DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
This communication is in response to the application filed on 10/18/2019. Claims 1-15 are currently pending.) 
Information Disclosure Statement
The information disclosure statement (IDS) submitted on 10/18/2019 and 09/17/2021 was filed before the mailing date of the office correspondence on 02/25/2022.  The submission is in compliance with the provisions of 37 CFR 1.97.  Accordingly, the information disclosure statement is being considered by the examiner.
Claim Rejections - 35 USC § 102
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –

(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale, or otherwise available to the public before the effective filing date of the claimed invention.

Claim(s) 1-11 and 13 are rejected under 35 U.S.C. 102(a)(1) and 102(a)(2) as being anticipated by U.S. PGPub. No. 20130097421 to Lim; Keng (hereinafter Lim).
Regarding claim 1, Lim discloses a method of encryption comprising: ¶0016 “at an encryption module executing on the second client, determining the encrypted document attachment is encrypted; at an encryption module”, 

document; ¶0107 “A share key is typically generated by a encryption key management server and may be obtained by first or second computer when needed to decrypt encrypted information or document”. 
generating a key encryption key from user-associated data or policy- associated data;  ¶0107 “A share key is typically generated by a encryption key management server and may be obtained by first or second computer when needed to decrypt encrypted information or document”, ¶0108 “process of decrypting a data encryption key (or "data key") using a first encryption key that is used to encrypt particular information or document and re-encrypting the data key with a second encryption key whereby making the particular information or document accessible only with second encryption key after the switching is completed”,  ¶0009 “The information management system can be a client-server arrangement, where files are stored on servers and client devices have a policy enforcer program resident on them. Each policy enforcer program evaluates rules and determines whether access to a file is permitted or not”.
wrapping the content encryption key based on a key wrap operation using the key encryption key; ¶0161 “Auto Wrapping and Unwrapping”, ¶0157 “Referring to FIG. 6, in an implementation, a Window Explorer.RTM. shows a context menu with an encrypt menu entry 601 designated by the "Wrap" option when a user select an unencrypted file”. 
encrypting the wrapped content encryption key using a policy encryption key; ¶0123 “an encryption key management service of a data protection client manages encryption keys on a computing device where encryption and decryption are performed………….”, ¶0167 “Automatic key switching may be a function of a data protection client, or it may be a function of a policy (e.g., implemented by an autowrap policy obligation)”. 
 and encrypting the policy encryption key using a public key corresponding to a print apparatus, ¶0123 “an encryption key management service of a data protection client manages encryption keys on a computing device where encryption and decryption are performed………….”, ¶0165 0165 “In an example, a user of Company A logs on to a computer with policy enforcer and encryption service module installed. The user attaches a design drawing file to an email message and sends the email message to a recipient of Company B. A policy enforced by the policy enforcer specifies that all engineering drawing files send to a recipient outside the company will be encrypted automatically”, ¶0142 “RTM. File association allows associating an application program to an action applied to a file of a particular type. In Microsoft Windows. RTM., a file type is defined based on a file extension (e.g., .docx or .pdf). An action that may be applied to a file includes open, edit, explorer, print, and more” 
  Regarding claim 2, Lim discloses a method of claim 1, comprising: causing an input request to present on a display; ¶0048 “Controlling access to information or documents includes allowing or denying the opening a file, renaming a file, deleting a file, opening a Web page, opening a document listing screen of a SAP client, and more”.
using a passphrase received in response to the input request to generate the key encryption ¶0123 “………….the encryption key management service also communicates with the encryption key management server periodically to updates cached shared key rings. Encryption key management server adds new shared key to a shared key ring periodically to minimize data loss resulted from compromised encryption key.………” 
¶0013 “To decrypt the data, the encryption module requests a key from the policy enforcer program. To support its request, the encryption module provides trust information including a process identifier (e.g., MS Word process), file path, and user to the policy enforce”, ¶0111 “Key switching may be performed automatically or according to a policy”, ¶0142 “RTM. File association allows associating an application program to an action applied to a file of a particular type. In Microsoft Windows. RTM., a file type is defined based on a file extension (e.g., .docx or .pdf). An action that may be applied to a file includes open, edit, explorer, print, and more” 
 and encrypting the policy object using the policy encryption key, ¶0165 “In an example, a user of Company A logs on to a computer with policy enforcer and encryption service module installed. The user attaches a design drawing file to an email message and sends the email message to a recipient of Company B. A policy enforced by the policy enforcer specifies that all engineering drawing files send to a recipient outside the company will be encrypted automatically”.
