DETAILED ACTION


Continued Examination under 37 CFR 1.114
1. 	The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection. Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114. Applicant's submission filed on March. 31, 2022 has been entered. 
Claims 1, and 10 are amended. Claims 8-9 and 17-18 are canceled. New claims 19-22 are added. Therefore, claims 1-7, 10-16, and 19-22 are presented for examination. Now claims 1-7, 10-16, and 19-22 are pending.

Notice of Pre-AIA  or AIA  Status
2.	The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.

Response to Applicant Arguments
3.	Applicant’s arguments are not persuasive for the following reasons:
	a) the newly added limitations of claims 1 and 10 are limitations of canceled claims 9 and 18 respectively and the added limitation “executing the cryptographic operation on the data using the decrypted data encryption key”. Therefore, the rejection of the claims is modified accordingly.
	b) As per applicant’s remarks (page 7 and first paragraph of page 8 on independent claims) that Amiri paragraph 0023 and 0067 disclose the decryption data encryption key is from a “remote entity”, Examiner respectfully disagrees. Examiner refers applicant to paragraph 0027, lines 15-17 of applicant’s specification which defines “remote” as “ Note that external in this case does not necessarily imply that the remote entity 170 is geographically remote from the remote system 112, but instead is remote in that is separate hardware not under the control of the remote system 112” (emphasize added by Examiner). Therefore, Amiri paragraph 0027 does disclose the limitations in dispute based on broader interpretation of the claim considering applicant’s specification since Amiri paragraph 0027 do not disclose remote as being “geographically remote” but remote from another hardware within a system under different control. Examiner would reconsider if applicant’s claim limitation clearly discloses the remote system is geographically remote as some other applicant’s embodiment disclose or at least is remote from the system of receiving and transmitting system that uses the decryption data encryption key.
	c) As per Applicant’s remarks (page 8) that Amiri paragraph 0023 does not disclose “verifying that the received decrypted data encrypted key is unmodified during transmit from the remote entity” (emphasize added by Examiner), Examiner respectfully disagrees. Examiner interpreted “unmodified during transmit” as successful cryptographic operation using the data encrypted key. In other word if cryptographic operation is successful using the data encrypted key, then that is the proof and verification that the key is not modified during receiving or transmission, otherwise cryptographic operation not possible using a modified key. It is based on this interpretation that the limitation was rejected by Amiri FIG. 4B item 440,416 along with paragraph 0023. Examiner further needs to only show the key is used for encryption or decryption and that by itself shows key is not modified. Something Amiri citations discloses. Furthermore, examiner could not find in applicant’s specification support for the limitation “verifying that the received decrypted data encrypted key is unmodified during transmit from the remote entity” contrary to examiner interpretation of the applicant’s specification.
Applicant refers to following MPEP citations when responding to the office action:
¶ 7.37.11    Unpersuasive Argument: General Allegation of Patentability
Applicant’s arguments fail to comply with 37 CFR 1.111(b) because they amount to a general allegation that the claims define a patentable invention without specifically pointing out how the language of the claims patentably distinguishes them from the references.
¶ 7.37.12    Unpersuasive Argument: Novelty Not Clearly Pointed Out
Applicant’s arguments do not comply with 37 CFR 1.111(c) because they do not clearly point out the patentable novelty which he or she thinks the claims present in view of the state of the art disclosed by the references cited or the objections made. Further, they do not show how the amendments avoid such references or objections.
¶ 7.37.13    Unpersuasive Argument: Arguing Against References Individually
In response to applicant’s arguments against the references individually, one cannot show nonobviousness by attacking references individually where the rejections are based on combinations of references. See In re Keller, 642 F.2d 413, 208 USPQ 871 (CCPA 1981); In re Merck & Co., 800 F.2d 1091, 231 USPQ 375 (Fed. Cir. 1986).
4.	Applicant’s arguments regarding the rejection of the claims 5, 6, 14 and 15 (applicant’s remarks on page 9) are persuasive. Therefore, the rejection of claims 5-6, 14 and 15 are withdrawn (see allowable subject matter below).

Claim Rejections - 35 USC § 103
5.	In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
6.	The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains.  Patentability shall not be negated by the manner in which the invention was made.


