DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
This written action is responding to the amendment dated on 10/11/2021.
Claims 1, 3, 5-6, 14, 17 and 19 have been amended.
Claims 4, 7-9 and 18 have been canceled.
Claims 1-3, 5-6, 10-17 and 19-20 are submitted for examination.
Claims 1-3, 5-6, 10-17 and 19-20 are pending.
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.

Response to Arguments
Applicant’s amendment, filed on October 11, 2021, has claims 1, 3, 5-6, 14, 17 and 19 amended, claims 4, 7-9 and 18 canceled, and all other claims previously presented. Among the amended claims, claims 1, 14 and 17 are independent ones, and thus, the amendment necessitates a new ground of rejection.
Applicant’s remark, filed on October 11, 2021 at page 7, asserts, “In the Office Action, the Examiner objected to claims 11 and 19 on grounds that that claim language is 
Applicant’s argument presented above has been considered and is found persuasive, objection to claims 11 and 19 has been withdrawn.
Applicant’s remark, filed on October 11, 2021 at pages 8-10, indicates, “With regard to amended claim 1, Chandrasekhar fails to disclose at least: retrieving a key encryption key from a local storage, wherein the key encryption key has been previously generated using an encryption passphrase received from a user of the client device, wherein the key encryption key is used to encrypt a private key, and wherein the encrypted private key is remotely stored together with a hash of the key encryption key in the distributed environment; [and] generating a hash of the key encryption key and sending a request for retrieving the encrypted private key associated with the key encryption key from the distributed environment, wherein the hash in the request is validated with the remotely 
	Applicant’s argument presented above has been considered and is found persuasive due to Applicant’s amendment.  The amendment now necessitates a new ground of rejection.  Accordingly, a new ground of rejection based on newly identified prior-art by Kremp et al. (US 2015/031), Lam et al. (US 2003/0163433), and Brickell (US 6,834,112) has been applied to the amendment.
	Specifically, Kremp discloses a method generating a key encryption key (KEK) using a password or passphrase and/or hashing the password or passphrase, and the derived KEK encrypt the encryption key (KE) (i.e. public or private key) in order to encrypt and decrypt data stored in a shared data storage (See Parag. [0072-0074]).
	In addition, Lam teaches a method for retrieving a value secured in a key management system comprising receiving a request for the value secured in the key management system, inputting a key encryption key into the key management system, hashing the key encryption key to produce a key encryption key hash, comparing the key encryption key hash to a hashed key encryption key (See abstract and Parag. [0010]).
	Finally, Brickell discloses a method for secure distribution of a private key.  The user's private key is transmitted to the client from a remote server in an encrypted format. A first hash of the user's password is transmitted to the remote server and is used to authenticate the user. Thus, the private key can be securely distributed from the remote server to the client computer system. The distribution does not require the user to carry any special hardware devices and only requires a single password. Because the private key is not permanently stored at the client computers, even if an unauthorized user has access to the client computers, they are not likely to be able to obtain the private key. (See Abstract). 
Thus, Examiner submits that Kremp teaches the amended feature limitation, “… wherein the key encryption key has been previously generated using an encryption passphrase received from a user of the client device; wherein the key encryption key is used to encrypt a private key; …” In addition, Lam teaches the amended feature limitation “… wherein … stored together with a hash of the key encryption key in the distributed environment and generating a hash of the key encryption key…”; and Brickell teaches the amended feature limitation, “… wherein the hash in the request is validated with the remotely stored hash in the distributed environment and the 
The combination of Kremp, Lam, Brickell and Chandrasekhar discloses amended claim 1 (See rejection below).
Applicant’s remarks regarding amended independent claim 14 and 17 has been considered and is addressed based on the same rationale presented for the amended claim 1.
Applicant further recites similar remarks as listed above for dependent claims, 2-3, 5, 10-13, 15-16 and 20. Please refer to the aforementioned response, which addresses how the new combination of prior-art references by Kremp, Lam, Brickell and Chandrasekhar would render the claimed limitations obvious. In addition, regarding claim 5, Examiner respectfully submits that the reference of Erofeev in combination with the new set or references still teaches the claimed limitations (See rejection below)
Applicant further recites similar remarks as listed above for dependent claims 6 and 19. Please refer to the aforementioned response, which addresses how the new combination of prior-art references by Kremp, Lam, Brickell and Chandrasekhar would render the claimed limitations obvious. In addition, Examiner respectfully submits that the reference of Liu in combination with the new set or references still teaches the claimed limitations (See rejection below).


Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1-3, 10-17 and 19-20 are rejected under 35 U.S.C. 103 as being unpatentable over Kremp et al. (US 2015/0318987) hereinafter Kremp in view of Lam et al. (US 2003/0163433) hereinafter Lam, and in further view of  Chandrasekhar et al. (US 9,954,828) hereinafter Chandrasekhar and  Brickell (US 6,834,112).
As per claim 1, Kremp teaches a computer-implemented method for securely retrieving data on a client device in a distributed environment (Kremp, Parag. [0147]; “One example implementation may include computing system 810 acting as client application server that performs steps relating to implementing an improved encryption scheme for data store and retrieved from a shared data store.”), the method comprising:
retrieving a key encryption key from a local storage (Kremp, Parag. [0081]; “The KEK may thereafter be retrieved from Local Persistent Storage 220 by first client entity 110 when first client entity 110 wishes to write or read sensitive data to or from, respectively, the shared medium.”), wherein the key encryption key has been previously generated using an encryption passphrase received from a user of the client device (Kremp, Parag. [0072]; “At stage 330, key derivation module 230 of first client entity 110 generates a key encryption key (KEK) using the registration password or passphrase received from system administration module 105 in 310, and the salt it locally generated at 320, as inputs to a key derivation calculation.”), wherein the key encryption key is used to encrypt a private key (Kremp, Parag. [0074]; “The derived KEK may then be used as a cryptographic key in subsequent operations to encrypt the encryption key EK used for encrypting data.”), and [wherein the encrypted private key is remotely stored together with a hash of the key encryption key in the distributed environment];
[generating a hash of the key encryption key]; and 
[sending a request for retrieving the encrypted private key associated with the key encryption key from the distributed environment, wherein the hash in the request is validated with the remotely stored hash in the distributed environment and the encrypted private key is returned to the client device upon successful validation of both hashes];
decrypting the encrypted private key using the key encryption key, thereby generating the private key (Kremp, Parag. [0082]; “the KEK is operable to decrypt or “unlock” an encryption key EK stored in encrypted form on shared data store 150. Once unlocked, the encryption key EK may be used by first client entity 150 either to encrypt data (for a write operation) or decrypt data (for a read operation) in the course of data system operations.”);
[retrieving encrypted data from the distributed environment, the encrypted data being remotely stored in the distributed environment]; and
decrypting the encrypted data using the private key (Kremp, Parag. [0082]; “the KEK is operable to decrypt or “unlock” an encryption key EK stored in encrypted form on shared data store 150. Once unlocked, the encryption key EK may be used by first client entity 150 either to encrypt data (for a write operation) or decrypt data (for a read operation) in the course of data system operations.”).
Kremp does not expressly teaches:
wherein the encrypted private key is remotely stored together with a hash of the key encryption key in the distributed environment;
generating a hash of the key encryption key;
sending a request for retrieving the encrypted private key associated with the key encryption key from the distributed environment, wherein the hash in the request is validated with the remotely stored hash in the distributed environment and the encrypted private key is returned to the client device upon successful validation of both hashes;
retrieving encrypted data from the distributed environment, the encrypted data being remotely stored in the distributed environment.
However, Lam teaches:
wherein the encrypted private key is remotely stored together with a hash of the key encryption key in the distributed environment (Lam, Parag. [0010]; “… decrypting a secret token in the de-serialized file using the key encryption key if the key encryption key hash is equal to the hashed key encryption key in the de-serialized file to produce at least one tuple.” … Parag. [0041]; “In one embodiment of the present invention, secret tokens are stored in a random order within the secret token portion (56). Following the secret token portion (56) is the KEK Hash portion (58). The KEK Hash portion (58) holds the result of applying the hash function to the KEK, i.e., the KEK Hash.” {See Fig. 5}); and
Lam, Parag. [0010]; “inputting a key encryption key into the key management system, hashing the key encryption key to produce a key encryption key hash”).
Kremp and Lam are from similar field of technology. Prior to the instant application’s effective filling date, there was a need for securely retrieving data on a client device in a distributed environment, a respective client device, a method for securely providing data in a distributed environment, a corresponding distributed environment, and one or more machine-readable media.
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Lam’s system into Kremp system, with a motivation to provide a method for retrieving data secured within the key management system and managing data secured within the key management system (Lam, Parag. [0030]); applying encryption techniques like key encryption and hash functions.
The combination of Kremp and Lam does not expressly teach:
wherein the encrypted private key is remotely stored …;
sending a request for retrieving the encrypted private key associated with the key encryption key from the distributed environment, wherein the hash in the request is validated with the remotely stored hash in the distributed environment and the encrypted private key is returned to the client device upon successful validation of both hashes;
retrieving encrypted data from the distributed environment, the encrypted data being remotely stored in the distributed environment.

