DETAILED ACTION
I.	Claims 1-17 were subject to a restriction/election requirement.
II.	Claims 1-10 were cancelled.
III.	Claims 11-17 have been examined.
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
Priority
The current application claims priority from Provisional Application 62472562, filed 03/16/2017.
Election/Restrictions
Applicant’s election without traverse of claims 11-17 in the reply filed on 10/12/2021 is acknowledged.
Claim Objections
Claim 11 is objected to because of the following informalities:  in the last limitation of claim 11, there is the claim language “that the permission to access the content matches the permission”.  It is recommended to add the word “level” after these instances of “permission” to conform to the earlier disclosure of a “permission s 11” instead of “Claim 11”.  
Also, claim 12 is objected to due to the claim language, within lines 9 and 10 “the key store servers that serves the same domain”.  It is recommend to amend the claim language to “that serve the same domain”. Claim 14 is objected to for the same reason. 
Also, claim 15, in line 2, has the claim language “wherein the endpoint device further comprise of…”.  It is recommended to amend the claim language to be “comprises”. 
Further, claim 17 is objected to due to on line 22, a period “.” has been amended into the middle of the claim. Appropriate correction is required.
Specification
The specification is objected to as failing to provide proper antecedent basis for the claimed subject matter.  See 37 CFR 1.75(d)(1) and MPEP § 608.01(o).  Correction of the following is required: The Specification lacks antecedent basis for the claimed “universal file identifier (UFI)”.  The Specification discloses a “unique file identifier”. There is also a lack of antecedent basis for the claimed “post-encrypted data file” and “distributed networked environment”.





Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.


The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.


Claims 11-17 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA  35 U.S.C. 112, the applicant), regards as the invention.
Claim 11 recites the limitation "the post-encrypted data file" in line 11 (also within claims 12 and 15). There is insufficient antecedent basis for this limitation in the claim. It is recommended to amend the claim language to “the encrypted data file”.  Further, claim 11 recites “the file decryption key” in lines 16 and 17; as well as “the encryption/decryption keys” in line 18.  
Further, claims 12 and have the claim limitations “querying the database” and “the key store servers that serves the same domain”.  There is insufficient antecedent basis for these limitations in the claim.
Further, claim 13 has the claim limitation of “c) processing file access requests that have at least the UFI of the intended data file from the endpoint computing devices”.  There is insufficient antecedent basis for the limitation of “the intended data file” in the claim.
Further, within claim 16, there are the claim limitations of “the unique linkage to the UFI of said data file stored on the key store server or database, and to use the linked policies to determine the access rights”. There is also insufficient antecedent basis for these limitations (e.g., “the unique linkage”, “the linked policies” and “the access rights”) in the claim. Appropriate correction is required.
Further, claims 12-17 are rejected by virtue of their dependencies upon the rejected independent claim 11.
In addition, claim 11 recites the claim limitation of “a plurality of endpoint computing devices” and then within limitation “e)” there is “said endpoint computing device”.  It is unclear which of the “plurality of endpoint computing devices” this singular “endpoint computing device” is referring to. 
Also, claim 11 recites the claim limitation of “to send the UFI and the encryption/decryption keys coupled to the key store server”; however, it is unclear as to where the “UFI” and “the encryption/decryption keys coupled to the key store server” are being sent.
Likewise, claim 12 also has the claim limitation of “the endpoint computing device” within lines 2 and 3. Also, claim 15 has the claim limitation of “the endpoint device” instead of “endpoint computing device” and claim 16 has the claim limitation of “the endpoint devices” instead of “endpoint computing devices”.
Further, claim 11, line 30, has the claim limitation of “retrieve the keys”, but it is unclear which of the keys are being referred to.  It is recommended to amend the claim limitation to read “retrieve the encryption/decryption keys”.
Further, claim 12 has the limitation “e) deleting the keys from memory and storage”, but it is unclear which of the “keys” are being deleted.  Likewise, claim limitation “h) receiving the keys and permissions from the key stores” but it is unclear which of “the keys” are being received.
The term “abusive” in claim 17 is a relative term which renders the claim indefinite. The term “abusive” is not defined by the claim, the specification does not provide a standard for ascertaining the requisite degree, and one of ordinary skill in the art would not be reasonably apprised of the scope of the invention. It is unclear as to .
When a claim is amenable to two or more plausible claim constructions, the claim is indefinite for failing to particularly point out and distinctly claim the subject matter the Applicant considers to be the invention. Ex parte Miyazaki, 89 USPQ2d 1207, 1215 (BPAI 2008) (precedential).
Presently, some claims require speculation and conjecture by the Examiner and by one of ordinary skill in the art inasmuch as the claims under examination are rejected under 35 U.S.C. 112, second paragraph.  In light of the precedence set forth in In re Steele, 305 F.2d 859, 862 (CCPA 1962) and In re Wilson, 424 F.2d 1382, 1385 (CCPA 1970), the Examiner applies cited art in accordance with a position as best understood in the context of the claims and the invention as a whole to expedite compact prosecution.  Such interpretations of the claims versus the cited art cannot be used as a basis for overcoming the objections or rejections set forth supra. 
A claim that requires the exercise of subjective judgment without restriction may render the claim indefinite. In re Musgrave, 431 F.2d 882, 893, 167 USPQ 280, 289 (CCPA 1970). Claim scope cannot depend solely on the unrestrained, subjective opinion of a particular individual purported to be practicing the invention. Datamize LLC v. Plumtree Software, Inc., 417 F.3d 1342, 1350, 75 USPQ2d 1801, 1807 (Fed. Cir. 2005)); see also Interval Licensing LLC v. AOL, Inc., 766 F.3d 1364, 1373, 112 USPQ2d 1188 (Fed. Cir. 2014) (holding the claim phrase "unobtrusive manner" indefinite because the specification did not "provide a reasonably clear and exclusive definition, leaving the facially subjective claim language without an objective boundary").
Claim Rejections - 35 USC § 102
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –

