the encryption key are secure, that the encryption key is secure to be
used in a communication involving the first device, wherein the first device is registered to a first
node of a hierarchical structure of policies, the second device is registered to a second node of the…
“configured to evaluate whether one or more cryptographic attributes of the encryption key are secure” or the first device is registered to a first node of a hierarchical structure of policies,    Of the applicant cited location for support of the amendments, the cited [0046] discloses:

[0046] As referred to herein, a "policy" may be a rule managing an encryption key based on key attribute(s) associated with that encryption key. In particular embodiments, a policy may 
dictate whether the particular encryption key is an acceptable encryption key. Such acceptability 
may be based on the security and cryptographic considerations as to whether the encryption key 
(e.g., as shown from the key attributes associated with the encryption key) may be secure. 

As per policies being configured, there is no disclosing a policy or rule being configured or structured to do anything.  Rather, the Examiner interprets instant [0046] to disclose a rule governs that (manages) the security of the key based on the key attributes.  Managing a key based on its key attributes is not the same as configuring a policy to evaluate whether the attributes of the encryption key is secure and such inclusion into independent claims 21, 32, and 40 is deemed by the Examiner to constitute new matter.

Rejections Under 35 U.S.C. § 103
	1. Independent Claims 21, 32 and 40
             2. Dependent Claims 22, 24, 25, and 26 and corresponding dependent Claims 33, 35, 36 and 37
Applicant Asserts:  For instance, on page 3 of the Office Action, the Examiner points to paragraph 125 of
Landrok and cites (emphasis added) “[t]he software application applies a MAC algorithm
(message authentication code) to the transaction details using the key, and outputs a MAC” for
allegedly teaching or suggesting “determining, by the system based on at least on policy be used
in a communication involving the first device” as recited in claim 21. The Office Action does not

to map the “policy” recited in claim 21 to a “MAC algorithm (message authentication code)
[applied] to the transaction details using the key.” To clarify, claim 21 has been amended to
recite that the “policy [is] configured to evaluate whether one or more cryptographic attributes of
the encryption key are secure.” The MAC algorithm in Landrok, is not a policy that is configured
to evaluate one or more cryptographic attributes of the key. The MAC algorithm in Landrok uses
the key and an encryption algorithm to encrypt, but encrypting with a key using an encryption
algorithm is not the same as evaluating whether the cryptographic attributes of a key are secure
because encryption in Landrok may be performed using an insecure key. Therefore, the MAC
algorithm is not a “policy configured to evaluate whether one or more cryptographic attributes of
the encryption key are secure” as recited in independent claim 21.

Examiner Response:  Respectfully, the Examiner considers a MAC algorithm to expressly a rule because a rule is a policy as applicant asserts at instant In fact the Examiner maintains a MAC algorithm is a specific rule or policy pertaining to the entropy of a key size.  However, the argument that the algorithm is not configured to evaluate whether one or more cryptographic attributes of the encryption key are secure is moot since there is no disclosure of this feature and inserting the configuration limitation into claim 1 constitutes new matter.  The Examiner will clarity the mapping between the MAC algorithm and claimed policy.  Moreover, had the amendment to independent claims 21, 32, and 40 been supported the claims would require a separate claim interpretation under 35 U.S.C. § 112 (f).

Applicant Asserts: To clarify, claim 21 has amended to recite “a hierarchical structure of policies” where a “policy [is] configured to evaluate whether one or more cryptographic attributes of the
encryption key are secure.” The network connection in Landrok, being a “hierarchy connection”
that “relates” each of the devices (e.g., a connection relating hardware devices) is not a
hierarchical structure of policies configured to evaluate whether one or more cryptographic
attributes of the encryption key are secure as recited in amended claim 21.Examiner Response:  The Examiner finds no support for the claim amendments to independent claims 21, 32, and 40.  The claims cite that a device is registered to first node and that first node has a hierarchical structure of policies.  The first node itself has a structure of policies.  The Examiner cannot find no place in the instant specification where a device is registered to a first node that has a hierarchy structure of policies and such inclusion into independent claims 21, 32, and 40  is deemed by the Examiner to constitute new matter.

Applicant Asserts: On page 3 of the Office Action, the Examiner points to paragraph 83 of Landrok and
cites “computing device la may comprise hardware protected cryptographic keys, such as, for
example, a trusted platform module (TPM) chip or a digital rights management (DRM) [chip]” for allegedly teaching or suggesting “the at least one policy corresponds to the first node” as recited in independent claim 21. However, the cited portions of Landrok are silent as to any policies configured to evaluate whether one or more cryptographic attributes of the encryption key are secure, or in particular, any policies configured to evaluate whether one or more cryptographic attributes of the encryption key are secure that are corresponding to nodes. The chips in Landrok are not policies that correspond to nodes, much less when the policies are “configured to evaluate whether one or more cryptographic attributes of the encryption key are secure” as recited in amended claim 21. Therefore, the cited portion of Landrok is silent as to such features of independent claim 21.

