DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
This written action is responding to the amendment dated on 12/30/2021.
Claim 11 is amended, Claims 12 and 14-15 are canceled
Claims 1-11 and 13 are submitted for examination and all other Claims are previously presented.
Claims 1-11 and 13 are pending.
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  

Priority
This 371 application filed on December 12, 2020 claims priority of PCT application PCT/FR/2018/053233 filed on December 12, 2012 and foreign application FT1762283 filed on December 15, 2017.
Response to Arguments
Applicant amendment, filed on December 30, 2021 has claim 11 amended, claims 12 ,14-15 canceled and all other claims are previously presented.
The prior objection of Claim 11 has been withdrawn in view of the amendment received on December 30, 2021.
Applicant’s remark, filed on December 30, 2021 on bottom of page 7 regarding, “The Applicant respectfully disagrees with this statement. Firstly, this feature has been improperly separated as the last part of this sentence "said value allowing the user device to determine the password when the user device has the answer to said question" define what the value stands for. According to the Office Action the ciphertext of the private key is provided to the management device. The private key has been ciphered with at least one answer associated with a question. The Applicant is unable to figure out how in the Examiner's reading of Mahajan, it would be possible to determine the password from the ciphertext of the private key, even when this ciphering is dependent of the answer to a question” has been considered however, is not found persuasive. Examiner points to the applicant that the rejection is based on combination of reference by Mahajan and Lewis. Examiner has cited a portion of Mahajan reference where a security key which is generated by the user’s password and security question answers and the key is provided to one or more third parties. (¶41). Mahajan also discloses, “the user device may encrypt the generated private key using, in one embodiment, a string representing a concatenation of one or more user security questions provided in connection with the create secure store input 305. For example, if user 301 indicated in connection with create secure storage input 305, that their favorite color was blue and their high school mascot was an eagle, the user's private key may be encrypted using a key generated from lowercase concatenation of the two answers, e.g., concat ("blueeagle"), and/or the like. In other embodiments, the user may provide answers to multiple security questions and/or security questions in addition to those required to generate the encrypted private key”. (¶40).  Lewis discloses, “a user having a public profile and a private profile. Security questions are stored in the public profile, that are used to receive correct answers from the user and a security key is generated based on the answer”. (¶35). Thus combination of Mahajan and Lewis clearly teaches, providing the ciphertext of said first cryptographic key and at least one value dependent on said result to a management device for storage, said value allowing the user device to determine the password when the user device has the answer to said question. The motivation/suggestion for doing so would be to ensure that genuine owner of the key is able to retrieve the secret key and malicious user is not able to retrieve the secret key and thereby accessing confidential information of a user.
Applicant’s remark, filed on December 30, 2021 on top of page 8 regarding, “Therefore Claim 1 is not anticipated by Mahajan, which does not teach or suggest at least following combinations of features: calculating a result of an application of a function to at least one answer associated with a question, the answer being obtained from the user; and providing at least one value dependent on said result to a management device for storage, said value allowing the user device to determine the password when the user device has the answer to said question” has been considered and addressed in above paragraph 10. 