wherein the encrypted private key is remotely stored (Chandrasekhar, Col. 4, lines 55-64; “The cloud data protection module 220 encrypts the customer's private key using the customer's credential. For example, the cloud data protection module 220 can encrypt the customer's private key using the customer's credential (e. g., password, user name, or both) as a symmetric key using a conventional symmetric key encryption algorithm. The customer’s public key is not encrypted. The cloud data protection module 220 provides the customer's public key and encrypted private key to the key server 260 for remote storage (see arrow 202).”) …;
sending a request for retrieving the encrypted private key associated with the key encryption key from the distributed environment (Chandrasekhar, Col. 4, lines 61-64; “The cloud data protection module 220 provides the customer's public key and encrypted private key to the key server 260 for remote storage (see arrow 202)”. … Col. 5, lines 41-44; “the cloud data protection module 220 obtains the customer's credential (see arrow 201), requests the key server 260 to provide the customer's encrypted private key (see arrow 202).” … Col. 6, lines 14-21; “The cloud data protection module 220 can encrypt the encryption key (e. g., the private key) and decrypt the resulting encrypted encryption key using the customer's credential. The cloud data protection module 220 stores the encrypted encryption key in the key server computer system 360 and retrieves the encrypted encryption key from the key server computer system 360 as needed (see arrow 303).”), [wherein the hash in the request is validated with the remotely stored hash in the 
retrieving encrypted data from the distributed environment, the encrypted data being remotely stored in the distributed environment (Chandrasekhar, Col. 5, lines 24-33; “The encrypted data can be optionally forwarded through the encrypted search server 230 in embodiments where searches are performed on encrypted data stored in the cloud. Once logged in the cloud data protection system, the customer can retrieve encrypted data from the cloud in the reverse data flow direction. More specifically, encrypted data stored in the data storage device 241 in the cloud are transmitted by the cloud application server 240 to the cloud data protection module 220 (see arrow 205).”).
Kremp, Lam and Chandrasekhar are from similar field of technology. Prior to the instant application’s effective filling date, there was a need for securely retrieving data on a client device in a distributed environment, a respective client device, a method for securely providing data in a distributed environment, a corresponding distributed environment, and one or more machine-readable media.
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Chandrasekhar system into Kremp-Lam system, with a motivation to provide a system for protecting data stored in the cloud includes a computing device that generates a plaintext encryption key and encrypts the plaintext encryption key using a credential of a customer that uses a cloud application (Chandrasekhar, Abstract]).