Examiner Response: See Examiner response above regarding new matter as it applies equally to 2. Dependent Claims 22, 24, 25, and 26 and corresponding dependent Claims 33, 35, 36 and 37.

It is at least for the above reasons the Examiner maintains the prior art rejections of Claims 21-29 and 31-40 under 35 U.S.C. § 103 with “Landrok” in view of “Shear’ and Claim 30 under 35 U.S.C. § 103 as being unpatentable over Shear and further in view “Rich”.


Claim Rejections - 35 USC § 112
The following is a quotation of the first paragraph of 35 U.S.C. 112(a):
(a) IN GENERAL.—The specification shall contain a written description of the invention, and of the manner and process of making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it pertains, or with which it is most nearly connected, to make and use the same, and shall set forth the best mode contemplated by the inventor or joint inventor of carrying out the invention.

The following is a quotation of the first paragraph of pre-AIA  35 U.S.C. 112:
The specification shall contain a written description of the invention, and of the manner and process of making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it pertains, or with which it is most nearly connected, to make and use the same, and shall set forth the best mode contemplated by the inventor of carrying out his invention.

Claims 21, 32, and 40 are rejected under 35 U.S.C. 112(a) or 35 U.S.C. 112 (pre-AIA ), first paragraph, as failing to comply with the written description requirement. The claims contains subject matter which was not described in the specification in such a way as to reasonably convey to one skilled in the relevant art that the inventor or a joint inventor, or for applications subject to pre-AIA  35 U.S.C. 112, the inventor(s), at the time the application was filed, had possession of the claimed invention. Claims 21, 32, and 40 have been amended to include: … determining, by the system based on at least one policy configured to evaluate whether one or more cryptographic attributes of the encryption key are secure, be used in a communication involving the first device – and the second device is registered to a second node of the hierarchical structure of policies.  There is no disclosing of a policy being configured to evaluate if a key is secure. Likewise, there is no disclosing of a second node which a hierarchial structure of policies as claimed.  The dependent claims to claims 21 and 32 are also rejected by virtue of their dependency to the independent claims.

Information Disclosure Statement
The information disclosure statements (IDS) submitted on 11/08/2021, 10/01/2021, and 07/23/2021 are in compliance with the provisions of 37 CFR 1.97.  Accordingly, the information disclosure statements are being considered by the examiner.

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.


Claims 21-28, 29 and 31-37, and 40-42 are rejected under 35 U.S.C. 103 as being unpatentable over Landrok; Mads; et al, US 20170364911 A1, December 21, 2017, hereafter referred to as Landrok in view of Shear; Victor Henry et al, US 20140282586 A1, September 18, 2014, hereafter referred to as Shear.

           As to claim 21, Landrok teaches a method for authorizing a first device to use an encryption key of a second device, comprising:
        receiving, by a system, an encryption key originating from the second device - Landrok [0125] Once the system has verified that the transaction request is coming from a registered device and not a spoof account, the system requests the transaction details from the application running on the computing device… the software app extracts the cryptographic key received from the authentication server in the SMS message.  Here, the claimed ‘second device’ is taught by Landrok as ‘authentication server’);
         determining, by the system based on at least one policy configured to evaluate whether one or more cryptographic attributes of the encryption key are secure, to be used in a communication involving the first device - Landrok [0125] The software application applies a MAC algorithm (message authentication code) to the transaction details using the key, and outputs a MAC.  Here, the claimed ‘at least one policy’ is taught by Landrok as ‘algorithm’ which in this case is a policy for the entropy of an encryption key.  The algorithm is not fixed and its variability indicates the policy or rules for certain key strengths), wherein the first device is registered to a first node of a hierarchical structure of policies, the second device is registered to a second node of the hierarchical structure - Landrok [0092] The transaction details of a particular transaction being performed by the user using the computing device 12 are forwarded to a secure payment backend server 26 via the network connection 22.  Here, the claimed ‘first device’ is taught by Landrok as ‘computing device 12’ whereas the claimed ‘second device’ is taught by Landrok as ‘secure payment backend server 26’ whereas the claimed hierarchical structure’ is taught by ‘network connection’ because each of the devices relate to the hierarchy of network represented by network connection 22), and the at least one policy corresponds to the first node - Landrok [0083]  computing device 1a may comprise hardware protected cryptographic keys, such as, for example, a trusted platform module (TPM) chip or a digital rights management ( DRM); and
          authorizing, by the system, the first device to use the encryption key in the communication to encrypt data using the encryption key - Landrok [0084 and 0083] since at ‘84 Once a secure token or relationship is defined between a user, user device and authorization service, a user can make a secure transaction using this relationship or token since at ’83…The token may also be based on unique authentication information (e.g. cryptographic key(s)) held for the user (and owner of the device) on the secure authorisation service 1b).  WHILE LANDROK SUGGESTS wherein the first device is registered to a first node of a hierarchical structure, the second device is registered to a second node of the hierarchical structure IN AN ANALAGOUS ART THAT IS DIRECTED TO THE SAME FIELD OF ENDEAVOR SHEAR TEACHES wherein the first device is registered to a first node of a hierarchical structure, the second device is registered to a second node of the hierarchical structure – Shear [0581] Formal resources are published, including registered, through use of an identity schema arrangement supporting plural, independent parties as publishers, wherein such schema arrangement provides information constituting and/or is otherwise employed as at least a portion of a persistent, operatively unique identity for such resource. Such registration schema may be at least in part managed, hosted, and/or otherwise controlled by, one or more cloud services and/or standards organizations.  Here, the claimed ‘node’ is taught by Shear as ‘parties’ whereas the claimed ‘hierarchical structure’ is taught by Shear as ‘cloud services’ such as the PERCos Platform Services illustrated in Shear Figure 38.  Thus, it would have been recognized by one of ordinary skill in the art before the effective filing date of the claimed invention that applying the known technique taught by Shear to the Secure Authorization Service of Landrok would have yielded predicable results and resulted in an improved Authorization Service, namely, a system that would positively cluster and classify client computing hierarchies using Shear’s purposeful computing (PERCos) in the Landrok registration logic).