 Regarding claim 3, Lim discloses the method of claim 1, comprising: 
generating a nonce; ¶0129 “Typically, a key identifier is generated by an encryption key management server or an encryption key management service of a data protection client. A key identifier may identify a local key or a shared key. A key identifier may be an integer, a string or an object”. 
  generating a policy object including the nonce, the wrapped content encryption key, an initialization vector corresponding to the content encryption key, a policy rule, and information ¶0129 “Typically, a key identifier is generated by an encryption key management server or an encryption key management service of a data protection client. A key identifier may identify a local key or a shared key. A key identifier may be an integer, a string or an object”. 
  ¶0128 “PED format consists of at least three sections: header, metadata and encrypted data. The header section contains at least an encryption key identifier (or "key identifier") and a data encryption key (or "data key")…………….”, ¶0009 “The information management system can be a client-server arrangement, where files are stored on servers and client devices have a policy enforcer program resident on them. Each policy enforcer program evaluates rules and determines whether access to a file is permitted or not”.   ¶0183 “A PED file contains a metadata section to store attributes associated with particular information or document…………………….”
encrypting the policy object using the policy encryption key; ¶0135 “PED attributes are stored as a collection of (name, value) pairs. PED attributes may be stored encrypted or unencrypted. When PED attributes are encrypted, they may be encrypted using the data key, a local key, a shared key, a metadata encryption key, or any combination thereof. An information manage system may use a common metadata encryption key to encrypt PED attributes, ¶0162 “In an embodiment, a data protection client and an encryption service module corporate to perform automatic encryption of an unencrypted file when the unencrypted file is copied to a shared location, copied to a removable device, uploaded to a public server, or sent in an email as an attachment. Automatic encryption may be a function of a data protection client, or it may be a function of a policy (e.g., implemented by an autowrap policy obligation)”. 
¶0090 “In an implementation, an encryption service module uses an open-cipher based encryption algorithm such as advanced encryption standard (AES), data encryption standard (DES), skipjack, blowfish, or other ciphers. The module is used to encrypt information or documents and data encryption key, ¶0142 “An action that may be applied to a file includes open, edit, explorer, print, and more”.
  and sending the encrypted policy encryption key to the print apparatus. ¶0048 “Controlling use of information or documents includes allowing or denying the copying content of a document, printing of a document, saving a document into a different file, copying a file, attaching a file to an email message, adding a file to an archive such as a zip file, embedded a file into a document, merging two documents, sending an email message to a recipient, uploading a file to a Web site, and more”. 

 Regarding claim 4, Lim discloses the method of claim 1, comprising: encrypting a number of packages corresponding to a number of printers in a printer group when the printer group includes more than one printer, wherein:
See Lim disclosure about encryption of documents in ¶0120 “In an embodiment, an encryption key management server provides a mechanism to share encryption keys used to encrypt information or documents in an information management system……………………….”, ¶0126 “An encryption service module communicates with an encryption key management service to obtain an encryption key to be used in encrypting or decrypting information or documents”.
See Lim disclosure about printing of a file (which may contain many packages or documents) in ¶0142 “An action that may be applied to a file includes open, edit, explorer, print, and more”. 
¶0142 “An action that may be applied to a file includes open, edit, explorer, print, and more”. 
 and each package includes a policy object encrypted using the policy encryption key,
 and the policy encryption key encrypted with a public key corresponding to a target printer of the printer group; ¶0135 “PED attributes are stored as a collection of (name, value) pairs. PED attributes may be stored encrypted or unencrypted. When PED attributes are encrypted, they may be encrypted using the data key, a local key, a shared key, a metadata encryption key, or any combination thereof. An information manage system may use a common metadata encryption key to encrypt PED attributes, ¶0129 “A key identifier is a unique identifier for identifying an encryption key used to encrypt a data key stored in the header. Typically, a key identifier is generated by an encryption key management server or an encryption key management service of a data protection client. A key identifier may identify a local key or a shared key. A key identifier may be an integer, a string or an object”, ¶0162 “In an embodiment, a data protection client and an encryption service module corporate to perform automatic encryption of an unencrypted file when the unencrypted file is copied to a shared location, copied to a removable device, uploaded to a public server, or sent in an email as an attachment. Automatic encryption may be a function of a data protection client, or it may be a function of a policy (e.g., implemented by an autowrap policy obligation)”. 
See Lim disclosure about printing of a document in ¶0052 “Examples of application program operations includes opening a file, copy a file, moving a file, renaming a file, deleting a file, printing a document”, 





 Regarding claim 5, Lim discloses the method of claim 1, comprising: unwrapping a package encrypted by a public key corresponding to a service address;
See Lim disclosure about wrapping and unwrapping in ¶0155-¶0158, “Manual Wrapping and Unwrapping…………..”  
