Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
This Office Action is in response to Application No. 16/566,035 filed on 9/10/2019.
Claims 1-20 have been examined and are pending in this application.
Priority
Acknowledgment is made of Applicant’s claim for priority under 35 U.S.C. 119 (e) Parent Application No. 62/729,334 filed on 09/10/2018.
Information Disclosure Statement
The information disclosure statement (IDS) submitted on 5/11/2021 and 04/18/2022, are in compliance with the provisions of 37 CFR 1.97. Accordingly, the information disclosure statement is being considered by the examiner.
Claim Objections
Claims 1-2, 10-11, and 15-20 are objected to because of the following informality:
Regarding Claim 1-2, 10-11, and 19-20, claim 1-2, 10-11, and 19-20 have commas “,” instead of semicolon “;” within the limitations of the claim.
Regarding claims 15-18, claims 15-18 appear to depend of claims 3, 4 and 6, however claims 3, 4 and 6 are non-transitory computer-readable medium claims. For the purposes of examination, the Examiner interprets the system claim 15 to depend on the system claim 13, the system claim 16 to depend on the system claim 13, the system claim 17 to depend of the system claim 16, and the system claim 18 to depend of the system claim 16.
Appropriate corrections are required.
Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.


The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.

Claims 3, and 12 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA  35 U.S.C. 112, the applicant), regards as the invention.
Regarding claim 3, 12,  claim 3, 12  line 3 recite the element “at least one cryptographic value”. The claims previously introduce the elements of “at least one cryptographic value” in claims 1 and 10 line 4, and as a result, lacks proper antecedent basis. Appropriate correction to “at least one cryptographic value” is required to ensure proper claim interpretation.
Claim Rejections - 35 USC § 101
35 U.S.C. 101 reads as follows: 
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.