            As to claim 22, the combination of Landrok and Shear teaches the method of claim 21, wherein the system receives the encryption key responsive to the encryption key being requested by the first device for the communication - Landrok [0125] Once the system has verified that the transaction request is coming from a registered device and not a spoof account, the system requests the transaction details from the application running on the computing device… the software app extracts the cryptographic key received from the authentication server in the SMS message).

           As to claim 23, the combination of Landrok and Shear teaches the method of claim 21, wherein the second device is one of a hardware security module, a key management device, or an encryption key source - Landrok [0123] When the authentication server receives a message (or data) from the smartphone indicating the user wishes to process a transaction, the authentication server generates, in particular embodiments, an SMS message... The SMS message comprises a short authentication code (or passcode), and a shared key such as a strong triple-DES or AES key).

              As to claim 24, the combination of Landrok and Shear teaches the method of claim 21, wherein at least one policy comprises one or more policies different from one or more policies corresponding to the second node – Landrok [0083] … computing device 1a may comprise hardware protected cryptographic keys, such as, for example, a trusted platform module (TPM) chip or a digital rights management (DRM) chip. The token may also be based on unique authentication information (e.g. cryptographic key(s)) held for the user (and owner of the device) on the secure authorization service 1b).

            As to claim 25, the combination of Landrok and Shear teaches the method of claim 21, wherein one or more policies of the at least one policy are inherited from the second node – Landrok [0108] …To register to use the system, User A may be required to download and install software or a software application (`app`) on his computing device D).

           As to claim 26, the combination of Landrok and Shear teaches the method of claim 21, wherein the second node is one or more policies of the first node in the hierarchical structure – Landrok [0108] …During the registration process, the one or more processors in the secure backend payment system map User A to his details already held within the system; and the first node inherits at least one policy from the second node – Landrok [0108] …To register to use the system, User A may be required to download and install software or a software application (`app`) on his computing device D).

          As to claim 27, the combination of Landrok and Shear teaches the method of claim 21, wherein the hierarchical structure is a Directed Acyclic Graph having a plurality of nodes - Shear [1484] Some embodiments may use a compact representation for a dynamic set of class expressions (in a context) that maintains a DAG for the subclass/superclass lattices, augmented by labeling the Edges (connecting subclasses to direct superclasses) with a description of any Fixed and/or symbolic values the subclass specifies for Abstract attributes of the superclass and any attributes and range, class, relationship, symbolic restrictions, extensions, relaxations, widenings, and/or computational declarations that the class expressions adds) and the plurality of nodes comprises the first node and the second node – Shear [2460] Provide the apparatus and methods for PERCos system, user preferences, Stakeholder policy specifications, which, in some embodiments, may be coupled to appropriate enforcement methods.  The motivation for Landrok to consider Shear in claim 21 applies equally here in claim 27.

             As to claim 28, (cancelled)
              As to claim 29, the combination of Landrok and Shear teaches the method of claim 21, wherein the one or more cryptographic attributes comprise a size of the encryption key – Landrok [0124] …The short authentication code may be 4 to 6 digits in length).