… wherein the hash in the request is validated with the remotely stored hash in the distributed environment and the encrypted private key is returned to the client device upon successful validation of both hashes.
But, Brickell teaches:
wherein the hash in the request is validated with the remotely stored hash in the distributed environment and the encrypted private key is returned to the client device upon successful validation of both hashes (Brickell, Col. 5, lines 1-8; “Key Server cryptographic program 150 authenticates the user by matching the transmitted login name and Hash1 to the corresponding values in table 250 (i.e., entries 251 and 252). If the values match, the user is assumed to be the user specified by the login name, and the user's wrapped private key (entry 253) is transmitted back to the user. (Acts 304, 305). If the values do not match, an error message is returned to the user. (Acts 304,306).”);
Kremp, Lam, Chandrasekhar and Brickell are from similar field of technology. Prior to the instant application’s effective filling date, there was a need for securely retrieving data on a client device in a distributed environment, a respective client device, a method for securely providing data in a distributed environment, a corresponding distributed environment, and one or more machine-readable media.
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Brickell’s system into Kremp-Lam-Chandrasekhar system, with a motivation to provide a method for Brickell, Col. 1, lines 9-11]) and the use of hashes for authentication purposes (Brickell, Abstract).

As per claim 2, the combination of Kremp, Lam, Chandrasekhar and Brickell teaches the computer-implemented method of claim 1. Chandrasekhar further teaches wherein the encrypted private key is stored in a cloud storage of the distributed environment (Chandrasekhar, Col. 4, lines 61-64; “The cloud data protection module 220 provides the customer's public key and encrypted private key to the key server 260 for remote storage (see arrow 202).”).

As per claim 3, the combination of Kremp, Lam, Chandrasekhar and Brickell teaches the computer-implemented method of claim 2. Chandrasekhar further teaches wherein the encrypted data is stored in a further cloud storage of the distributed environment that is separate from the cloud storage storing the encrypted private key (Chandrasekhar, Col. 3, lines 64-67; “… encrypts the encryption key using the customer's credential, provides the encrypted encryption key to the key server 260 for storage, and forwards the encrypted data to the cloud application server 240 for storage in the cloud.” Examiner submits that the cloud application server 240 is separate from key server 260, as shown in Fig. 2 of Chandrasekhar).

As per claim 10, the combination of Kremp, Lam, Chandrasekhar and Brickell teaches the computer-implemented method of claim 1. Brickell teaches further comprising Brickell, Col. 2, lines 60-63; “A first hash of the user's password is used to authenticate the user ….” … Col. 5, lines 53-55; “a private key can be securely distributed from a key server to multiple client computer systems after the user of client computer is authenticated.”).

As per claim 11, the combination of Kremp, Lam, Chandrasekhar and Brickell teaches the computer-implemented method of claim 1. Chandrasekhar teaches wherein the encrypted data is symmetrically encrypted using a symmetric key, wherein the symmetric key is based on the private key (Chandrasekhar, Col. 9, lines 58-63; “For example, the cryptography module 513 can generate a private key-public key pair for a customer and use private key to encrypt the plaintext data. The cryptography module 513 can thereafter encrypt the private key in accordance with a symmetric key encryption algorithm that uses the customer's credential as the symmetric key.”).

As per claim 12, the combination of Kremp, Lam, Chandrasekhar and Brickell teaches the computer-implemented method of claim 1. Brickell teaches wherein the encrypted data is asymmetrically encrypted using a public key associated with the private key (Brickell, Col. 1, lines 40-46; “For encryption, information encrypted with the public key (or public encryption key) can only be decrypted with the private key (or private decryption key). For example, if a first user encrypts a message with the public key, only the holder of the private key can recover the original message.”).

As per claim 13, the combination of Kremp, Lam, Chandrasekhar and Brickell teaches the computer-implemented method of claim 1. Chandrasekhar teaches wherein the data is medical patient data (Chandrasekhar, Col. 1, lines 27-32; “Those who subscribe to use the cloud applications, who are also referred to as "customers,” remotely access a cloud application using a client device running a cloud application client, which can be a web browser. A cloud application, such as a cloud storage service, can involve storing data in the cloud.” Examiner submits that the term user or customer data implies any type of data including patient data.).