Claims 10-18  are rejected under 35 U.S.C. 101 as being directed to non-statutory subject matter.
Regarding claim 10, the claim calls for a system; however, there is no hardware element found within the claimed system. As recited in the body of the claim, the claimed system contains the following modules/features/elements: “instructions” , “a caller of an application programing interface”, and  “logic contained within the API”.  Under the broadest reasonable interpretation “an application programing interface is a  software component. As a result, claim 10 is directed to non-statutory subject matter. The Examiner respectfully suggests that the claim be further amended to positively recites at least one hardware element within the body of the claim to make the claim statutory subject matter under 35 U.S.C. 101.
Regarding claims 11-18, claims 11-18 are also rejected for being directed to a non-statutory subject matter. 
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1-2, 10-11, and 19-20 are rejected under 35 U.S.C. 103 as being unpatentable over Dillaway (S.S. Application 7545931 B2; Hereinafter “Dillaway”) in view of Ionescu et al. (U.S. Application 20170322836 A1; Hereinafter “Ionescu”).
Regarding claim 1, Dillaway teaches a non-transitory computer-readable medium storing instructions configured and arranged for encrypting information passed between a caller of an application programing interface (API) and logic contained within the API, the instructions comprising (Dillaway: Claim 29 fig. 1 “A computer-readable storage medium on which is stored instructions to be executed by a computer, said instructions comprising: a first function which is invoked by a first function call comprising application data, wherein the first function encrypts the application data and stores the encrypted data, wherein the encryption is based at least in part on invariant machine-specific entropy and first evidence corresponding to a code component calling the first function”):
collecting and aggregating entropy from at least one entropy source (Dillaway: column 8 line 38-48 fig. 4 “SSC 403 retrieves, in step 503, the trusted evidence for the requesting code component from evidence provider 407. After receiving the evidence, SSC 403 may convert the evidence into a byte array representation. That is, when the evidence is in the form of a character string, the SSC may convert the character string representation into a byte array representation of the data. In step 505, SSC 407 retrieves the machine-specific entropy byte array. These may be retrieved by running an algorithm within the SSC, or could be materialized on a byte-by-byte basis as required for computation of the key.”),
performing a cryptographic operation, a result of said cryptographic operation comprising at least one cryptographic parameter (encrypted secret)(Dillaway: column 9 line 12-21“ In step 511, the SSC encrypts S using key K (and the initialization vector, when required). In one aspect of the invention, regular, double, or triple DES encryption may be used as the encryption algorithm. In other aspects of the invention, advanced encryption standard (AES) or RC4 may be used. However, any encryption algorithm may be used that provides a strong symmetric cipher. Finally, in step 513, SCC 403 stores the encrypted secret in persistent data store 409 (e.g., a database or file), along with the initialization vector (when used).”), and
	Dillaway does not explicitly teach determining at least one cryptographic value for use by the API caller, performing an API operation using the at least one cryptographic parameter.
In an analogous art, Ionescu teaches determining at least one cryptographic value for use by the API caller (Ionescu: Para[0049] fig 1. “For example, a processor may execute a program and track the tagged first variable used as an input in the cryptographic API call. The processor may determine that the cryptographic API call is next to be executed by the program because of the tagged first variable.”,
performing an API operation using the at least one cryptographic parameter (Ionescu: para[0057-0058], “In some embodiments, operations 110 and 112 may be performed together. For example, a statement may be SecureRandom(variable1), and variable1 may be tainted. A computer system may insert a pseudo-random number generator into the statement, making the statement read SecureRandom(PRNG(variable1)). Even though variable1 is tainted, it may now be transformed by a non-deterministic function, and the pseudo-random number generator may generate a second variable at the same time as replacing variable1”, “After replacing the first variable with a second variable at operation 112, the cryptographic API call may be executed with the second variable as an input at operation 114”).
Therefore, it would have been obvious to a person having ordinary skill in the art, before the effective filling date of the claimed invention, to combine the teaching of Ionescu into the computer-readable medium of Dillaway  to include determining at least one cryptographic value for use by the API caller because it will add more layer of protection from potential attacker, it would be less vulnerable to decryption (Ionescu: para [0025]).
Regarding claim 2, Dillaway in view of Ionescu teaches the independent claim 1. Dillaway additionally teach wherein the at least one entropy source comprises at least one of environmental entropy, static entropy, and parameter entropy (Dillaway: column 7 line 2-8, “Reliable random number generators may use a hardware source of randomness if available, or it may use a software random number generator that uses multiple sources of unpredictable events such as a hard disk head position, time between keyboard entries, and so forth.”); 
wherein the cryptographic operation comprises at least one of an encryption operation and a decryption operation (Dillaway: column 6 line 52-61, “In addition to publishing functions for code components to use, SSC 403 may retrieve trusted code evidence associate with code components requesting SSC services, securely store SSC (or machine-specific) internal entropy data, compute encryption keys unique for each code component by combining trusted code evidence with SSC internal entropy data, encrypt and decrypt secret data using predefined cryptographic algorithms, and provide persistent storage of encrypted secrets.”); 
wherein performing the cryptographic operation comprises: generating a cryptographic key using the aggregated entropy (Dillaway: column 8 line 49-55 “In step 507, SSC 403 calculates the cryptographic key K that will be used to encrypt the secret S by combining the evidence with the entropy. In one aspect of the invention, key K may be defined as the first n bits of HASH(Entropy,Evidence), where n is the required key size for the encryption algorithm (step 511, below).”), and 
Ionescu teaches wherein the least one cryptographic value comprises one or more of at least one encrypted parameter value, at least one unencrypted parameter value, at least one encrypted return value, at least one unencrypted return value, at least one encrypted binary large object (BLOB) memory allocation value, and at least one unencrypted BLOB memory allocation value (Ionesco: para [0045], [0071], [0075] fig. 3 “the processor may determine if the first variable references a static value by performing a backward slice at the cryptographic API call and examining the statement(s) that affect the cryptographic API call's input (e.g., the first variable). The processor may then determine if the statement(s), when executed, cause the first variable to be cryptographically secure (e.g., the first variable references a random or pseudo-random number). For example, a processor may analyze a cryptographic API call of SecureRandom(Seed), where Seed may be a first variable and may be affected by the statements Seed=5−z, and z=4. The processor may determine that the statement, when executed, causes Seed to be cryptographically insecure because a static value of 1 is always produced for Seed due to the deterministic nature of the SecureRandom class (e.g., Seed=5−4=1).”); 
performing a cryptographic transformation on the cryptographic value to obtain the cryptographic parameter (Ionescu: para [0049-0052] “the computer system may generate a second variable to replace the first variable at operation 110”, “the second variable may reference a random or pseudo-random value seeded by a user. For example, the cryptographic API call may include a SecureRandom(seed) statement, where the seed is the first variable and references a static value of 45.”);
wherein performing an API operation comprises at least one of: sending at least one cryptographic parameter to the API caller (Ionescu: para [0055], “After generating a second variable at operation 110, the method 100 may continue to operation 112, where the first variable in the cryptographic API call may be replaced automatically with the second variable. In some embodiments, the first variable may be replaced during execution of the program. This may be done by removing the first variable from the cryptographic API call and inserting the second variable into the cryptographic API call.”), and 
executing the API logic using the at least one cryptographic parameter (Ionescu:[0058], “After replacing the first variable with a second variable at operation 112, the cryptographic API call may be executed with the second variable as an input at operation 114”). 
Regarding claim 10, claim 10 is rejected under the same rational as claim 1.
Regarding claim 11, claim 11 is rejected under the same rational as claim 2.