See Lim disclosure about directory which the examiner equates to service in ¶0159 “a user may encrypt a file by copying or moving the file into a directory flagged for auto-encryption. A directory may be flagged for auto-encryption with an encryption service module. The encryption service module intercepts file operations (e.g., create file, copy file or move file) on a directory flagged for auto-encryption and encrypts a file when the file is created in the directory or after the file is written to the directory”. 
 identifying a printer of a printer group corresponding to a service at the service address;
and rewrapping the package using a public key corresponding to the printer.  ¶0157 “a Window Explorer.RTM. shows a context menu with an encrypt menu entry 601 designated by the "Wrap" option when a user select an unencrypted file………….” ¶0056 “…….The process of decrypting particular information or document with a first encryption key and re-encrypting the particular information or document with a second encryption key is referred to as key switching in this document”. ¶0142 “…….File association is a feature in Microsoft Windows.RTM.. File association allows associating an application program to an action applied to a file of a particular type. In Microsoft Windows.RTM., a file type is defined based on a file extension (e.g., .docx or .pdf). An action that may be applied to a file includes open, edit, explorer, print, and more”. 



 Regarding claim 6, Lim discloses the method of claim 1, comprising: 
symmetrically encrypting a plaintext document under the content encryption key using an authenticated encryption scheme; ¶0126 “An encryption service module communicates with an encryption key management service to obtain an encryption key to be used in encrypting or decrypting information or documents. The encryption service module may perform encryption or decryption using a local key or a shared key”, ¶0094 “To obtain an encryption key matching the encryption key identifier associated with the file, an encryption service module locates and encryption key in its encryption key cache using an encryption key identifier, process identifier of an application program instance, and the path to the file……..”,  ¶0081 “Once the user is authenticated, the executable archive presents one or more lists of information or documents to the user”
 and sending the encrypted, wrapped content encryption key along with the encrypted plaintext document to the print apparatus,
See Lim disclosure about sending encryption key in ¶0014 “If the trust information from the encryption module is correct, the policy enforcer program can send the key to the encryption module. The key can be stored locally on the device or may be a shared key, which is also stored at the server level,
See Lim disclosure about encrypted and wrapped content key in ¶0120-¶0123, “an encryption key management server provides a mechanism to share encryption keys used to encrypt information or documents in an information management system. An encryption key management server provides a repository for storing shared encryption keys (or "shared keys"), generates new shared keys, and provides shared keys to a data protection client………………..”
Examples of application program operations includes opening a file, copy a file, moving a file, renaming a file, deleting a file, printing a document, copying content of a document, changing document classification,………”
wherein the policy object is encrypted using hybrid encryption, the header of the policy object decryptable using the policy encryption key.
 See Lim disclosure about hybrid encryption in ¶0135 “When PED attributes are encrypted, they may be encrypted using the data key, a local key, a shared key, a metadata encryption key, or any combination thereof.  See Lim disclosure about the header of the policy object decryptable in ¶0128-¶0129 “PED format consists of at least three sections: header, metadata and encrypted data………………”   
Regarding claim 7, Lim discloses a method of decryption comprising: 
¶0012 “there is an encryption module, which handles encryption and decryption of the data”. 
recovering a policy object using a private key corresponding to a print apparatus, the policy object including a wrapped key; ¶0077 “An on-demand enforcer may be packaged with a predefined set of policies and user identities. An on-demand enforcer may also communicate with a policy server periodically to obtain updated policies and user identities”, ¶0086 “transparent encryption and decryption services shares some common features with encrypted file system (e.g., Microsoft NTFS)………………………..”  , ¶0156 “In an embodiment, a user may encrypt or decrypt a file using a context menu on Windows Explorer.RTM.. A user may also use the context menu to switch encryption key on a PED file”, ¶0157 “Referring to FIG. 6, in an implementation, a Window Explorer.RTM. shows a context menu with an encrypt menu entry 601 designated by the "Wrap" option when a user select an unencrypted file.  ¶0158, “A user may select the sharing menu entry to select an encryption key. The encryption key may be a local key or a shared key”,  ¶0142 “An action that may be applied to a file includes open, edit, explorer, print, and more”.
 generating a key encryption key using user-associated information or policy- associated information ¶0107 “A share key is typically generated by a encryption key management server and may be obtained by first or second computer when needed to decrypt encrypted information or document”, ¶0108 “process of decrypting a data encryption key (or "data key") using a first encryption key that is used to encrypt particular information or document and re-encrypting the data key with a second encryption key whereby making the particular information or document accessible only with second encryption key after the switching is completed”,  “A key identifier is a unique identifier for identifying an encryption key used to encrypt a data key stored in the header”.