As per claim 14, the rejection of claim 1 is incorporated. In addition, it is an apparatus claim that recites limitations to those of claim 1, and therefore, claim 14 is rejected for the same rationale applied to claim 1.  In addition, Kremp teaches a local memory and one or more processors (Kremp, Parag. [0145]; “An example computer system 810 is illustrated in FIG.8. Computer system 810 includes a bus 805 or other communication mechanism for communicating information, and one or more processor(s) 801 coupled with bus 805 for processing information. … Computer system 810 also includes a memory 802 coupled to bus 805 for storing information and instructions to be executed by processor 801, including information and instructions for performing some of the techniques described above, for example. This memory may also be used for storing programs executed by processor 801. Memory 802 may comprise a single or multiple storage components or devices.”).

As per claim 15, the combination of Kremp, Lam, Chandrasekhar and Brickell teaches the client device of claim 14. Kremp teaches wherein the local memory is configured to provide a secured storage area for storing of the key encryption key and/or of the private key (Kremp, Parag. [0057]; “Once a KEK is generated by key derivation module 180, the KEK is stored in a secure local persistent and secure storage 220. In this manner, the KEK is kept secret or hidden within the client entities themselves.”).

As per claim 16, the combination of Kremp, Lam, Chandrasekhar and Brickell teaches the client device of claim 15. Chandrasekhar further teaches wherein the secured storage area is automatically purged after exiting the secured application (Chandrasekhar, Col. 12, lines 41-49; “The first computing device keeps the resulting plaintext encryption key in volatile memory. This ensures that the plaintext encryption key is deleted from the first computing device when the first computing device is rebooted or powered down. The first computing device also removes the plaintext encryption key from the first computing device when the customer's signs off the cloud data protection system or after a predetermined period of inactivity.”).

As per claim 17, the rejection of claim 1 is incorporated. In addition, it is a system claim that recites limitations to those of claim 1, and therefore, it is rejected for the same rationale applied to claim 1.

19, the rejection of claim 17 is incorporated. In addition, it is a system claim that recites limitations to those of claims 11 and 12 and therefore it is rejected for the same rationale applied to claims 11 and 12.

As per claim 20, the rejection of claim 17 is incorporated. In addition, it is a system claim that recites limitations to those of claims 2 and 3, and therefore, it is rejected for the same rationale applied to claims 2 and 3.