Applicant’s remark, filed on December 30, 2021 on bottom of page 8 regarding, “Lewis is only concerned with symmetric key (Abstract "A firmware-based technique for using one or more symmetric keys generated from one or more user credentials to decrypt user profile information and authenticate the user before allowing access to the user may provide answers to multiple security questions and/or security questions in addition to those required to generate the encrypted private key”. (¶40). Lewis discloses, “the firmware retrieves a security question from the public portion of the User Profile and conveys it to the user (step 504). The number of questions to present is a configurable policy. An answer to the question or questions is then received (step 506). The answer/answers to the question/questions are extended int”o a password (step 508) and a symmetric key is generated from the password (step 510)”. (¶35). Thus Lewis teaches, retrieving a symmetric key (secret key) based on the user provided answers. Similarly it would be obvious to retrieve private key of Mahajan by providing correct answer(s) to question(s) by combining Lewis with the invention of Mahajan.
Applicant’s remark, filed on December 30, 2021 on top of page 9, regarding, “Thirdly the quoted paragraphs disclose how to obtain a password from the answer to the question. This password does not correspond to the user password which was lost (¶35). Thus Lewis teaches, answer(s) determines a password that is used to generate a symmetric key.
Applicant’s remark, filed on December 30, 2021, on bottom of page 9, regarding, “A skilled person trying to improve the security of user's sensitive data such as a cryptographic key would not have found in Mahajan and Lewis any clue to calculate a result of an application of a function to at least one answer associated with a question, the answer being obtained from the user; and to provide at least one value dependent on said result to a management device for storage, said value allowing the user device to determine the password when the user device has the answer to said question” has been considered, however is not found persuasive. Mahajan teaches, “the user device may encrypt the generated private key using, in one embodiment, a string representing a concatenation of one or more user security questions provided in connection with the create secure store input 305. For example, if user 301 indicated in connection with create secure storage input 305, that their favorite color was blue and their high school mascot was an eagle, the user's private key may be encrypted using a key generated from lowercase concatenation of the two answers, e.g., concat ("blueeagle"), and/or the (¶40). Lewis discloses, “when the user forgets their password, they may select a “Forgot password?” link or button which triggers the recovery sequence. One of the common means of recovering a password is to ask one or more security questions. If the user is able to enter the correct answer to the security questions, then the user is able to get into his/her User Profile and reset his/her password. These security questions are encoded in the public portion of the user's User Profile. The firmware retrieves a security question from the public portion of the User Profile and conveys it to the user (step 504). The number of questions to present is a configurable policy. An answer to the question or questions is then received (step 506). The answer/answers to the question/questions are extended into a password (step 508) and a symmetric key is generated from the password (step 510)”. Thus a person having an ordinary skill in the art would have combined teachings of Lewis for retrieving a symmetric key (secret key) based on the user provided answers, after generating a private key (secure key) and encrypting with answers and storing at the third party of Mahajan. This would ensure that a malicious user won’t be able to access a secure key and thereby preventing the malicious user accessing confidential information of a user.
Applicant further recites similar remarks as listed above for dependent claims, Please see response for remarks in above paragraphs 10-15 that clearly shows how the cited prior arts Mahajan and Lewis clearly teaches the claimed limitations.


