Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Priority 
This application is a continuation of U.S. patent application Ser. No. 14/866,217, (now U.S. Pat. No. 10454900 B2) which was filed on Sep. 25, 2015. is hereby incorporated herein by reference in its entirety. Priority to U.S. patent application Ser. No. 14/866,217 is hereby claimed.
Information Disclosure Statement
The information disclosure statement (IDS) submitted on 09/27/2019 was filed along with the mailing date of the Non-Provisional Patent application on 09/27/2019. The submission is in compliance with the provisions of 37 CFR 1.97.  Accordingly, the information disclosure statement is being considered by the examiner.
DETAILED ACTION
This Office Action is in response to a Non-Provisional Patent application received on 09/27/2019. In the application, claims 1-20 have been received for consideration and have been examined.
Drawings
Applicant’s submitted drawings have been reviewed and have been accepted. 
Specification
Applicant’s submitted specification has been reviewed and has been accepted.

Claim Rejections - 35 USC § 112
The following is a quotation of the first paragraph of 35 U.S.C. 112(a):
(a) IN GENERAL.—The specification shall contain a written description of the invention, and of the manner and process of making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it pertains, or with which it is most nearly connected, to make and use the same, and shall set forth the best mode contemplated by the inventor or joint inventor of carrying out the invention.

Claims 2-5, 9-12 and 16-19 are rejected under 35 U.S.C. 112(a), as failing to comply with the written description requirement. The claim(s) contains subject matter which was not described in the specification in such a way as to reasonably convey to one skilled in the relevant art that the inventor or a joint inventor, at the time the application was filed, had possession of the claimed invention. 
Dependent claim 2 with all limitations 2(a) – 2(e) have been examined, however, they lack written description support in the instant disclosure. As presented in the claims, the invention requires based on the instructions forwarded by a server to a client device to perform items in limitations 2(a) – 2(e). Examiner consulted the specification for the support of these steps and notice that disclosure does not provide concrete support as to which device (server/client) is bound to perform the above limitations, nor is there support for several of the limitations. 
For example instant disclosure paragraph [0029] recites “FIG. 3 is a flow diagram illustrating a technique for distributed cryptographic key wrapping according to one or more embodiments. In one or more embodiments, part or all of the technique may be performed by application 240 on local device 205. In addition, some of the tasks may be performed by server 250 or 275. Although the various tasks in the flow chart are illustrated in a particular order, in one or more embodiments, any of the various tasks may be performed in a different order, or simultaneously with other tasks. Further, in one or more embodiments, certain tasks may be omitted, other tasks may be added, and tasks illustrated separately may be combined”.
Examiner find these ‘weasel statements’ in the paragraph not demonstrating that applicant has envisioned or possession of every permutation of the method.  As a rudimentary example, some of the statements are technically impossible. For example, the paragraph recites “any of the various tasks may be performed in a different order”, yet there are steps with dependencies (such as generating KEK from master password and KEK salt 308 requires getting the password and salt 306).  The specification does not support the client performing the steps of 2(a) – 2(c) and then transmitting the encrypted Content Encryption Key (CEK) to the server in step 2(d).  
Similar lack of written description has been noticed for limitations of dependent claims 2(e), 3(g), and 4(d). The specification does not have support for the concept of “deleting” various keys. At most paragraph [0035] states that “In one embodiment, the key encryption key salt is not stored by the local device 205, but only by the server 250/275, and the key encryption key is not stored by either the local device 205 or the server 250/275”. 
The statement in [0035] is technically impossible because in order for the various Key Encryption Keys (KEKs) to exist it must have been stored at some point by these devices.  Furthermore “not storing” something does not teach “deleting” something.
Dependent claims 9 and 16 contain similar 112(a) written description issues as mentioned regarding claim 2 and are rejected on same grounds.
5, 12 and 19 also lack written description support. Independent Claim 1 recites “decrypting an encrypted local storage key with a cloud key”.  Then claim 5 recites “decrypting the encrypted local storage key with the [derived] online key encryption key [that was derived using the cloud key]”.  The “decrypting” of the Local Storage Key (LSK) cannot happen both with the cloud key and a different derived KEK. These are mutually exclusive alternatives, as disclosed by applicant (Applicant’s specification par [0038]).  Claim 4 suffers from this same issue, however with the “encrypting” step relative to claim 3.  Claim 3 is consistent with current claim 1, the LSK is encrypted with the cloud key.  Claim 4, however, is consistent with current claim 5, where the LSK is encrypted with a derived key (and thus would not be decryptable “with the cloud key”).   

The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.


Claim 1 recites “A server comprising …”. Claim further recites “the executable instructions, when executed at the client deice, to cause the client device to: …”. The scope of the claim is unclear because the claim is written and directed to a server while the body of the claim recite functions performed by the client device. Further, the client device is not a part of the server, therefore the client device is considered ‘outside the scope’ of the claimed invention. 
Dependent claims 2-7 inherit this deficiency.
8 recites “At least one of a storage device or storage disk, comprising instructions that, when executed, cause a client device to at least:”. It is unclear if “a storage device or storage disk” is part of the client device or is a separate device. 
Dependent claim 9-14 inherit this deficiency.
 
Dependent claims 2-4, 9-11 and 16-18 are rejected under 35 U.S.C. 112(b), as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor, regards as the invention.
	Claims 2, 9 and 16 recite in first limitation “generate the content encryption key”. It is unclear for an ordinary skill in the art before the effective filing date of the claimed invention to comprehend if “the content encryption key” recited in the claims 2, 9 and 16 is the same 
“a content encryption key” which is included in the ‘key bag’ of third limitation of independent claims 1, 8 and 15 OR a new content encryption key is being generated in the first limitation of claims 2, 9 and 16. 
Therefore, claims 2, 9 and 16 first limitation lacks antecedent basis for “the content encryption key” and render the claims indefinite. Dependent claims inherit these deficiencies. 





Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. 
Scheidt	 (US20030172280A1) discloses Access control and authorization system.
Mylavarapu (US20140237627A1) discloses A system for protecting data in a mobile environment.
Allen (US20020126850A1) discloses A key management system includes secured data stored on a first system secured by a control key stored securely on a key server.
Qian (US20170142082A1) discloses a cryptographic systems and methods for decoupling a password from the secret data the password protects is also provided to allow resetting the password or recovering the secret data to be separate operations that can be carried out independently. 
Torkkel (US20130159699A1) discloses a methods and apparatus for enabling a user to secure an encryption key with a user secret, which is used to provide a device with access to the encryption key for encrypting and decrypting data.

Any inquiry concerning this communication or earlier communications from the examiner should be directed to SYED M AHSAN whose telephone number is (571)272-5018. The examiner can normally be reached 8:30 AM - 6:00 PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is 
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jeffery L. Nickerson can be reached on 469-295-9235. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/SYED M AHSAN/Patent Examiner, Art Unit 2432