(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale, or otherwise available to the public before the effective filing date of the claimed invention.

Claims 11-14, and 16 are rejected under 35 U.S.C. 102(a)(1) as being anticipated by United States Patent Application Publication No. US 20140325215 A1 to Wright, hereinafter Wright.
Regarding claim 11, Wright discloses a  computer system in a distributed networked environment to identify a data file and allow access to the data file (Figures 4 and 6, paragraph 77, “distributed computing environments” and paragraph 78, “distributed computing environment”) wherein such access is allowed only after access policies assigned to the data file are met (paragraph 8, “The host device may access the encryption key only if the first verification code matches the second verification code”, and paragraph 75, “Upon receiving the encrypted filed in message 508, computer 505 disconnects from network 509 and uses encryption key 506 to decrypt the encrypted filed.  The decrypted file may then be provided to the second subscriber”), the system comprising: 
a plurality of endpoint computing devices with a computer network connection to at least one key store server executing computer code to (Figure 4, paragraph 47, “For encryption systems using a central server 401 to decrypt and re-encrypt files that are exchanged between two subscribers, the encryption keys for each : 
a) generate encryption keys and use the encryption keys to encrypt the data file (Figure 3, paragraph 8, “The random string encryption key may be generated at the remote device using a white noise source.”…”A source data file stored on an external memory device may be encrypted using the encryption key”, paragraph 20, “Figure 3 illustrates an encryption circuit for generating an encryption key according to one embodiment”, and paragraph 39, “Server 401 generates encryption keys or receives the encryption keys from an external encryption circuit.  Server 401 contains at least the same number of encryption keys as there are subscribers to the service”), 
and b) to obtain a universal file identifier (UFI) from key store servers or generate a UFI using a string, number, or combination of file attributes from the post-encrypted data file, and confirm the UFI is unique by querying all the key store servers it is connected to (paragraph 11, “The file name of the data file may also be encrypted into the encrypted data file.  A random index may also be encrypted into the encrypted data file.  A new file name is assigned to the encrypted data file to protect the original, encrypted file name”, and paragraphs 44, 45, and 48, “In addition to the name of the file, a random-number index may be encrypted and put into the encrypted file as a starting point for the encrypted file.”), 
the encrypted data file such that it is retrieved from the encrypted data file without the file decryption key (paragraphs 11, 44 and 48), 
and d) to send the UFI and the encryption/decryption keys coupled to the key store server (paragraphs 49, 50, 52, 53, and 57), 
and e) to delete the encryption keys from said endpoint computing device (paragraph 74, “delete the encryption keys to provide increased security and privacy to the subscribers”); 
and a plurality of key store servers, which are computing devices with a computer network connection to other computing devices (Figures 4, 5, and 6, paragraphs 22, 47, and 77), the key store servers comprise executable computer code to: 
a) process requests from endpoint computing devices with coupled keys and the UFI, stores the UFI and the encryption/decryption keys coupled (paragraphs 53, 54, and 65), 
and b) to process file access requests that have at least the UFI of the data file from endpoint computing devices (paragraphs 11, 13 and 44), 
and c) to calculate access permissions through evaluating access policies attached to the said UFI and retrieve the keys that are coupled with said UFI if access is to be granted (paragraphs 11, 13, 40, and 42, “extracts the encryption key”, and paragraphs 44 and 45), 
and d) to send permissions and coupled encryption/decryption keys to the requesting computing devices (paragraphs 49, 50, 52, 53, and 57); 
and a plurality of endpoint computing devices with a computer network connection to all key store servers (Figures 4 and 6, paragraph 77, “distributed computing environments” and paragraph 78, “distributed computing environment”), the endpoint computing devices executing computer code to: 