Claim Rejections - 35 USC § 103

The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1, 6, 9, 11 and 13 are rejected under 35 U.S.C. 103 as being unpatentable over Mahajan et al. (US PGPUB. # US 2015/0134962, hereinafter “Mahajan”), and further in view of Timothy A. Lewis (US PGPUB. # US 2016/0241398, hereinafter “Lewis”).

Referring to Claims 1, 11 and 13:
Regarding Claim 1, Mahajan teaches,
A protection method for protecting a first cryptographic key, a user having [an identifier] and an associated password, (¶40, “password provided by user”) [said first cryptographic key being intended to decrypt at least one ciphertext], said method, implemented by a user device, comprising:
generating a second cryptographic key by applying a key derivation algorithm to at least the password; (¶40, “The user device may thereafter encrypt the generated private key using a key derivation function and password provided by user 301 in connection with create secure store input 305”, i.e. second key is generated by applying a key derivation algorithm to the password)
encrypting the first cryptographic key by applying an encryption algorithm parameterized by the second cryptographic key; (¶40, “The user device may thereafter encrypt the generated private key using a key derivation function and password provided by user 301 in connection with create secure store input 305”, ¶41, “The keys generated using the user's password and security question answers may thereafter, in one embodiment, by used to encrypt the user's private key”, i.e. first cryptographic key is encrypted with second cryptographic key)
calculating a result of an application of a function to at least one answer associated with a question, the answer being obtained from the user; (¶40, “a string representing a concatenation of one or more user security questions provided in connection with the create secure store input 305. For example, if user 301 indicated in connection with create secure storage input 305, that their favorite color was blue and their high school mascot was an eagle, the user's private key may be encrypted using a key generated from lowercase concatenation of the two answers, e.g., concat ("blueeagle"), and/or the like”, i.e. calculates result of an application function) and 
providing  the ciphertext of said first cryptographic key and at least one value dependent on said result to the a management device for storage, (¶41, “By encrypting the generated private key using information provided by and only known to user 301, the private key may be provided to one or more third parties such as MBIN server 302 while simultaneously not allowing said third parties access to the underlying private key such that they may decrypt objects encrypted using the generated public key”, i.e. the ciphertext of the cryptographic key is provided MBIN server (management device)[said value allowing the user device to determine the password when the user device has the answer to said question].
Mahajan does not teach explicitly,
[A protection method for protecting a first cryptographic key], a user having an identifier [and an associated password], said first cryptographic key being intended to decrypt at least one ciphertext, said method, implemented by a user device, comprising:
[providing  the ciphertext of said first cryptographic key and at least one value dependent on said result to the a management device for storage], said value allowing the user device to determine the password when the user device has the answer to said question.
	However, Lewis teaches,
[A protection method for protecting a first cryptographic key], a user having an identifier (¶23, “This credential may be, but is not limited to, a password, data acquired from a fingerprint scan or data acquired from a retinal scan”, Fig. 1, ¶24, “Credential providers C1 (102) and C2 (104) are user credential drivers for handling a specific type of user credential. Lock Boxes A-D (110, 112, 114, 116) and user profiles (121, 124, 127) are data containers associated with a specific user”, ¶27, “The Lock Box public (unencrypted) data may contain one user identifier associated with a single User Profile that is constant”, ¶28, “the User Profile data container may contain two sections: public (unencrypted) and private (encrypted). The public portion includes a unique identifier that can be used to associate a Lock Box with the User Profile”, i.e. user id associated with a credential)  [and an associated password], said first cryptographic key being intended to decrypt at least one ciphertext, (¶25, “it may also be used to decrypt what it had previously encrypted”, i.e. key is used to decrypt at least one ciphertext) said method, implemented by a user device, comprising:
[providing  the ciphertext of said first cryptographic key and at least one value dependent on said result to the a management device for storage], said value allowing the user device to determine the password when the user device has the answer to said question. (Fig. 5 (506, 508, 510), ¶35, “An answer to the question or questions is then received (step 506). The answer/answers to the question/questions are extended into a password (step 508) and a symmetric key is generated from the password (step 510)”, i.e. password is determined based on the answers).
As per KSR vs Teleflex, combining prior art elements according to known methods (device, product) to yield predictable results may be used to create a prima facie case of obviousness.
It would have been obvious to one of ordinary skill in the art before the effective filing date to have combined the teachings of Lewis with the invention of Mahajan.
Mahajan teaches, generating a key based on password and encrypting a user key with the password generated key. Lewis teaches, providing answers to questions to recover the password. Therefore, it would have been obvious to have providing answers to questions to recover the password of Lewis with generating a key based on password and encrypting a user key with the password generated key of Mahajan to retrieve a key to decrypt sensitive data when a user forget a password.  KSR Int’l v. Teleflex Inc., 127 S. Ct. 1727, 1740-41, 82 USPQ2d 1385, 1396 (2007). 
Regarding Claim 11, it is a system Claim of above method Claim 1 and therefore Claim 11 is rejected with the same rationale as applied against Claim 1 above.
In addition Mahajan discloses a processor (¶80, “a bin template processor running on a user device and/or on a bin cloud server”), a non-transitory medium (¶192, “A non-transitory medium”).

Regarding Claim 13, it is a management device claim reciting claim limitations as a management device perspective. The claim 13 is rejected with the same rationale as applied against method Claim 1 above as user device provides cryptographic data and management device receives cryptographic data.