 ¶0009 “The information management system can be a client-server arrangement, where files are stored on servers and client devices have a policy enforcer program resident on them. Each policy enforcer program evaluates rules and determines whether access to a file is permitted or not”.
unwrapping the wrapped key using the key encryption key to recover a content encryption key; 
See Lim disclosure in ¶0155-¶0163 where wrapping and unwrapping is described “¶0156 “In an embodiment, a user may encrypt or decrypt a file using a context menu on Windows Explorer.RTM.. A user may also use the context menu to switch encryption key on a PED file”, ¶0157 “Referring to FIG. 6, in an implementation, a Window Explorer.RTM. shows a context menu with an encrypt menu entry 601 designated by the "Wrap" option when a user select an unencrypted file.  ¶0158 “A user may select the sharing menu entry to select an encryption key. The encryption key may be a local key or a shared key”, ¶0162 “Automatic encryption may be a function of a data protection client, or it may be a function of a policy (e.g., implemented by an autowrap policy obligation)”.
and decrypting an encrypted electronic document using the content encryption key. ¶0126 “An encryption service module communicates with an encryption key management service to obtain an encryption key to be used in encrypting or decrypting information or documents”.
24WO 2019/231465PCT/US2018/035595Regarding claim 8, Lim discloses the method of claim 7, comprising: identifying a rule based on the policy object decrypted using the private key; ¶0010 “Rules for the system can be managed at the server level, and then subsets deployed at the clients for evaluation by policy enforcer programs at each of the clients……….”, ¶0013 “To decrypt the data, the encryption module requests a key from the policy enforcer program. To support its request, the encryption module provides trust information including a process identifier (e.g., MS Word process), file path, and user to the policy enforcer………..”
setting a parameter of the print apparatus based on a parameter of the policy object; ¶0048 “Controlling access to information or documents includes allowing or denying the opening a file, renaming a file, deleting a file, opening a Web page, opening a document listing screen of a SAP client, and more. Controlling use of information or documents includes allowing or denying the copying content of a document, printing of a document,…..”
 performing a print operation of the decrypted electronic document using the print apparatus set to the parameter according to the rule of the policy object; ¶0009 “the information management system can be a client-server arrangement, where files are stored on servers and client devices have a policy enforcer program resident on them. Each policy enforcer program evaluates rules and determines whether access to a file is permitted or not”. ¶0048 “Controlling access to information or documents includes allowing or denying the opening a file, renaming a file, deleting a file, opening a Web page, opening a document listing screen of a SAP client, and more. Controlling use of information or documents includes allowing or denying the copying content of a document, printing of a document, saving a document into a different file, copying a file, attaching a file to an email message,…..”
 and deleting decryption data, the decryption data including the electronic document and the policy object, ¶0052 “Examples of application program operations includes opening a file, copy a file, moving a file, renaming a file, deleting a file, printing a document, copying content of a document, changing document classification, saving a document into a different file……..”  wherein recovering the policy object comprises: obtaining a policy encryption key using the private key; ¶0016 “In an implementation, a method includes: receiving a encrypted document attachment at a second client; detecting an attempt to open the encrypted document attachment at the second client at a second policy enforcer program at the second client;……….”, ¶0092 “If an encryption flag on the file is set, the encryption service module obtains an encryption key matching the encryption key identifier associated with the file to decrypt data requested by the read operation………” 
and using the policy encryption key to decrypt a policy cipher to obtain the policy object.  ¶0120 “To decrypt particular information or document encrypted with a shared key, a data protection client needs to provide a key identifier of the shared key in a request to an encryption key management server. If the key identifier matches a shared key in a shared key ring, the shared key ring is returned to the data protection client”. ¶0156-¶0157 “a user may encrypt or decrypt a file using a context menu on Windows Explorer.RTM.. A user may also use the context menu to switch encryption key on a PED file…………”.
Regarding claim 9, Lim discloses the method of claim 7, comprising: identifying a nonce from a package decrypted via a policy encryption key derived from decrypting a key cipher using the private key;  ¶0092 “If an encryption flag on the file is set, the encryption service module obtains an encryption key matching the encryption key identifier associated with the file to decrypt data requested by the read operation………..” , ¶0120-¶0121 “In an embodiment, an encryption key management server provides a mechanism to share encryption keys used to encrypt information or documents in an information management system……..”