7.	The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459 (1966), that are applied for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.
8.	This application currently names joint inventors. In considering patentability of the claims the examiner presumes that the subject matter of the various claims was commonly owned as of the effective filing date of the claimed invention(s) absent any evidence to the contrary.  Applicant is advised of the obligation under 37 CFR 1.56 to point out the inventor and effective filing dates of each claim that was not commonly owned as of the effective filing date of the later invention in order for the examiner to consider the applicability of 35 U.S.C. 102(b)(2)(C) for any potential 35 U.S.C. 102(a)(2) prior art against the later invention.
9.	Claims 1-4, 7, 10-13, 16, and 19-22 are rejected under 35 U.S.C. 103 as being unpatentable over Amiri et al. U.S. 2016/0065363 hereinafter “Amiri” Published Mar. 3, 2016 in view of Ng U.S. 8,307,209 hereinafter “Ng” published Nov. 6, 2012.

Regarding claim 1, Amiri teaches: A method (Amiri, see abstract) comprising:
receiving, at data processing hardware, an operation request requesting a cryptographic operation on data, the cryptographic operation comprising an encryption operation or a decryption operation (Amiri, see FIG. 4A

    PNG
    media_image1.png
    200
    400
    media_image1.png
    Greyscale
   item 401 that is received by cloud platform (at data processing hardware) to operate cryptographic operation, see also FIG. 4B, item 431);
transmitting, by the data processing hardware, a data encryption key to a remote entity (Amiri, see Figure 4A along with ¶ [0057],

    PNG
    media_image2.png
    200
    400
    media_image2.png
    Greyscale

 “The key service engine 416 next generates a remote key request 405 and sends the request to the HSM I/F engine 418. The HSM I/F engine 418 initiates a secure key request 406 which includes at least some of the audit log information. As shown in the example of FIG. 4A, the secure key request 406 includes the encrypted encryption key, the generated reason code, and/or identified or generated metadata associated with the content request 401”),
the data encryption key when received by the remote entity causing the remote entity to: encrypt the data encryption key with a key encryption key, the key encryption key unavailable to the data processing hardware (Amiri, see FIG. 4A along with ¶ [0059], “When the HSM 420 receives the secure key request 406, the HSM 420 selects a remote KEK and uses the remote KEK to encrypt the encrypted encryption key resulting in a twice encrypted key 408. … the remote KEK and/or the twice encrypted key can be stored the HSM 420”);
and transmit the encrypted data encryption key to the data processing hardware (Amiri, see FIG. 4A along with ¶ [0059], “The HSM 420 can then respond to the secure key request 406 with a secure key response 407. As illustrated, the secure key response 407 can include the twice encrypted key and the remote KEK.”);
and when the cryptographic operation comprises a decryption operation (Amiri, see FIG. 4B item 431, Content Request 431),
transmitting, by the data processing hardware, the encrypted data encryption key to the remote entity (Amiri, see FIG. 4B along with ¶ [0065] “The HSM I/F engine 418 initiates a secure key request 437 which includes at least some of the audit log information. As shown in the example of FIG. 4B, the secure key request 437 includes the twice encrypted encryption key”), 
the encrypted data encryption key when received by the remote entity causing the remote entity to: decrypt the encrypted data encryption key with the key encryption key (Amiri, see FIG. 4B along with ¶ [0067] “When the HSM 420 receives the secure key request 437, the HSM 420 decrypts the twice encrypted key using the remote KEK … The key service engine 416 receives the once encrypted key and decrypts the once encrypted key using the local KEK resulting in the encryption key 441. The key service engine 416 then provides the encryption key 441 to the content encryption/decryption engine 414 to decrypt the encrypted data item 443 resulting in the data item 445”); 
and transmit the decrypted data encryption key to the data processing hardware (Amiri, see FIG. 4B along with ¶ [0067] “The key service engine 416 receives the once encrypted key and decrypts the once encrypted key using the local KEK resulting in the encryption key 441. The key service engine 416 then provides the encryption key 441 to the content encryption/decryption engine 414 to decrypt the encrypted data item 443 resulting in the data item 445”); 
receiving, by the data processing hardware, the decrypted data encryption key from the remote entity; and authenticating, by the data processing hardware, that the decrypted data encryption key is from the remote entity (Amiri see FIG. 4B item 440, 416 along with ¶ [0023], “the HSM can provide the client-side control and configurability through the use of a rule engine that can process a generated access reason to determine whether or not to encrypt or decrypt ( or request encryption or decryption of) a corresponding encryption key based, at least in part, on a set of pre-defined client-configurable rules”); 
verifying, by the data processing hardware, that the received decrypted data encryption key is unmodified during a transit from the remote entity to the data processing hardware (Amiri see FIG. 4B item 440, 416 along with ¶ [0023], “the HSM can provide the client-side control and configurability through the use of a rule engine that can process a generated access reason to determine whether or not to encrypt or decrypt ( or request encryption or decryption of) a corresponding encryption key based, at least in part, on a set of pre-defined client-configurable rules”);
executing the cryptographic operation on the data using the decrypted data encryption key (Amiri see ¶ [0067], “When the HSM 420 receives the secure key request 437, the HSM 420 decrypts the twice encrypted key using the remote KEK and provides the once encrypted key 439 back to the HSM I/F Engine 418 which parses the response and passes a remote key response 440 on to the key service engine 416. The key service engine 416 receives the once encrypted key and decrypts the once encrypted key using the local KEK resulting in the encryption key 441. The key service engine 416 then provides the encryption key 441 to the content encryption/decryption engine 414 to decrypt the encrypted data item 443 resulting in the data item 445”).
Amiri does not explicitly discloses discarding, by the data processing hardware, the decrypted data encryption key after executing the cryptographic operation 
However Ng discloses discarding, by the data processing hardware, the decrypted data encryption key after such operation (Ng, see claim 7).
Therefore, it would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to modify the invention of Amiri with the teaching of Ng because the use of Ng’s idea (Ng, abstract) could provide Amiri (Amiri, abstract) the ability to perform authentication in a secure manner by removing the decryption key or updating it in order to safeguard the data” (Ng, claim 7).