Regarding Claim 6, rejection of Claim 1 is included and for the same motivation Mahajan teaches,
	The protection method as claimed in 1, furthermore comprising: 
	the user device obtaining the ciphertext of the first cryptographic key from the management device; (Fig. 5, ¶49, “MBIN server 501 may transmit an encrypted private key and an API certificate to user storage device 502”, i.e. the user device obtains encrypted private key)
the user device regenerating the second cryptographic key by applying the key derivation algorithm to at least the password provided by the user; (¶51, “the user secure storage device 502 may then decrypt the received encrypted private key using the password input provided by user 503”); and
	regenerating the first cryptographic key by applying the decryption algorithm corresponding to the encryption algorithm parameterized by the second cryptographic key to the ciphertext of the first cryptographic key. (¶40, “The user device may thereafter encrypt the generated private key using a key derivation function and password provided by user 301 in connection with create secure store input 305.”, ¶51, “the user secure storage device 502 may then decrypt the received encrypted private key using the password input provided by user 503.”, i.e. cryptographic key is regenerated in order to decrypt the encrypted (ciphertext) first key).
	
	Regarding Claim 9, rejection of Claim 1 is included and for the same motivation Mahajan teaches,
	The protection method as claimed in claim 1, comprising, in order to change the password: 
	the user device generating a fifth cryptographic key by applying the key derivation algorithm to at least one new password; (Fig. 5(511), ¶50, “A user PIN selection input, e.g. 511, may be utilized in connection with a cryptographic key derivation function in order to generate a key suitable for encrypting object access keys while at rest on the user secure storage device”, i.e. PIN is considered as new password and a key derivation algorithm is applied to generate a key)
	the user device calculating a new ciphertext of the first cryptographic key by applying the encryption algorithm parameterized by the fifth cryptographic key to the first cryptographic key; (Fig. 5(516, 518), ¶52, “the private key may be immediately recrypted using the PIN enabled encryption key generated earlier, e.g. 518. “)and 
	storing said new ciphertext of the first cryptographic key. (Fig. 5(520), ¶52, “the user secure storage device 502 may store the PIN encrypted private key and the PIN encrypted API certificate in the local device's storage area, e.g. 520, i.e. encrypted key is stored).

	Claims 2-4 are rejected under 35 U.S.C. 103 as being unpatentable over Mahajan et al. (US PGPUB. # US 2015/0134962, hereinafter “Mahajan”), and further in view of Timothy A. Lewis (US PGPUB. # US 2016/0241398, hereinafter “Lewis”), and further in view of Roy Peter D’Souza (US PGPUB. # US 2013/0212393, hereinafter “D’Souza”).

Regarding Claim 2, rejection of Claim 1 is included and combination of Mahajan and Lewis does not teach explicitly,
The protection method as claimed in claim 1, wherein the result corresponds to a third cryptographic key generated by applying a key derivation algorithm to said answer and the value dependent on said result corresponds to an encryption of the password by way of the generated third cryptographic key.
However, D’Souza teaches,
The protection method as claimed in claim 1, wherein the result corresponds to a third cryptographic key generated by applying a key derivation algorithm to said answer and the value dependent on said result corresponds to an encryption of the password by way of the generated third cryptographic key. (¶88, “where the answer that is only known to that user is used to derive a key pair”, ¶89, “generating for each of the n security questions, key pairs SKi, PKi for encryption of subsequently created secret shares derived from the secret, and receiving N distinct questions Q[1] . . . Q[n] along with corresponding answers A[1] . . . A[n] to the N distinct questions Q[1] . . . Q[n] from the user. Encrypted shares are generated by deriving symmetric encryption keys KA[i] based on each of the answers”, ¶90, i.e. thid secret key is generated based on the answer).
As per KSR vs Teleflex, combining prior art elements according to known methods (device, product) to yield predictable results may be used to create a prima facie case of obviousness.
It would have been obvious to one of ordinary skill in the art before the effective filing date to have combined the teachings of D’Souza with the invention of Mahajan in view of Lewis.
Mahajan in view of Lewis teaches, generating a key based on password and encrypting a user key with the password generated key and providing answers to questions to recover the password. D’Souza teaches, generating key based on question and answer. Therefore, it would have been obvious to have generate key based on question and answer of D’spuza into the teachings of Mahajan in view of Lewis to retrieve a forgotten password based on the answers to derive a key.  KSR Int’l v. Teleflex Inc., 127 S. Ct. 1727, 1740-41, 82 USPQ2d 1385, 1396 (2007). 

