Notice of Pre-AIA  or AIA  Status
1.	The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Response to Arguments
2.	Applicant’s arguments filed on 01/12/2022, with respect to the 1-20 were rejected under 35 U.S.C. § 101 and claims 1-20 were rejected under 35 U.S.C. § 103 as being unpatentable over Rudzitis, et al. (U.S. Patent No. 10,116,440, herein “Rudzitis”) in view of Nimura, et al. (U.S. Publication No. 2010/0232607, herein “Nimura’) rejection(s) of claims have been fully considered. However, upon further consideration, a new ground(s) of rejection is made in view of amended claims.

Claim Rejections - 35 USC § 101
35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.


3.	Claims 1-20 are rejected under 35 U.S.C. 101 because the claimed invention is directed to an abstract idea without significantly more. 

Step one: Are the claims at issue directed to a statutory category?
Yes. The claims recites a series of steps i.e., generating, using a processor, a cryptographic key to restrict access to a resource, the cryptographic key being defined by a key token, designating, using the processor, a storage field in metadata of 
modified and setting, using the processor, the indicator in the designated storage field to indicate whether or not the cryptographic key may be deleted or modified

Step 2A -— Prong 1: Is a Judicial Exception recited?
Yes. The claim recites the limitation of generating, using a processor, a cryptographic key to restrict access to a resource, the cryptographic key being defined by a key token and designating, using the processor, a storage field in metadata of the key token, in metadata of a cryptographic key data set record that includes the key token. This limitation, as drafted, is a process that, under its broadest reasonable interpretation, covers performance of the limitation in the mind but for the recitation of generic computer components. That is, other than reciting “by a processor,” nothing in the claim element precludes the step from practically being performed in the mind. For example, but for the “by the processor’ language, the claim creating a complex cryptic password within a user’s mind and logging the password in a key folder. The mere nominal recitation of a processor does not take the claim limitation out of the mental processes grouping. Thus, the claim recites a mental process.
The claim does not include additional elements that are sufficient to amount to significantly more than the judicial exception. The limitation of setting, using the processor, the indicator in the designated storage field to indicate the cryptographic key as a safeguarded key that cannot be deleted or modified. As drafted, the limitations 

Step 2A — Prong 2: Are the claims integrated into a practical application recited?
No. The claim recites three elements: generating a cryptographic key, designating, a storage field in metadata of a key token, and setting the indicator in the designated storage field to indicate whether or not the cryptographic key may be deleted or modified. The generating, designating and setting steps are recited at a high level of generality (i.e., as a general means of generating a key, storing information in a key token and setting an indicator whether to delete the key) amounts to mere data gathering, which is a form of insignificant extra-solution activity. The processor that performs the generating, designating and setting steps are also recited at a high level of generality, and merely automates the generating, designating and setting steps. Each of the additional limitations is no more than mere instructions to apply the exception using a generic computer component (processor).
The combination of these additional elements is no more than mere instructions to apply the exception using a generic computer component (processor). Accordingly, even in combination, these additional elements do not integrate the 

Step 2b: Does the claims provide an inventive concept?
No. As discussed with respect to Step 2A Prong Two, the additional elements in the claim amount to no more than mere instructions to apply the exception using a generic computer component. The same analysis applies here in 2B, i.e., mere instructions to apply an exception on a generic computer cannot integrate a judicial exception into a practical application at Step 2A or provide an inventive concept in Step 2B.
Under the 2019 PEG, a conclusion that an additional element is insignificant extra-solution activity in Step 2A should be re-evaluated in Step 2B. Here, the generating, designating and setting steps were considered to be extra-solution activity in Step 2A, and thus it is re-evaluated in Step 2B to determine if it is more than what is well-understood, routine, conventional activity in the field. The background of the example does not provide any indication that the processor is anything other than a generic, off-the-shelf computer component, and the Symantec, TLI, and OIP Techs. court decisions cited in MPEP 2106.05(d)(II) indicate that mere collection or receipt of data over a network is a well-understood, routine, and conventional function when it is claimed in a merely generic manner (as it is here). Accordingly, a conclusion that the collecting step is well-understood, routine, conventional activity is supported under Berkheimer Option 2.

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

4. 	Claims 1-20 are rejected under 35 U.S.C. 103 as being unpatentable over U.S. Patent No. 10116440 hereinafter Rudzitis in view of U.S. Publication no. 20100232607 hereinafter Nimura, and further in view of U.S. Publication No. 20150046712 hereinafter Korkishko.

As per claim 1, Rudzitis discloses:
A computer-implemented method (Col. 2 Lines 10-13 “This disclosure relates to enabling customers of a cryptographic key management service to import cryptographic keys that can be used to encrypt data and to decrypt data that is protected using these imported cryptographic keys.”) comprising:
generating, using a processor, a cryptographic key to restrict access to a resource (Fig. 1, Col. 2 lines 10-17 and Col. 4 Lines 44-66 “If the customer has provided the master key metadata 106 for a customer master key to the cryptographic key management service 104, the customer may submit a 
the cryptographic key being defined by a key token (Col. 4 Lines 13-34
“In an embodiment, the request to import a customer cryptographic key 110 includes master key metadata 106 for a customer master key. The customer master key is a logical construct that may be used to protect any cryptographic keys associated with the customer master key. The customer master key may initially have no associated cryptographic key and may not be used for any operations if a customer cryptographic key 110 has not been imported and an encrypted key token created based at least in part on the Col. 5 Lines 8-18 “The cryptographic key management service 104 may serialize the private cryptographic key of the newly generated cryptographic key pair with an expiration date based at least in part on the validity period for the cryptographic key pair. If the private cryptographic key is serialized with the expiration date successfully, the cryptographic key management service 104 may utilize a domain cryptographic key to encrypt the serialized private cryptographic key, resulting in an import key token for the customer cryptographic key 110 that is to be imported to the cryptographic key management service 104.”);
designating, using the processor, a storage field in metadata of the key token, in metadata of a cryptographic key data set record that includes the key token, or in a resource access control database that controls use of the cryptographic key for inclusion of an indicator that the cryptographic key d (Col. 6 Lines 33-55 “The cryptographic key management service 104 may utilize 