Claim 5 is rejected under 35 U.S.C. 103 as being unpatentable over Kremp et al. (US 2015/0318987) hereinafter Kremp in view of Lam et al. (US 2003/0163433) hereinafter Lam, and in further view of Chandrasekhar et al. (US 9,954,828) hereinafter Chandrasekhar and Brickell (US 6,834,112) as applied to claim 1 above, and further in view of Erofeev et al. (US 9,367,702) hereinafter Erofeev.
As per claim 5, the combination of Kremp, Lam, Chandrasekhar and Brickell teaches the computer-implemented method of claim 1. Chandrasekhar further teaches [changing the encryption passphrase], including receiving a new encryption passphrase, generating a [new] key encryption key (Kremp, Parag. [0072]; “At stage 330, key derivation module 230 of first client entity 110 generates a key encryption key (KEK) using the registration password or passphrase received from system administration module 105 in 310, and the salt it locally generated at 320, as inputs to a key derivation calculation.”), encrypting the retrieved private key using the [new] key encryption key (Kremp, Parag. [0074]; “The derived KEK may then be used as a crypto graphic key in subsequent operations to encrypt the encryption key EK used for encrypting data.”), thereby generating a [new] encrypted private key (Kremp, Parag. [0082]; “the KEK is operable to decrypt or “unlock” an encryption key EK stored in encrypted form on shared data store 150. Once unlocked, the encryption key EK may be used by first client entity 150 either to encrypt data (for a write operation) or decrypt data (for a read operation) in the course of data system operations.”), and 
In addition, Lam teaches:
storing the [new] encrypted private key together with a hash of the [new] key encryption key remotely in the distributed environment (Lam, Parag. [0010]; “… decrypting a secret token in the de-serialized file using the key encryption key if the key encryption key hash is equal to the hashed key encryption key in the de-serialized file to produce at least one tuple.” … Parag. [0041]; “In one embodiment of the present invention, secret tokens are stored in a random order within the secret token portion (56). Following the secret token portion (56) is the KEK Hash portion (58). The KEK Hash portion (58) holds the result of applying the hash function to the KEK, i.e., the KEK Hash.” {See Fig. 5}).
The combination of Kremp, Lam, Chandrasekhar and Brickell does not expressly teaches:
changing the encryption passphrase, [including receiving a new encryption passphrase], generating a new key encryption key, encrypting the retrieved private key using the new key encryption key, thereby generating a new encrypted private key, …
However, Erofeev teaches:
Erofeev, Col. 63, lines 55-60; “The encryption module 922 can obtain a new passphrase for the user by, for example, prompting the user for a new passphrase. The encryption module 922 can then hash the new passphrase and use the hashed version of the new passphrase to encrypt the private key. Any unencrypted copies of the private key can be discarded. Further, the passphrase provided by the user may also be discarded.” Examiner submits that only the newly encrypted private key and hash of the new passphrase will be retained. Any unencrypted copies of the private key as well as passphrase can be discarded (i.e., not stored)).
Kremp, Lam, Chandrasekhar and Brickell and Erofeev are from similar field of technology. Prior to the instant application’s effective filling date, there was a need for securely retrieving data on a client device in a distributed environment, a respective client device, a method for securely providing data in a distributed environment, a corresponding distributed environment, and one or more machine-readable media.
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Erofeev’s system into Kremp-Lam-Chandrasekhar-Brickell system, with a motivation to help protect data and to increase the accessibility of the data both throughout the enterprise environment and outside of the enterprise environment, many users and organizations store data on Erofeev, Col. 1, lines 62-66).