Regarding Claim 3, rejection of Claim 2 is included and for the same motivation Mahajan does not teach explicitly,
The protection method as claimed in claim 2, comprising, in order to determine the password from an answer obtained by the user device for said question: 
the user device obtaining said ciphertext of the password and the corresponding question; 
calculating a fourth cryptographic key by applying the key derivation algorithm to the question and to the answer obtained from the user; 
calculating a current password by applying the decryption algorithm corresponding to the encryption algorithm parameterized by the calculated fourth cryptographic key to the ciphertext of the obtained password.
	However, Lewis teaches,
The protection method as claimed in claim 2, comprising, in order to determine the password from an answer obtained by the user device for said question: 
the user device obtaining said ciphertext of the password and the corresponding question; (Fig. 5(504), ¶35, “The firmware retrieves a security question from the public portion of the User Profile and conveys it to the user (step 504). The number of questions to present is a configurable policy”)
calculating a fourth cryptographic key by applying the key derivation algorithm to the question and to the answer obtained from the user;  (Fig. 5(506. 508, 510), ¶35, “An answer to the question or questions is then received (step 506). The answer/answers to the question/questions are extended into a password (step 508) and a symmetric key is generated from the password (step 510)”)
calculating a current password by applying the decryption algorithm corresponding to the encryption algorithm parameterized by the calculated fourth cryptographic key to the ciphertext of the obtained password. (Fig. 5(506. 508, 510), ¶35, “An answer to the question or questions is then received (step 506). The answer/answers to the question/questions are extended into a password (step 508) and a symmetric key is generated from the password (step 510)”).
Regarding Claim 4, rejection of Claim 1 is included and combination of Mahajan and Lewis does not teach explicitly,
	The protection method as claimed in claim 1, wherein the function is an (n-1)th- degree polynomial, n being greater than or equal to two, n corresponding to a number of questions to be asked to the user in order to determine the password, said polynomial taking the value of the password at zero and the value dependent on said result corresponds to said result.
	However, D’Souza teaches,
	The protection method as claimed in claim 1, wherein the function is an (n-1)th- degree polynomial, n being greater than or equal to two, n corresponding to a number of questions to be asked to the user in order to determine the password, said polynomial taking the value of the password at zero and the value dependent on said result corresponds to said result. (¶90, “a number n of security questions, and a threshold value k (the minimal number of security questions that user needs to answer correctly in order to recover its secret, password or passphrase), from the user.”, ¶91, “If, for example, the user forgets the secret (for example, password), an embodiment further includes prompting the user to select and provide answers A'[1] . . . A'[k] to the k security questions Q[1] . . . Q[k], downloading, by the user device, encrypted shares ESS[1] . . . ESS[k] and encrypted keys ESK[1] . . . ESK[k], deriving keys KA[1] . . . KA[k] from the provided answers A'[1] . . . A'[k]; (an incorrect answer yields an incorrect key), attempting to decrypt ESK[1] . . . ESK[k] using the keys KA[1] . . . KA[k], obtaining the secret keys SK[1] . . . SK[k], decrypting the encrypted shares ESS[1] . . . ESS[k] using the secret keys SK[1] . . . SK[k], obtaining the secret shares SS[1] . . . SS[k] based on the encrypted shares ESS[1] . . . ESS[k], recovering the password or the symmetric encryption key PWD_K using the secret shares SS[1] . . . SS[k] if the provided answers A'[1] . . . A'[k] are correct”, i.e. n questions are asked in order to determine the password).

Claim 5 is rejected under 35 U.S.C. 103 as being unpatentable over Mahajan et al. (US PGPUB. # US 2015/0134962, hereinafter “Mahajan”), and further in view of Timothy A. Lewis (US PGPUB. # US 2016/0241398, hereinafter “Lewis”), and further in view of Roy Peter D’Souza (US PGPUB. # US 2013/0212393, hereinafter “D’Souza”), and further in view of Benson et al. (US PGPUB. # US 2017/0250979, hereinafter “Benson”).