Regarding claim 19, claim 19 is rejected under the same rational as claim 1.
Regarding claim 20, claim 20 is rejected under the same rational as claim 2.

Claims 4, 6-8, 13, 15 -17 are rejected under 35 U.S.C. 103 as being unpatentable over Dillaway (S.S. Application 7545931 B2; Hereinafter “Dillaway”) in view of Ionescu et al. (U.S. Application 20170322836 A1; Hereinafter “Ionescu”), and further in view of Nordstrom et al. (U.S. Application 20200304492 A1; Hereinafter “Nordstrom”).
Regarding claim 4, Dillaway in view of Ionescu teaches the dependent claim 2. 
Dillaway in view of Ionescu does not explicitly teach wherein collecting and aggregating entropy from at least one entropy source comprises generating a binary large object (BLOB) with a BLOB memory allocation sufficient to store the cryptographic value.
In an analogous art, Nordstrom teaches wherein collecting and aggregating entropy from at least one entropy source comprises generating a binary large object (BLOB) with a BLOB memory allocation sufficient to store the cryptographic value (Nordstrom: column 24 line 48-54, 7A-B, “The CreatePin( )function illustrated in FIG. 7B may also be used to generate an encrypted data blob”, column 23 line 18-27“Application management client certificate support on iOS may rely on importing a public-key cryptography standards (PKCS) 12 BLOB (Binary Large Object) into the iOS keychain in each managed application for each period of use. Application management framework client certificate support may use a HTTPS implementation with private in-memory key storage.”).
Therefore, it would have been obvious to a person having ordinary skill in the art, before the effective filling date of the claimed invention, to combine the teaching of Nordstrom into the modified computer-readable medium of Dillaway to include wherein collecting and aggregating entropy from at least one entropy source comprises generating a binary large object (BLOB) with a BLOB memory allocation sufficient to store the cryptographic value because it will optimize the storage for storing massive amounts of unstructured data and protect the data (Nordstrom: column 32 line 46-68).
Regarding claim 6, Dillaway in view of Ionescu and further in view of Nordstrom teaches the dependent claim 4. Nordstrom teaches wherein the BLOB comprises at least one of an encrypted BLOB and an unencrypted BLOB (Nordstrom: column 24 line 60-68, “Returning to FIG. 7B and with reference to element 718B, the data blob may include a user ID (e.g., a username, user account number, etc.) and/or a device ID (e.g., a MAC address, a serial number, an IMEI number, etc.). The data blob may also include a random or pseudorandom number, which is referred to as “salt” in the pseudo code illustrated in FIG. 7B. The random or pseudorandom number may be, for example, 128 bytes long.”, column 25line 1-5, “With reference to element 718A, the data blob may also include time data, which may be used to generate a time-limited ticket or key”).
Regarding claim 7, Dillaway in view of Ionescu and further in view of Nordstrom teaches the dependent claim 4. Nordstrom teaches wherein performing the cryptographic operation further comprises: populating the BLOB memory allocation with the cryptographic value (Nordstrom: column 25 line 23-26, “The client device 702 may also securely clear from its memory (e.g., scrub or overwrite) the PIN and/or the data blob by calling, for example, the SecureZeroMemory( ) function or any other function to securely remove the PIN and/or the data blob from memory.”); 
performing the cryptographic transformation on the BLOB to obtain a transformed BLOB (Nordstrom: column 25 line 14-19, “In step 722A (and similarly step 722 illustrated in FIG. 7A), the client device 702 may encrypt the data blob, including the user's PIN, the metadata identifying the client device and/or user, and the time data. The data blob may be encrypted using the server's public key”);
Regarding claim 8, Dillaway in view of Ionescu and further in view of Nordstrom teaches the dependent claim 7. Nordstrom teaches, wherein sending at least one cryptographic parameter to the API caller comprises sending the transformed BLOB to the API caller (Nordstrom: column 25 line 19-21, “In step 722B, the client device 702 may send the encrypted data blob to the server 704 via TLS, SSL, or any other encryption protocol.”).
Regarding claim 13, claim 13 is rejected under the same rational as claim 4.
Regarding claim 15, claim 15 is rejected under the same rational as claim 6.
Regarding claim 16, claim 16 is rejected under the same rational as claim 7.
Regarding claim 17, claim 17 is rejected under the same rational as claim 8.