Regarding claim 2, Amiri and Ng teaches all the limitations of claim 1. Amiri further teaches: further comprising decrypting, by the data processing hardware, the data encryption key received from the remote entity with an inner encryption key, the inner encryption key unavailable to the remote entity (Amiri, see FIG. 4B along with ¶ [0067] “When the HSM 420 receives the secure key request 437, the HSM 420 decrypts the twice encrypted key using the remote KEK and provides the once encrypted key 439 back to the HSM I/F Engine 418 which parses the response and passes a remote key response 440 on to the key service engine 416. The key service engine 416 receives the once encrypted key and decrypts the once encrypted key using the local KEK resulting in the encryption key 441”).

Regarding claim 3, Amiri and Ng teaches all the limitations of claim 1. Amiri further teaches: further comprising transmitting, by the data processing hardware, an authentication request based on an identity of a client associated with the key encryption key to the remote entity, the authentication request when received by the remote entity causing the remote entity to authenticate the identity (Amiri, see FIG. 4B along with ¶ [0066] “the key service engine 416 and/or the HSM 420 can include a configurable rules processing engine that processes the remote key request including the twice encrypted encryption key, the generated reason code, identified or generated metadata associated with the content request, and/or the remote KEK. The remote key service engine 420 processes the reason code and/or the metadata to determine whether to accept or reject the request based on one or more pre-configured rules. As discussed above, rules can be generated to reject requests with particular reason codes, reject requests from particular IP addresses, reject particular users based on user ID, etc. The contents of an example key service engine 416 are shown and discussed in greater detail with reference to FIG. 5”).

Regarding claim 4, Amiri and Ng teaches all the limitations of claim 3. Amiri further teaches: wherein the remote entity authenticating the identity comprises applying an authorization policy to the authentication request, the authorization policy comprising permit criteria (Amiri discloses key service or HSM can include configurable rule to remote key request that reads on applicant’s limitations but first see ¶ [0045] that discloses the device authentication, see FIG. 4B along with ¶ [0066] “the key service engine 416 and/or the HSM 420 can include a configurable rules processing engine that processes the remote key request including the twice encrypted encryption key, the generated reason code, identified or generated metadata associated with the content request, and/or the remote KEK. The remote key service engine 420 processes the reason code and/or the metadata to determine whether to accept or reject the request based on one or more pre-configured rules. As discussed above, rules can be generated to reject requests with particular reason codes, reject requests from particular IP addresses, reject particular users based on user ID, etc. The contents of an example key service engine 416 are shown and discussed in greater detail with reference to FIG. 5”).

Regarding claim 7, Amiri and Ng teaches all the limitations of claim 1. Amiri further teaches: wherein the data processing hardware comprises a distributed system supporting a plurality of independent clients (Amiri see ¶ [0050], “a collaboration environment (e.g., a cloud-based collaboration environment) can be accessed by users (e.g., users 316, 318, and 320) via multiple different devices”).