comparing the nonce to a reference; ¶0094 “To obtain an encryption key matching the encryption key identifier associated with the file, an encryption service module locates and encryption key in its encryption key cache using an encryption key identifier, process identifier of an application program instance, and the path to the file. An encryption key is retrieved from the encryption key cache if one is found……”  
and when the nonce is included in the reference: deleting a print job corresponding to the package; 
or when the nonce is not included in the reference: adding the nonce to the reference; ¶0094
“If an encryption key cache does not contain a matching encryption key, the encryption service module requests an encryption key from a data protection client. The encryption service module provides at least an encryption key identifier associated with the file, a path to the file, and a process identifier of the application program instance to the data protection client………”  
and processing the print job corresponding to the package according to a rule of the policy object.  ¶0142 “File association is a feature in Microsoft Windows.RTM.. File association allows associating an application program to an action applied to a file of a particular type. In Microsoft Windows.RTM., a file type is defined based on a file extension (e.g., .docx or .pdf). An action that may be applied to a file includes open, edit, explorer, print, and more……”
Regarding claim 10, Lim discloses the method of claim 7, comprising: 
causing a control panel to display an input field for a passphrase, the passphrase to be used as user-associated information to generate the key encryption key;  ¶0048 “Controlling access to information or documents includes allowing or denying the opening a file, renaming a file, deleting a file, opening a Web page, opening a document listing screen of a SAP client, and more…..”,   ¶0103 “If the user is allowed to open the encrypted file, the data protection client allows the native open operation (i.e., the code that is being run if data protection code is not installed) to run to completion. At the same time, the policy engine caches trust information associate with the open operation. The trust information includes, process identifier of the application program instance that made the file open requested, the encrypted file path and the user involved in the file open request.  ¶0120-¶0123 “In an embodiment, an encryption key management server provides a mechanism to share encryption keys used to encrypt information or documents in an information management system. An encryption key management server provides a repository for storing shared encryption keys (or "shared keys"), generates new shared keys, and provides shared keys to a data protection client………”,  ¶0156-¶0158 “In an embodiment, a user may encrypt or decrypt a file using a context menu on Windows Explorer.RTM.. A user may also use the context menu to switch encryption key on a PED file………”.
 and causing the control panel to display a list of documents available for processing by the print apparatus. ¶0142 “File association allows associating an application program to an action applied to a file of a particular type. In Microsoft Windows.RTM., a file type is defined based on a file extension (e.g., .docx or .pdf). An action that may be applied to a file includes open, edit, explorer, print, and more……”, ¶0081 “The executable archive invokes an application program installed on the computing device to display the particular information or open the particular document….” 
 Regarding claim 11, Lim discloses a non-transitory computer-readable storage medium, ¶0114 “Examples of a storage device include volatile memory, hard disk, CD-ROM, DVD-ROM, Flash drive, Flash card, tape, and more”.  
 comprising a set of instructions executable by a processor resource to: 25WO 2019/231465PCT/US2018/035595 generate a key encryption key from user-associated data or policy-associated data; ¶0107 “A share key is typically generated by a encryption key management server and may be obtained by first or second computer when needed to decrypt encrypted information or document”, ¶0108 “process of decrypting a data encryption key (or "data key") using a first encryption key that is used to encrypt particular information or document and re-encrypting the data key with a second encryption key whereby making the particular information or document accessible only with second encryption key after the switching is completed”,  “A key identifier is a unique identifier for identifying an encryption key used to encrypt a data key stored in the header”.
 ¶0009 “The information management system can be a client-server arrangement, where files are stored on servers and client devices have a policy enforcer program resident on them. Each policy enforcer program evaluates rules and determines whether access to a file is permitted or not”.
encrypt a content encryption key using the key encryption key to generate a wrapped key; ¶0123 “The encryption key management service also communicates with the encryption key management server periodically to updates cached shared key rings. Encryption key management server adds new shared key to a shared key ring periodically to minimize data loss resulted from compromised encryption key. Encryption keys in a local key ring are generated by an encryption key management service. An encryption key management service also generates an encryption key periodically and places it in a local key ring”.

 generate a policy object, the policy object including the wrapped key; See Lim disclosure about policy object in ¶0047 “a policy may be defined before information or a document is created and access to the information or document is controlled by an information management system”.
encrypt the policy object with a policy encryption key; ¶0165 “In an example, a user of Company A logs on to a computer with policy enforcer and encryption service module installed………………………………………..” 
and encrypt the policy encryption key using a public key of a print apparatus, ¶0123 “The encryption key management service also communicates with the encryption key management server periodically to updates cached shared key rings. Encryption key management server adds new shared key to a shared key ring periodically to minimize data loss resulted from compromised encryption key. Encryption keys in a local key ring are generated by an encryption key management service. An encryption key management service also generates an encryption key periodically and places it in a local key ring”, ¶0165 “In an example, a user of Company A logs on to a computer with policy enforcer and encryption service module installed………………………………………..” 