Claims 3 and 12 are rejected under 35 U.S.C. 103 as being unpatentable over Dillaway (S.S. Application 7545931 B2; Hereinafter “Dillaway”) in view of Ionescu et al. (U.S. Application 20170322836 A1; Hereinafter “Ionescu”), and further in view of Thom et al. (U.S. Application 20160117262 A1; Hereinafter “Thom”).
Regarding claim 3, Dillaway in view of Ionescu teaches the dependent claim 2. 
Dillaway in view of Ionescu does not explicitly teach wherein the parameter entropy comprises at least one attribute associated with at least one cryptographic value.
In an analogous art, Thom teaches wherein the parameter entropy comprises at least one attribute associated with at least one cryptographic value (Thom: [0027] FIG. 2 “illustrates an embodiment logic flow for functioning within the embodiment hybrid security context 125 of FIG. 1 wherein a seed value 105 is associated 150 with the output, i.e., key(s) 110, of a KDF, e.g., KDF-ONE 120. In an embodiment the KDF, e.g., KDF-ONE 120, generates one or more keys 110 randomly each time it is executed, i.e., each time the KDF is executed it will generate new key(s) with no regard or association to any prior key(s) it previously generated.”).
Therefore, it would have been obvious to a person having ordinary skill in the art, before the effective filling date of the claimed invention, to combine the teaching of Thom into the modified computer-readable medium of Dillaway to include wherein the parameter entropy comprises at least one attribute associated with at least one cryptographic value because it will protect the data from unauthorized attackers (Thom: para[0019]).
Regarding claim 12, claim 12 is rejected under the same rational as claim 3.

Claims 5, 9, 14, and 18 are rejected under 35 U.S.C. 103 as being unpatentable over Dillaway (S.S. Application 7545931 B2; Hereinafter “Dillaway”) in view of Ionescu et al. (U.S. Application 20170322836 A1; Hereinafter “Ionescu”), in view of Nordstrom et al. (U.S. Application 20200304492 A1; Hereinafter “Nordstrom”), and further in view of Thom et al. (U.S. Application 20160117262 A1; Hereinafter “Thom”).
Regarding claim 5, Dillaway in view of Ionescu and in view of Nordstrom teaches the dependent claim 4. 
Dillaway in view of Ionescu, and in view of Nordstrom  does not explicitly teach wherein the parameter entropy comprises BLOB entropy derived from the BLOB .
In an analogous art, Thom teaches wherein the parameter entropy comprises BLOB entropy derived from the BLOB (Thom: para[0042], “In an embodiment the digested seed value 325 is associated with the blob 335 that is generated utilizing the same seed value 105 and this blob 335 is identified as its related blob 335. In an embodiment where a second blob 345 is generated the digested seed value 325 is associated with the second blob 345 that is generated utilizing the same seed value 105 and this second blob 345 is identified as its related second blob 345”).
Therefore, it would have been obvious to a person having ordinary skill in the art, before the effective filling date of the claimed invention, to combine the teaching of Thom into the modified computer-readable medium of Dillaway to include wherein the parameter entropy comprises at least one attribute associated with at least one cryptographic value because it will protect the data from unauthorized attackers (Thom: para[0019]).
Regarding claim 9, Dillaway in view of Ionescu and in view of Nordstrom teaches the dependent claim 7. 
Dillaway in view of Ionescu, and in view of Nordstrom  does not explicitly wherein executing the API logic using the at least one cryptographic parameter comprises executing the API logic using the cryptographic value stored within the transformed BLOB.
In an analogous art, Thom teaches wherein executing the API logic using the at least one cryptographic parameter comprises executing the API logic using the cryptographic value stored within the transformed BLOB (Thom: para[0080], “In an embodiment the data cache 350 is searched with the digested seed value 325 and if a match is found, e.g., match 720, the related stored key blob 356 is retrieved, and thus the related key blob 335 is retrieved, or otherwise identified. In an embodiment as only one key, e.g., the private key 114, is utilized to decrypt encrypted data 710, the second key blob 345 is not retrieved from the cache 350 when encrypted data 710 is to be decrypted.”).
Therefore, it would have been obvious to a person having ordinary skill in the art, before the effective filling date of the claimed invention, to combine the teaching of Thom into the modified computer-readable medium of Dillaway to include wherein executing the API logic using the at least one cryptographic parameter comprises executing the API logic using the cryptographic value stored within the transformed BLOB because it will protect the data from unauthorized attackers (Thom: para[0019]).
Regarding claim 14, claim 14 is rejected under the same rational as claim 5.
Regarding claim 18, claim 18 is rejected under the same rational as claim 9.
Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure:
 WO 2011151734 A2, by Bruton R.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to LYDIA L NOEL whose telephone number is (571)272-1628. The examiner can normally be reached Monday - Friday 9:00 - 5:00.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Kristine Kincaid can be reached on 571-272-4063. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.



/L.L.N./Examiner, Art Unit 2437     
/NELSON S. GIDDINS/Primary Examiner, Art Unit 2437