Regarding Claim 5 rejection of Claim 1 is included and combination of Mahajan and Lewis does not teach explicitly,
	The protection method as claimed in claim 1, wherein the function is a bijective (n- 1)th-degree polynomial, n being greater than or equal to two, n corresponding to a number of questions to be asked to the user in order to determine the password, the value dependent on said result corresponds to said result and the user device furthermore provides the result of the application of the function to the password to the management device for storage.
	However, D’Souza teaches,
	The protection method as claimed in claim 1, [wherein the function is a bijective (n- 1)th-degree polynomial], n being greater than or equal to two, n corresponding to a number of questions to be asked to the user in order to determine the password, the value dependent on said result corresponds to said result and the user device furthermore provides the result of the application of the function to the password to the management device for storage. (¶89, “a number n of security questions, and a threshold value k (the minimal number of security questions that user needs to answer correctly in order to recover its secret, password or passphrase), from the user”, ¶91, ¶95).
As per KSR vs Teleflex, combining prior art elements according to known methods (device, product) to yield predictable results may be used to create a prima facie case of obviousness.
It would have been obvious to one of ordinary skill in the art before the effective filing date to have combined the teachings of D’Souza with the invention of Mahajan in view of Lewis.
Mahajan in view of Lewis teaches, generating a key based on password and encrypting a user key with the password generated key and providing answers to questions to recover the password. D’Souza teaches, generating key based on question KSR Int’l v. Teleflex Inc., 127 S. Ct. 1727, 1740-41, 82 USPQ2d 1385, 1396 (2007). 
	Combination of Mahajan, Lewis and D’Souza does not teach explicitly,
	The protection method as claimed in claim 1, wherein the function is a bijective (n- 1)th-degree polynomial, [n being greater than or equal to two, n corresponding to a number of questions to be asked to the user in order to determine the password, the value dependent on said result corresponds to said result and the user device furthermore provides the result of the application of the function to the password to the management device for storage].
	However, Benson teaches,
	The protection method as claimed in claim 1, wherein the function is a bijective (n- 1)th-degree polynomial, (Fig. 6, Fig. 7, Fig. 8, Fig. 9, ¶43-¶44, ¶108, “With reference to FIG. 8, a bijection, bijective function or one-to-one correspondence is a function between the elements of two sets, where every element of one set is paired with exactly one element of the other set, and every element of the other set is paired with exactly one element of the first set”) [n being greater than or equal to two, n corresponding to a number of questions to be asked to the user in order to determine the password, the value dependent on said result corresponds to said result and the user device furthermore provides the result of the application of the function to the password to the management device for storage].
As per KSR vs Teleflex, combining prior art elements according to known methods (device, product) to yield predictable results may be used to create a prima facie case of obviousness.
It would have been obvious to one of ordinary skill in the art before the effective filing date to have combined the teachings of Benson with the invention of Mahajan in view of Lewis and D’Souza.
Mahajan in view of Lewis and D’Souza teaches, generating a key based on password and encrypting a user key with the password generated key and providing answers to questions to recover the password and generating key based on question and answer. Benson teaches, utilizing bijective function to match device with the device ID. Therefore, it would have been obvious to have utilizing bijective function to match device with the device ID of Benson into the teachings of Mahajan in view of Lewis and D’Souza to retrieve a forgotten password based on the answers to derive a key.  KSR Int’l v. Teleflex Inc., 127 S. Ct. 1727, 1740-41, 82 USPQ2d 1385, 1396 (2007). 

Claim 7 is rejected under 35 U.S.C. 103 as being unpatentable over Mahajan et al. (US PGPUB. # US 2015/0134962, hereinafter “Mahajan”), and further in view of Timothy A. Lewis (US PGPUB. # US 2016/0241398, hereinafter “Lewis”), and further in view of Provencher et al. (US PGPUB. # US 2008/0313473, hereinafter “Provencher”).