             As to claim 31, the combination of Landrok and Shear teaches the method of claim 21, wherein authorizing the first device to use the encryption key in the communication comprises distributing the encryption key to the first device in response to determining that the encryption key is secure to be used in the communication involving the first device – Landrok [0101] The authentication server 114 distributes authentication challenges to user devices 102 through an alternate channel 126. In one embodiment, the alternate channel 126 employs SMS (short message service) messages sent via a cellular network for mobile phones for communicating the authentication challenges. In another embodiment, it may be an app that generates an OTP on the mobile device based on a shared key with the Authentication Server).

            As to claim 32, claim 32 is a non-transitory processor-readable medium that is directed to the method of claim 21.  Therefore claim 32 is rejected for the reasons as set forth in claim 21. 
            As to claim 33, claim 33 is a non-transitory processor-readable medium that is directed to the method of claim 22.  Therefore claim 33 is rejected for the reasons as set forth in claim 22. 
            As to claim 34, claim 34 is a non-transitory processor-readable medium that is directed to the method of claim 23.  Therefore claim 34 is rejected for the reasons as set forth in claim 23. 
          As to claim 35, claim 35 is a non-transitory processor-readable medium that is directed to the method of claim 24.  Therefore claim 35 is rejected for the reasons as set forth in claim 24. 
         As to claim 36, claim 36 is a non-transitory processor-readable medium that is directed to the method of claim 25.  Therefore claim 36 is rejected for the reasons as set forth in claim 25. 

         As to claim 37, claim 37 is a non-transitory processor-readable medium that is directed to the method of claim 26.  Therefore claim 37 is rejected for the reasons as set forth in claim 26. 

        As to claim 38, (cancelled). 

               As to claim 39, claim 39 is a non-transitory processor-readable medium that is directed to the method of claim 29.  Therefore claim 39 is rejected for the reasons as set forth in claim 29. 
              As to claim 40, claim 40 is a system that is directed to the method of claim 21.  Therefore claim 40 is rejected for the reasons as set forth in claim 21.  
             As to claim 41, the combination of Landrok and Shear teaches the method of claim 21, wherein the one or more cryptographic attributes comprise a utilization of the encryption key – Landrok [0035]… the private key could actually be distributed between any number N of servers using what is known as “secret sharing” in such a way that they each have a component of the key by which they can calculate an input for the generation of the signature.  Here, the claimed ‘one or more cryptographic attributes’ is taught by Landrok as ‘key sharing’ because a share is a cryptographic attribute whose utility is to re-construct the private key of the user).

           As to claim 42, claim 42 is a non-transitory processor-readable medium that is directed to the method of claim 41.  Therefore claim 42 is rejected for the reasons as set forth in claim 41).


Claim 30 is rejected under 35 U.S.C. 103 as being unpatentable over Landrok, in view of Shear, and in further view of Rich; Bruce Arland et al, US 20130044882, February 21,2013, hereafter referred to as Rich.

             As to claim 30, the combination of Landrok and Shear teaches the method of claim 28.  THE COMBINATION OF LANDROK AND SHEAR DO NOT TEACH wherein the one or more cryptographic attributes comprises a time at which encryption key is generated HOWEVER IN AN ANALAGOUS ART DIRECTED TO THE SAME FIELD OF ENDEAVOR RICH TEACHES wherein the one or more cryptographic attributes comprises a time at which encryption key is generated – Rich [0050] FIG. 4, typical operations initiated by a cryptographic client and directed to the key management server include… Modify Attribute (a request to modify the value of an existing attribute), Obtain Lease (a request to obtain a new Lease Time for a specified object. Adding a ‘time attribute’ for key generation to Landrok does no more to Landrok key generation module than it would do if it were added to any other device. The function remains the same. Predictably, considering a time to generate the encryption key provided by Rich enables Landrok to better control access to resources that are time sensitive. 
Thus, one of ordinary skill in the art of before the effective filing date of the claimed invention would have been motivated to update Landrok’s key generation with the Rich providing an encryption key attribute of time and thereby gaining, predictably, the commonly understood benefits of such adaptation, that is, the ability to control access to protected resources using a time component).
         
THIS ACTION IS MADE FINAL.  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 
Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to WILLIAM B. JONES whose telephone number is (571) 272-9637.  The examiner can normally be reached on Mon - Fri., 5:30 a.m. to 2:00 p.m.  If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Ashok Patel can be reached on 571-272-3972.  The fax phone number for the organization where this application or proceeding is assigned is 571-272-3900.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
 /WILLIAM B JONES/Examiner, Art Unit 2491
1/17/2022

/ASHOKKUMAR B PATEL/Supervisory Patent Examiner, Art Unit 2491