 Regarding claim 13, Lim discloses the medium of claim 11, wherein the set of instructions is executable by the processor resource to: ¶0040 “Computer system 201 further includes subsystems such as central processor 302, system memory 304, input/output (I/O) controller 306, display adapter 308, serial or universal serial bus (USB) port 312, network interface 318, and speaker 320”.  
receive an electronic file encrypted with a public key of a print server; ¶0016 “In an implementation, a method includes: receiving a encrypted document attachment at a second client; detecting an attempt to open the encrypted document attachment at the second client at a second policy enforcer program at the second client;…….” , ¶0142 “File association is a feature in Microsoft Windows.RTM.. File association allows associating an application program to an action applied to a file of a particular type. In Microsoft Windows.RTM., a file type is defined based on a file extension (e.g., .docx or .pdf). An action that may be applied to a file includes open, edit, explorer, print, and more”.
unwrap the electronic file to recover the policy object; ¶0030 “FIG. 13 shows a sample flow for automatically decrypting a file using policy obligation” , ¶0126 “An encryption service module communicates with an encryption key management service to obtain an encryption key to be used in encrypting or decrypting information or documents………..”.
and select the print apparatus from a printer group identified by the print server based on a retrieval request.  
See Lim disclosure about the ser’s ability to select or query document access, retrieve, or query information stored by server system in ¶0036 “In a specific embodiment, a "web browser" application executing on a client system enables users to select, access, retrieve, or query information stored by server system 122…..”
See Lim disclosure about performing the process required from client system in ¶0035 “Server 122 is responsible for receiving information requests from client systems 113, 116, and 119, performing processing required to satisfy the requests, and for forwarding the results corresponding to the requests back to the requesting client system”.
 ¶0142 “File association is a feature in Microsoft Windows.RTM.. File association allows associating an application program to an action applied to a file of a particular type. In Microsoft Windows.RTM., a file type is defined based on a file extension (e.g., .docx or .pdf). An action that may be applied to a file includes open, edit, explorer, print, and more.
Claim(s) 14-15 are rejected under 35 U.S.C. 102(a)(1) and 102(a)(2) as being anticipated by U.S. PGPub. No. 20090259591 to Starostin and Claessens (hereinafter Starostin).
Regarding claim 14, Starostin discloses a print apparatus comprising: ¶0121 “The recipient licensor 408 uses directory services information 600 to determine the location of a printer 602”.  
a display engine to cause a control panel to display a user information request; ¶0114 “the recipient sends the publishing license PL.sub.L1 to the central licensor to acquire use license UL1.sub.user. The content key and the policy are encrypted for central licensor”, ¶0144 “An output 1007 may also be provided such as an audio and/or video output to a display system integral with or in communication with the computing-based device. The display system may provide a graphical user interface”,
a decryption engine to: ¶0028 “A content key (which can be used to decrypt the content) is inserted into the encrypted publishing license. As a result, only the IRM server 100 is able to issue a use license containing the content key required by the user to decrypt the file”. 
decrypt a key cipher using a private key corresponding to the print apparatus to recover a policy encryption key; ¶0066 “The architecture and processing disclosed is such that interaction with all licensors required to validate the conditions mentioned in the policy is required to assess the conditions under which access should be granted, and in order to obtain a fully decrypted content key”,  ¶0069 “The publisher 302 creates a document using the IRM enabled application 314 and specifies usage rights and conditions for the document (block 420)”,  ¶0072 “A recipient will only be able to decrypt the content key, and thus the document, if it interacts with each of the licensors 306, 308, 310 from which validations are required………………..”   
decrypt a policy cipher using the policy encryption key to recover a policy object, the policy object including a wrapped key; ¶0071“The content key with which the document is encrypted is encrypted with a key of at least one licensor 306, 308, 310 identified in the policy (i.e. is encrypted in a manner which the at least one licensor 306, 308, 310 can decrypt). The encrypted content key is inserted into the encrypted publishing license”, ¶0073 “The recipient's IRM client 316 retrieves encryption keys which are needed in order to decrypt the content key with which the document is encrypted as part of the use licenses from licensors 306, 308, 310. By use of the recipient's key, the use licenses are arranged such that only the intended recipient can access the keys. ¶0073 “Using the use licenses, the recipient IRM enabled application 318 or IRM client 316 then decrypts the document content and enforces the usage rights (block 432). The IRM client 316 will allow the recipient to perform a specific action” 
 unwrap the wrapped key using a key encryption key generated from user- provided information to recover a content encryption key; ¶0072 “A recipient will only be able to decrypt the content key, and thus the document, if it interacts with each of the licensors 306, 308, 310 from which validations are required……………….”   ¶0073 “…………The recipient's IRM client 316 retrieves encryption keys which are needed in order to decrypt the content key with which the document is encrypted as part of the use licenses from licensors 306, 308, 310. By use of the recipient's key, the use licenses are arranged such that only the intended recipient can access the keys”. ¶0068 “The flow diagram of FIG. 4 shows a generalized process in creating a document and issuing an authorized user with a license to access the document according to an associated IRM policy using the IRM system shown in FIG. 3”.