Regarding Claim 7, rejection of Claim 6 is included and combination of Mahajan and Lewis does not teach explicitly,
	The protection method as claimed in claim 6, comprising verifying  integrity of the regenerated first cryptographic key by way of a public key associated with the first cryptographic key stored in association with the ciphertext of said first cryptographic key.
	However, Provencher teaches,
	The protection method as claimed in claim 6, comprising verifying  integrity of the regenerated first cryptographic key by way of a public key associated with the first cryptographic key stored in association with the ciphertext of said first cryptographic key. (¶57, “The processing module sends the password 215 to the symmetric key generator 252 to generate an administrator secret key 231. This secret key 231 is used to decrypt the encrypted administrator private key 227 received from the computer 201 with a symmetrical encryption algorithm 257. Before decryption, the encrypted administrator private key 227 integrity is verified by the signing module 258”, i.e. integrity of generated key is verified).
As per KSR vs Teleflex, combining prior art elements according to known methods (device, product) to yield predictable results may be used to create a prima facie case of obviousness.
It would have been obvious to one of ordinary skill in the art before the effective filing date to have combined the teachings of Provencher with the invention of Mahajan in view of Lewis.
KSR Int’l v. Teleflex Inc., 127 S. Ct. 1727, 1740-41, 82 USPQ2d 1385, 1396 (2007). 

Claim 8 is rejected under 35 U.S.C. 103 as being unpatentable over Mahajan et al. (US PGPUB. # US 2015/0134962, hereinafter “Mahajan”), and further in view of Timothy A. Lewis (US PGPUB. # US 2016/0241398, hereinafter “Lewis”), and further in view of Ashfaq Kamal (US PGPUB. # US 2018/0288033, hereinafter “Kamal”).

Regarding Claim 8, rejection of Claim 6 is included and combination of Mahajan and Lewis does not teach explicitly,
	The protection method as claimed in claim 6, comprising verifying (El') the integrity of the regenerated first cryptographic key by way of a ciphertext of the user's identifier through said first cryptographic key stored in association with the ciphertext of said first cryptographic key.
	However, Kamal teaches,
	The protection method as claimed in claim 6, comprising verifying  the integrity of the regenerated first cryptographic key by way of a ciphertext of the user's identifier through said first cryptographic key stored in association with the ciphertext of said first cryptographic key. (¶53, “a unique ID for a user; (b) generating, by the computing device, a public /private key pair associated with the unique ID for the user; (c) receiving, at the computing device, at least two images, a first image associated with a document indicative of an identification of the user and the second image including an image of the user”).
As per KSR vs Teleflex, combining prior art elements according to known methods (device, product) to yield predictable results may be used to create a prima facie case of obviousness.
It would have been obvious to one of ordinary skill in the art before the effective filing date to have combined the teachings of Kamal with the invention of Mahajan in view of Lewis.
Mahajan in view of Lewis teaches, generating a key based on password and encrypting a user key with the password generated key and providing answers to questions to recover the password. Kamal teaches, verifying integrity of a key based on user identifier. Therefore, it would have been obvious to have verifying integrity of a key based on user identifier of Kamal into the teachings of Mahajan in view of Lewis to ensure that the regenerated key is not compromised.  KSR Int’l v. Teleflex Inc., 127 S. Ct. 1727, 1740-41, 82 USPQ2d 1385, 1396 (2007). 

Claim 10 is rejected under 35 U.S.C. 103 as being unpatentable over Mahajan et al. (US PGPUB. # US 2015/0134962, hereinafter “Mahajan”), and further in view of Timothy A. Lewis (US PGPUB. # US 2016/0241398, hereinafter “Lewis”), and Yoshida et al. (US PGPUB. # US 2011/0060903, hereinafter “Yoshida”).