Claim 6 is rejected under 35 U.S.C. 103 as being unpatentable over Kremp et al. (US 2015/0318987) hereinafter Kremp in view of Lam et al. (US 2003/0163433) hereinafter Lam, and in further view of Chandrasekhar et al. (US 9,954,828) hereinafter Chandrasekhar and Brickell (US 6,834,112) as applied to claim 1 above, and further in view of Erofeev et al. (US 9,367,702) hereinafter Erofeev and Liu et al. (US 7,493,661) hereinafter Liu.
As per Claim 6, the combination of Kremp, Lam, Chandrasekhar and Brickell teaches the computer-implemented method of claim 1. 
However, the combination of Kremp, Lam, Chandrasekhar and Brickell does not expressly teaches:
further comprising receiving, from a user of the client device, an input specifying a recovery key, generating a hash of the recovery key, and evaluating the hash of the recovery key with a hash of the private key, the hash of the private key being remotely stored in the distributed environment, wherein if the hash of the recovery key matches the hash of the private key, the user is enabled to change the encryption passphrase. 
But, Liu teaches
receiving, from a user of the client device, an input specifying a recovery key (Liu, Col. 13, lines 53-56; “Recovery application 206 is invoked by a user (sender 102 or recipient 104) and supports the recovery of the private key of the user in the event the private key is lost or the signature phrase is forgotten. Col. 27, lines 30-32; “In one implementation, the recovery process is invoked by calling or going to a key recovery webpage.” … Col. 27, lines 42-43; “… selects a key recovery process and enters the answer to the recovery question …”), generating a hash of the recovery key, and evaluating the hash of the recovery key with a hash of the private key, the hash of the private key being remotely stored in the distributed environment (Liu, Col. 20, lines 41-45; “If signature manager 132 receives a successful message from key server 108 which includes a hash of the private key (241), it computes a separate hash from the private key (242).” … Col. 27, lines 29-50; “The user invokes a recovery process and submits a recovery request (1004). In one implementation, the recovery process is invoked by calling or going to a key recovery web page. In one implementation, the process can be invoked in signature manager 132. Responsive to the recovery request, the user receives a recovery question from the key server (1005). The recovery question was created by the user during the initialization process for the generation of the private and public keys and stored by the key server. Assuming the user remembers the answer to the recovery question, the private key of the user can be recovered. More specifically, in one implementation the user invokes signature manager 132, selects a key recovery process and enters the answer to the recovery question (1007). The signature manager applies a hash function to the modified answer (in a fashion similar to that described above in step 234 of FIG.2.f), generates a recovery request and submits both to key server 108 (1008). Key server 108 compares the hashed answer received with the hashed answer stored with the recovery data and, if they match, sends an encrypted file to the key owners E-mail address (1011).” Examiner submits that the recovery question and answer are a part of the recovery/private keys.), wherein if the hash of the recovery key matches the hash of the private key (Liu, Col. 20, lines 41-45; “If signature manager 132 receives a successful message from key server 108 which includes a hash of the private key (241), it computes a separate hash from the private key (242). Signature manager 132 then compares the computed hash with received hash (243). If the two hashes match (244)…”), … 
Kremp, Lam, Chandrasekhar, Brickell and Liu are from similar field of technology. Prior to the instant application’s effective filling date, there was a need for securely retrieving data on a client device in a distributed environment, a respective client device, a method for securely providing data in a distributed environment, a corresponding distributed environment, and one or more machine-readable media.
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Liu’s system into Kremp-Lam-Chandrasekhar-Brickell system, with a motivation to provide a computing systems and more particularly a method and system for providing secure data transmissions between Internet users. (Liu, Col. 1, lines 12-14).
However, the combination of Kremp, Lam, Chandrasekhar, Brickell and Liu does not expressly teaches:
…, the user is enabled to change the encryption passphrase.
But, Erofeev teaches:
…, the user is enabled to change the encryption passphrase (Erofeev, Col. 63, lines 55-60; “The encryption module 922 can obtain a new passphrase for the user by, for example, prompting the user for a new passphrase. The encryption module 922 can then hash the new passphrase and use the hashed version of the new passphrase to encrypt the private key. Any unencrypted copies of the private key can be discarded. Further, the passphrase provided by the user may also be discarded.” Examiner submits that only the newly encrypted private key and hash of the new passphrase will be retained. Any unencrypted copies of the private key as well as passphrase can be discarded (i.e., not stored)).
Kremp, Lam, Chandrasekhar, Brickell and Liu are from similar field of technology. Prior to the instant application’s effective filling date, there was a need for securely retrieving data on a client device in a distributed environment, a respective client device, a method for securely providing data in a distributed environment, a corresponding distributed environment, and one or more machine-readable media.
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Erofeev’s system into Kremp-Lam-Chandrasekhar-Brickell-Liu system, with a motivation to help protect data and to increase the accessibility of the data both throughout the enterprise environment and outside of the enterprise environment, many users and organizations store data on secondary storage devices or on a device in a network (e.g., cloud storage devices) (Erofeev, Col. 1, lines 62-66).


Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.
Stein, K.; US 6,370,250: relates to electronic data transfer security and in particular to defeating private key discovery attacks in a public key cryptography system. Still more particularly, the present invention relates to providing an authentication mechanism for accessing private keys utilizing in decoding an encrypted data transfer.
Araya et al.; US 2019/0318102: relates to data processing, and in particular relates to systems and methods to securely manage imported data pertaining to an entity in a distributed system, such that the entity retains control over such within the distributed system.
Qian, X.; US 2017/0142082: relates to cryptographic systems and methods to allow for secure deposit and recovery of secret data. More particularly, the disclosure relates to cryptographic systems and methods that use encryption to provide data security and access control on distributed data across communication networks such as the internet.

THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 

A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. 

Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Yin-Chen Shaw can be reached on 571-272-8878. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.



/A.D.C./Examiner, Art Unit 2498 

/YIN CHEN SHAW/Supervisory Patent Examiner, Art Unit 2498