 and decrypt an encrypted electronic document using the content encryption key; ¶0072
“A recipient will only be able to decrypt the content key, and thus the document, if it interacts with each of the licensors 306, 308, 310 from which validations are required……...” 
and a print engine to: operate the print apparatus according to a rule of the policy object; ¶0119 “This second scenario can be exemplified by a document rights permissions policy which contains two conditions: first, the condition that the requestor is identified within a directory service which is accessible by the recipient's local area server 400 (i.e. whether the requestor is currently approved in a particular list of individuals who should have access to the document) and second, that the document can be printed to a printer within direct control of the user (in this example within a defined reach, e.g. 20 meters physical reach)” 
and print the decrypted electronic document when the rule of the policy object is satisfied. ¶0005 “Information rights management (IRM) systems are used to protect the use of information within a data item. This may comprise, for example, allowing an individual user or a class of users to view, but not to edit or print, a document”. 
¶0119 “This second scenario can be exemplified by a document rights permissions policy which contains two conditions: first, the condition that the requestor is identified within a directory service which is accessible by the recipient's local area server 400 (i.e. whether the requestor is currently approved in a particular list of individuals who should have access to the document) and second, that the document can be printed to a printer within direct control of the user (in this example within a defined reach, e.g. 20 meters physical reach)”

Regarding claim 15, Starostin discloses the print apparatus of claim 14, wherein: the decryption engine is to: see Starostin disclosure about the decryption engine in ¶0028 “A content key (which can be used to decrypt the content) is inserted into the encrypted publishing license. As a result, only the IRM server 100 is able to issue a use license containing the content key required by the user to decrypt the file”. 
 cause the display engine to display a list of available print jobs for the print apparatus;
see Starostin disclosure about the display engine in ¶0144 “An output 1007 may also be provided such as an audio and/or video output to a display system integral with or in communication with the computing-based device. The display system may provide a graphical user interface, or other user interface of any suitable type although this is not essential”.
see Starostin disclosure about printing in ¶0119 “that the document can be printed to a printer within direct control of the user (in this example within a defined reach, e.g. 20 meters physical reach)”.
 retrieve a number of nonces from a storage medium coupled to the print apparatus; see Starostin disclosure about in ¶0143 “The computer executable instructions may be provided using any computer-readable media, such as memory 1003. The memory is of any suitable type such as random information memory (RAM), a disk storage device of any type such as a magnetic or optical storage device, a hard disk drive, or a CD, DVD or other disc drive. Flash memory, EPROM or EEPROM may also be used”. 
See Starostin disclosure about nonce in ¶098 “The keys { K C L i } ##EQU00014##are extracted from the acquired licenses by passing the requested {Rights} as parameter and by performing an Extract Key operation on the current licensor L for each Lic'.sub.i. If at least one content key K C L i ##EQU00015## is NULL then processing is stopped and a NULL content key is returned”. The recipient licensor 408 uses directory services information 600 to determine the location of a printer 602”.                                                compare a nonce of a print job corresponding to the policy object to the number of nonces retrieved from the storage medium; ¶0056 “The IRM server 100 validates the policy for the recipient 106 and then, if the policy is valid, extracts the content key and issues the use license, including the rights granted according to the policy. The IRM server 100 issues the use license” delete the print job in response to identification of a replayed nonce corresponding to the print job; ¶0074 “The IRM client 316 will allow the recipient to perform a specific action, if the right to perform that action is granted by each the use licenses from the licensors 306, 308, 310”. cause the display engine to display a prompt for a password corresponding to the key encryption key in response to a job selection of the list of available print jobs; ¶0119 “This second scenario can be exemplified by a document rights permissions policy which contains two conditions: first, the condition that the requestor is identified within a directory service which is accessible by the recipient's local area server 400 (i.e. whether the requestor is currently approved in a particular list of individuals who should have access to the document) and second, that the document can be printed to a printer within direct control of the user (in this example within a defined reach, e.g. 20 meters physical reach).                                                               and cause the display engine to display an error message in response to a request to print the print job outside of the rule or a parameter corresponding to the policy object, ¶0144 “An output 1007 may also be provided such as an audio and/or video output to a display system integral with or in communication with the computing-based device. The display system may provide a graphical user interface, ¶0141 “The computing-based device 1000 comprises one or more inputs 1004 which are of any suitable type for receiving inputs such as an input from a recipient a comprising issue license request and the like. The device 1000 also comprises a communication interface 1008 for communicating with other entities such as information rights management  servers, recipients, publishers and other communications network nodes”.