Rudzitis does not disclose:
	indicator that the cryptographic key cannot be deleted or modified
setting, using a processor, the indicator in the designated storage field to indicate the cryptographic key cannot be deleted or modified 

Nimura discloses:
para 0012 “According to an aspect of the invention, an information processing device includes a content storage unit store encrypted content, a key storage unit store a key for decrypting the encrypted content stored in the content storage unit, a content processing unit decrypt the encrypted content stored in the content storage unit using the key stored in the key storage unit, a table storage unit store a deletion table storing information indicating whether or not the key stored in the key storage unit is to be deleted when a transition from an operating state to one of other states is made, the information corresponding to the other states, and a key deletion unit configured to, when the transition from the operating state to one of the other states is made, check the information in the deletion table corresponding to the one of the other states and delete the key when the information indicates that the key is to be deleted.” Para 0050 “The table in FIG. 2 also stores flags indicating whether the key in the storage unit 140 is to be deleted ("1") or not ("0") when the PC 10 is entering from the operating state SO to the standby state S3, the hibernation state S4, the power-off state S5, or the "Reboot" state, so as to correspond to these states.”)
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the enabling customers of a cryptographic key management service to import cryptographic keys of Rudzitis 
The motivation would have been to properly indicate whether a key can be used or deleted.

Rudzitis in view of Nimura does not disclose:
	indicator that the cryptographic key cannot be deleted or modified
setting, using a processor, the indicator in the designated storage field to indicate the cryptographic key cannot be deleted or modified 

	Korkishko discloses:
	indicator that the cryptographic key cannot be deleted or modified
setting, using a processor, the indicator in the designated storage field to indicate the cryptographic key cannot be deleted or modified (para 0056 “When the temporary encryption key is selected by the trusted App 43_1, the temporary encryption key is set as a key for encrypting the data of the protection module 45. When the permanent encryption key 47 is selected by the trusted App 43_1, the protection module 45 sets the key for encrypting the data as a permanent encryption key.”)
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the enabling customers of a cryptographic key management service to import cryptographic keys of Rudzitis in view of Nimura to include setting, using a processor, the indicator in the designated storage field to indicate the cryptographic key cannot be deleted or modified, as taught by Korkishko.
The motivation would have been to indicate that a key is be used for permanent encryption.

As per claim 2, Rudzitis in view of Nimura and Korkishko discloses:
The computer-implemented method according to claim 1, further comprising storing the cryptographic key data set record in a cryptographic key data set (Rudzitis Col. 5 Lines 40-59).

As per claim 3, Rudzitis in view of Nimura and Korkishko discloses:
The computer-implemented method according to claim 2, wherein the designating the storage field includes the storage field being in the metadata of the key token which is part of the cryptographic key data set record (Rudzitis Col. 4 Lines 13-34 and Col. 8 Line 29-39).

As per claim 4, Rudzitis in view of Nimura and Korkishko discloses:
The computer-implemented method according to claim 1, wherein the designating the storage field in the resource access control database includes the storage field being in a profile corresponding with the cryptographic key, the profile being one of two or more profiles in the resource access control database that correspond, respectively, with two or more of the cryptographic keys (Rudzitis Col. 8 Line 29-39 and Col. 8 Lines 40-52).
As per claim 5, Rudzitis in view of Nimura and Korkishko discloses:


As per claim 6, Rudzitis in view of Nimura and Korkishko discloses:
The computer-implemented method according to claim 1, wherein the setting the indicator includes setting a flag to indicate whether the cryptographic key may or may not be deleted or modified (Nimura para 0050, The motivation would have been to properly indicate whether a key can be used or deleted).

As per claim 7, Rudzitis in view of Nimura and Korkishko discloses:
The computer-implemented method according to claim 1, wherein the generating the cryptographic key to restrict access to the resource includes generating the cryptographic key to restrict access to a program or to data (Rudzitis Col. 2 lines 10-17).

As per claim 8, the implementation of the computer-implemented method of claim 1 will execute the system of claim 9. The claim is analyzed with respect to claim 1.

As per claim 9, the claim is analyzed with respect to claim 2.

As per claim 10, the claim is analyzed with respect to claim 3.

As per claim 11, the claim is analyzed with respect to claim 4. 

As per claim 12, the claim is analyzed with respect to claim 5. 

As per claim 13, the claim is analyzed with respect to claim 6. 

As per claim 14, the claim is analyzed with respect to claim 7. 

As per claim 15, the implementation of the computer-implemented method of claim 1 will execute the computer program product comprising a computer readable storage medium (Nimura paragraph 0092) of claim 15. The claim is analyzed with respect to claim 1. 

As per claim 16, the claim is analyzed with respect to claim 2. 

As per claim 17, the claim is analyzed with respect to claim 3. 

As per claim 18, the claim is analyzed with respect to claim 4. 

As per claim 19, the claim is analyzed with respect to claim 5. 

As per claim 20, the claim is analyzed with respect to claim 6.


Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to GARY S GRACIA whose telephone number is (571)270-5192. The examiner can normally be reached Monday-Friday 9am-6pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Ashok Patel can be reached on 5712723972. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/GARY S GRACIA/Primary Examiner, Art Unit 2491