a) open an encrypted data file and extract the UFI (paragraphs 44 and 45, “Both the encrypted file name and the original file can both be recovered”, and paragraph 66), 
and b) to send access requests that contain the UFI of the data file to all key store servers on behalf of the user (paragraphs 11, 13 and 44), 
and c) to receive encryption/decryption keys and permission level (paragraphs 49, 50, 52, 53, and 57), 
and d) to decrypt the data file to provide the contents of the data file to the user in such a manner that the permission to access the content
Regarding claim 12, Wright discloses wherein the endpoint computing device further comprises a processor (paragraphs 10, 15, and 27), network interface card (paragraph 85), memory (paragraph 7, “coupled to a memory”) and non-transitory storage (paragraph 80) that contains program instructions to perform one or more of the below tasks:
         a) generating encryption/decryption keys and using them to encrypt the data file (Figure 3, paragraph 8, “The random string encryption key may be generated at the remote device using a white noise source.”…”A source data file stored on an external memory device may be encrypted using the encryption key”, paragraph 20, “Figure 3 illustrates an encryption circuit for generating an encryption key according to one embodiment”, and paragraph 39, “Server 401 generates encryption keys or receives the encryption keys from an external encryption circuit.  Server 401 contains at least the same number of encryption keys as there are subscribers to the service”),
         b) obtaining from a device or generating a universal file identifier (UFI) for the post-encrypted data file using a string or number or combination of the data file’s attributes (paragraph 11, “The file name of the data file may also be encrypted into the encrypted data file.  A random index may also be encrypted into the encrypted data file.  A new file name is assigned to the encrypted data file to protect the original, encrypted file name”, and paragraphs 44, 45, and 48, “In addition to the name of the file, a random-number index may be encrypted and put into the encrypted file as a starting point for the encrypted file.”), and confirm the uniqueness of the proposed UFI by the database (paragraphs 40 and 45) and/or all the key store servers that serves the same domain,
        c) attaching the said UFI when it is not calculated entirely from the file attributes of a post-encrypted file in a manner such that is retrieved without the need of the data file’s decryption key (paragraphs 11, 13, 40, 44, 45, and 48),
       d) sending the UFI and the keys to encrypt/decrypt the data files coupled to the key store server (paragraphs 49, 50, 52, 53, and 57),
      e) deleting the keys from memory and storage (paragraph 74, “delete the encryption keys to provide increased security and privacy to the subscribers”),
     f) opening an encrypted file and extracting the UFI (paragraphs 44 and 45, “Both the encrypted file name and the original file can both be recovered”, and paragraph 66)I,
    g) sending access requests that contain the UFI to all key store modules on behalf of the user (paragraphs 11, 13 and 44),
   h) receiving the keys and permission from the key stores (paragraphs 49, 50, 52, 53, and 57),
provide the true contents to the particular user in such a manner that permission to the content matches the permission level obtained from the key store server (paragraphs 12-16, 45, 47, 65, 71, 72, and 75).
     [Based upon the claim language “to perform one or more of the below tasks”, it is broadly interpreted by the Examiner that only one of claim limitations a-f need to be cited within the prior art.]
Regarding claim 13, Wright discloses wherein the key store server device further comprises a processor, network interface card, memory and non-transitory storage that contains the program instructions to perform one or more of the below tasks:
    a) processing requests from the endpoint computing devices with the coupled keys and UFI (paragraphs 11, 13, 44, 53, 54, and 65),
    b) storing the UFI and its coupled encryption/decryption keys (paragraphs 53 and 54),
   c) processing file access requests that have at least the UFI of the intended data file from the endpoint computing devices (paragraphs 11, 13 and 44),
  d) calculating access permission through evaluating access policies attached to the said UFI and retrieving the keys that are coupled with said UFI if permission is to be granted (paragraphs 11, 13, 40, and 42, “extracts the encryption key”, and paragraphs 44 and 45),