Regarding claim 10, this claim defines a system claim that corresponds to method claim 1 and does not define beyond limitations of claim 1. Therefore, claim 10 is rejected with the same rational as in the rejection of claim 1. Furthermore, Amiri in ¶ [0115] discloses processor that execute instruction in various memory and storage devices, also see system claim 11 of Amiri.

Regarding claim 11, this claim defines a system claim that corresponds to method claim 2 and does not define beyond limitations of claim 2. Therefore, claim 11 is rejected with the same rational as in the rejection of claim 2. Furthermore, Amiri in ¶ [0115] discloses processor that execute instruction in various memory and storage devices.

Regarding claim 12, this claim defines a system claim that corresponds to method claim 3 and does not define beyond limitations of claim 3. Therefore, claim 12 is rejected with the same rational as in the rejection of claim 3. Furthermore, Amiri in ¶ [0115] discloses processor that execute instruction in various memory and storage devices.

Regarding claim 13, this claim defines a system claim that corresponds to method claim 4 and does not define beyond limitations of claim 4. Therefore, claim 13 is rejected with the same rational as in the rejection of claim 4. Furthermore, Amiri in ¶ [0115] discloses processor that execute instruction in various memory and storage devices.

Regarding claim 16, this claim defines a system claim that corresponds to method claim 7 and does not define beyond limitations of claim 7. Therefore, claim 16 is rejected with the same rational as in the rejection of claim 7. Furthermore, Amiri in ¶ [0115] discloses processor that execute instruction in various memory and storage devices.

Regarding claim 19, Amiri and Ng teaches all the limitations of claim 1. Amiri further disclose Providing, by the data processing hardware, an authentication result to a client associated with the operation request requesting the cryptographic operation (Amiri see FIG. 3, 4A-B).

Regarding claim 20, Amiri teaches all the limitations of claim 1. Ng further disclose wherein the data processing hardware does not maintain the decrypted key in memory hardware (Ng, see claim 7).
Therefore, it would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to modify the invention of Amiri with the teaching of Ng because the use of Ng’s idea (Ng, abstract) could provide Amiri (Amiri, abstract) the ability to perform authentication in a secure manner by removing the decryption key or updating it in order to safeguard the data” (Ng, claim 7).

Regarding claim 21, this claim defines a system claim that corresponds to method claim 19 and does not define beyond limitations of claim 19. Therefore, claim 21 is rejected with the same rational as in the rejection of claim 19. Furthermore, Amiri in ¶ [0115] discloses processor that execute instruction in various memory and storage devices.

Regarding claim 22, this claim defines a system claim that corresponds to method claim 20 and does not define beyond limitations of claim 20. Therefore, claim 22 is rejected with the same rational as in the rejection of claim 20. Furthermore, Amiri in ¶ [0115] discloses processor that execute instruction in various memory and storage devices.

Allowable Subject Matter
10.	Claims 5-6, 14 and 15 are objected as having allowable subject matter and would be allowable if it incorporates the base claim limitations they depend on and all limitations of the intervening claims. Reason for allowance will be furnished upon allowance of the application if it improves the clarity of the record.

Examiner note:
11.	In the case of amending the Claimed invention, Applicant is respectfully requested to indicate the portion(s) of the specification which dictate(s) the structure relied on for proper interpretation and also to verify and ascertain the metes and bounds of the claimed invention. This will assist in expediting compact prosecution.  MPEP 714.02 recites: “Applicant should also specifically point out the support for any amendments made to the disclosure. See MPEP § 2163.06. An amendment which does not comply with the provisions of 37 CFR 1.121(b), (c), (d), and (h) may be held not fully responsive. See MPEP § 714.”  Amendments not pointing to specific support in the disclosure may be deemed as not complying with provisions of 37 C.F.R.  1.131(b), (c), (d), and (h) and therefore held not fully responsive.  Generic statements such as “Applicants believe no new matter has been introduced” may be deemed insufficient.

Conclusion
12.	The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.
Darcy et al. US 2012/0078946 A1 discloses methods and systems for monitoring files in cloud-based networks.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to KHALIL NAGHDALI whose telephone number is (571) 272-9884. The examiner can normally be reached on M-F 8 AM-5 PM.
If attempts to reach the examiner by telephone are unsuccessful, the examiner's supervisor, KRISTINE L KINCAID can be reached on (571) 272-4063. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system. Status information for published applications may be obtained from either Private PAIR or Public PAIR. Status information for unpublished applications is available through Private PAIR only. For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272- 1000.
/KHALIL NAGHDALI/            Primary Examiner, Art Unit 2437