Regarding Claim 10, rejection of Claim 9 is included and combination of Mahajan and Lewis does not teach explicitly,
	The protection method as claimed in claim 9, wherein a proof of knowledge is stored in association with the ciphertext of the first cryptographic key and said proof of knowledge is verified before said new ciphertext of the first cryptographic key is stored.
	However, Yoshida teaches,
	The protection method as claimed in claim 9, wherein a proof of knowledge is stored in association with the ciphertext of the first cryptographic key and said proof of knowledge is verified before said new ciphertext of the first cryptographic key is stored. (¶19, ¶157, “The signature verifying section 16 verifies the correctness of the zero -knowledge proof in the group signature based on the group signature, the message, the public parameter and the group public key in the storage section 11 for the group administrator”).
As per KSR vs Teleflex, combining prior art elements according to known methods (device, product) to yield predictable results may be used to create a prima facie case of obviousness.
It would have been obvious to one of ordinary skill in the art before the effective filing date to have combined the teachings of Yoshida with the invention of Mahajan in view of Lewis.
KSR Int’l v. Teleflex Inc., 127 S. Ct. 1727, 1740-41, 82 USPQ2d 1385, 1396 (2007). 

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.  Refer to PTO-892, Notice of References Cited for a listing of analogous art.
Xiaoyan Qian (US PGPUB. # US 2017/0142082) discloses, providing secure deposit and recovery of secret data based on a secret of a user, such as a password, a shared secret from a recovery server, and a secret from a recovery peer. The secret data is encrypted with these three secrets and stored remote from the user device to only allow the user to recover the secret data without compromising the secrecy of the secret data. Systems and methods for decoupling a password from the secret data the password protects is also provided to allow resetting the password or recovering the secret data to be separate operations that can be carried out independently. Another aspect provides for a user account to be securely recovered using a recovery peer to verify ownership of the user account.
Haider et al. (US PGPUB. # US 2018/0013562) discloses, securely share information among groups of users having various roles, such as doctors and patients. Confidential information may be encrypted client-side, with private keys that reside solely client side. Encrypted collections of data may be uploaded to, and hosted by, a server that does not have access to keys suitable to decrypt the data. Other users may retrieve encrypted data from the server and decrypt some or all of the data with keys suitable to gain access to at least part of the encrypted data. The system includes a key hierarchy with multiple entry points to a top layer by which access is selectively granted to various users and keys may be recovered.
Canetti et al. (US PGPUB. # US 2008/0049939) discloses a method for key creation and recovery based on solutions to puzzles solvable by humans and not computers. In some exemplary embodiments, the key is created and recovered based on the solution(s) in conjunction with the password entered by the user. The puzzle(s) is selected based on the password used by the user from a puzzle database containing multiple puzzles that is greater in number to the number of puzzles used in conjunction with a particular password.
Kamath et al. (US PGPUB. # US 2014/0140508) discloses, obtaining a user's username and password. A random key is generated for use as a master key. The master key is encrypted using the password to create an encrypted master key. A hash function is performed on the password to create a password hash. A random key is generated for use as a content key for encrypting the user's selected content. The content key is encrypted using the master key to create an encrypted content key. The selected content is encrypted using the content key to create encrypted content. The 
Estehghari et al. (US PGPUB. # US 2015/0304315) discloses, a method provide for shared access to a database in a semi-trusted platform. In the method, for each of a set of users, provision is made for regenerating a respective user key, based on a respective predefined user input, such as a hashed password. One or more of the users is authorized to have access to an encrypted database. For each of these, the method includes encrypting a key for the encrypted database with the respective user's user key to generate an encrypted database key. During a user session, one of the authorized users is provided with access to the encrypted database by decrypting the database key from the encrypted database key with the respective user's user key, and decrypting the database, from the encrypted database, with the database key. The database key and each user's user key are not stored on the platform and are thus inaccessible to platform administrators and unauthorized users between user sessions.
Marion et al. (US PAT. # US 9,634,999) discloses, a master key is secured using a password-based key to generate a first encryption information. The password-based key is generated based at least in part on a password associated with a mobile device. The master key is also secured using an unlock key to generate a second encryption information. The unlock key is stored at a server, and in certain cases is not stored on the mobile device. The first encryption information and the second encryption information are stored on the mobile device. The mobile device is configured to extract .
THIS ACTION IS MADE FINAL.  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to DARSHAN I DHRUV whose telephone number is (571)272-4316.  The examiner can normally be reached on M-F 9:00 AM-5:00 PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.

Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.






/DARSHAN I DHRUV/Primary Examiner, Art Unit 2498