   and f) receiving and storing the access policies coupled with the UFI (paragraphs 11, 13, 40, and 42, 44 and 45).
           [Based upon the claim language “to perform one or more of the below tasks”, it is broadly interpreted by the Examiner that only one of claim limitations a-f need to be cited within the prior art.]
Regarding claim 14, Wright discloses wherein the UFI may be a string, number, or string presentation of combination of file attributes that are unique in the database and/or among all key stores that serves the same domain (paragraph 11, “The file name of the data file may also be encrypted into the encrypted data file.  A random index may also be encrypted into the encrypted data file.  A new file name is assigned to the encrypted data file to protect the original, encrypted file name”, and paragraphs 44, 45, and 48, “In addition to the name of the file, a random-number index may be encrypted and put into the encrypted file as a starting point for the encrypted file.”), and the uniqueness is further enforced by querying the database (paragraphs 40 and 45) and/or all the key stores that serves the same domain of the existence of the said UFI.
Regarding claim 16, Wright discloses wherein the key store server further comprises program instructions to store and assign a set of policies to a data file through the unique linkage to the UFI of said data file stored on the key store server or database, to use the linked policies to determine the access rights to the data file when requested by endpoint devices on behalf of users (paragraphs 11, 40, 44, 45, and 48). 
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claim 15 is rejected under 35 U.S.C. 103 as being unpatentable over Wright as applied to independent claim 11 above, and further in view of United States Patent Application Publication No. US 20080212781 A1 to Vennelakanti et al., hereinafter Vennelakanti.
Wright discloses the claimed invention, as cited above. However, Wright does not disclose the claim limitations pertaining to “symmetric or asymmetric keys”.  Vennelakanti discloses said limitations, as cited below.
Regarding claim 15, Vennelakanti discloses wherein the endpoint device further comprise of program instructions to encrypt the file with randomly generated symmetric or asymmetric keys, and all keys necessary to encrypt and decrypt the data file and post-encrypted data file are to be sent to the key store coupled with the UFI of the data file (paragraph 22, “symmetric cryptography key”, and paragraphs 23-25).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to incorporate the teachings of Vennelakanti with the teachings of Wright to provide effective security protection of the data (Vennelakanti – paragraphs 44 and 46).
In assessing whether a claim to a combination of prior art elements/steps would have been obvious, the question to be asked is whether the improvement of the claim is more than the predictable use of prior art elements or steps according to their established functions. KSR Int’l Co. v. Teleflex Inc., 550 U.S. 398, 418 (2007). “[T]he analysis need not seek out precise teachings directed to the specific subject matter of the challenged claim, for a court can take account of the inferences and creative steps that a person of ordinary skill in the art would employ.” Id. at 418.  It is well established that in evaluating references it is proper to take into account not only the specific teachings of the references but also the inferences which one skilled in the art would reasonably be expected to draw therefrom. In re Preda, 401 F.2d 825, 826 (CCPA 1968).
Claim 17 is rejected under 35 U.S.C. 103 as being unpatentable over Wright, as applied to independent claim 11 above, and further in view of United States Patent Application Publication No. US 20150222604 A1 to Ylonen, hereinafter Ylonen.
Wright discloses the claimed invention, as cited above.  However, Wright does not disclose the claim limitations pertaining to applying a limit to the access of users “for a period of time”.  Ylonen discloses said limitations, as cited below.
Regarding claim 17, Ylonen discloses wherein the key store server further consists of program instructions to apply a limit on the number of data files that can be whereby when the number of requests is determined to be abusive by the policy, the system performs actions set by the policy including stopping granting access of data files to the said user for a period of time (paragraph 366, “Jobs may be constrained not to run for more than this amount of time (though it is possible to suspend a job by saving its state, so that other jobs can run in between and the job can be continued later).  If any job runs too long (e.g., more than 80% of the predefined maximum time), it is forcibly killed by a watchdog program on the back-end computer (the watchdog program may, e.g., read the process list once a minute and forcibly kill all job-execution processes that have run too long).  This ensures it is very unlikely that a job could hang for more than the predefined time”).
[It has been upheld that a “whereby” clause is not given weight when it simply expresses the intended result of a step positively recited.  Please refer to Minton v. Nat’l Ass’n of Securities Dealers, Inc., 336 F.3d 1373, 1381, 67 USPQ2d 1614, 1620 (Fed. Cir. 2003).]
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to incorporate the teachings of Ylonen with the teachings of Wright so as to prevent a monopolization of a system by a particular user, freeing up resources for other users (Ylonen – paragraph 366).
In assessing whether a claim to a combination of prior art elements/steps would have been obvious, the question to be asked is whether the improvement of the claim is more than the predictable use of prior art elements or steps according to their established functions. KSR Int’l Co. v. Teleflex Inc., 550 U.S. 398, 418 (2007). “[T]he analysis need .
Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. The references cited on form PTO-892 are cited to further show the state of the art with respect to the encryption of files.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to JEREMIAH L AVERY whose telephone number is (571)272-8627. The examiner can normally be reached M-F 8:30am -5:00pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Lynn Feild can be reached on 571-272-2092. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.



/JEREMIAH L AVERY/Primary Examiner, Art Unit 2431