periodically to updates cached shared key rings. Encryption key management server adds new shared key to a shared key ring periodically to minimize data loss resulted from compromised encryption key. Encryption keys in a local key ring are generated by an encryption key management service. An encryption key management service also generates an encryption key periodically and places it in a local key ring”, ¶0165 “In an example, a user of Company A logs on to a computer with policy enforcer and encryption service module installed………………………………………..” 
 Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

The factual inquiries for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.

Claim 12 rejected under 35 U.S.C. 103 as being unpatentable over U.S. PGPub. No. 20130097421 to Lim; Keng (hereinafter Lim) in view of U.S. PGPub. No 20210090037 to Dowding Paul F (hereinafter Dowding) 
Regarding claim 12, Lim discloses the medium of claim 11 wherein the set of instructions is executable by the processor resource to: 
encrypt content using the content encryption key; ¶0126 “An encryption service module communicates with an encryption key management service to obtain an encryption key to be used in encrypting or decrypting information or documents” 
randomly generate a nonce; 
package the wrapped key, print job information, and the nonce into a policy object; ¶0135 “The metadata section stores PED attributes. Examples of PED attributes include: file attributes (e.g., file owner) from unencrypted information or document, document properties (e.g., author, title or revision) from unencrypted information or document, document classification (e.g., confidential, or company secret), lineage (i.e., where does this information or document come from?) and more. PED attributes are stored as a collection of (name, value) pairs. PED attributes may be stored encrypted or unencrypted……”

encrypt the policy object using the policy encryption key; ¶0135 “PED attributes are stored as a collection of (name, value) pairs. PED attributes may be stored encrypted or unencrypted. When PED attributes are encrypted, they may be encrypted using the data key, a local key, a shared key, a metadata encryption key, or any combination thereof. An information manage system may use a common metadata encryption key to encrypt PED attributes, ¶0162 “In an embodiment, a data protection client and an encryption service module corporate to perform automatic encryption of an unencrypted file when the unencrypted file is copied to a shared location, copied to a removable device, uploaded to a public server, or sent in an email as an attachment. Automatic encryption may be a function of a data protection client, or it may be a function of a policy (e.g., implemented by an autowrap policy obligation)”. 
and send a first cipher corresponding to the encrypted policy object and a second cipher corresponding to the encrypted policy encryption key to the print apparatus; ¶0123 “In an implementation, an encryption key management service of a data protection client manages encryption keys on a computing device where encryption and decryption are performed……..”, ¶0142 “File association allows associating an application program to an action applied to a file of a particular type. In Microsoft Windows.RTM., a file type is defined based on a file extension (e.g., .docx or .pdf). An action that may be applied to a file includes open, edit, explorer, print, and more………” 
¶0129 “A key identifier is a unique identifier for identifying an encryption key used to encrypt a data key stored in the header. Typically, a key identifier is generated by an encryption key management server or an encryption key management service of a data protection client. A key identifier may identify a local key or a shared key. A key identifier may be an integer, a string or an object.
Although Lim discloses in ¶0129 and some other paragraphs of his art, the generation of a key identifier which the examiner equates to a Nonce, does not distinctively disclose randomly generation of the nonce.
“Mathematical transformations of the transacting parties public encryption key in conjunction with transaction data and a random nonce create a unique, confidential identifier for every position on the distributed ledger or database ownership log when it is created to be posted to the ownership log maintained by every participating node on the network….”
	Thus it would have been obvious to one of ordinary skill in the art to modify the teaching of Lim by incorporating public encryption key in conjunction with a random nonce and would have been motivated in doing so because it creates a unique identifier which enhances data security.
 Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. 1.US 20160323264, 2. US 20160205074.

Any inquiry concerning this communication or earlier communications from the examiner should be directed to MUDASIRU K OLAEGBE whose telephone number is (571)272-2082. The examiner can normally be reached MON-FRI. 7.30AM-5.30PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Farid Homayounmehr can be reached on 5712723739. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.






/MUDASIRU K OLAEGBE/Examiner, Art Unit 2495                                                                                                                                                                                                        
/FARID HOMAYOUNMEHR/Supervisory Patent Examiner, Art Unit 2495