Notice of Pre-AIA  or AIA  Status
1.	The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Election/Restrictions
2.    NO restrictions warranted at initial time of filing for patent.

Priority
3.    Applicant claims domestic priority under 35 USC 119e to provisional application filed on 02/27/2017.
/Information Disclosure Statement
4.    The information disclosure statement (IDS) submitted on 02/14/2021 and 11/04/201, the submission is in compliance with the provisions of 37 CFR 1.97. Accordingly, the information disclosure statement is being considered by the examiner.

Oath/Declaration
5.    Applicant’s Oath was filed on 01/25/2021.

Drawings
6.    Applicant’s drawings filed on 01/25/2021 has been inspected and is in compliance with MPEP 608.01.
Specification
7.    Applicant’s specification filed on 01/25/2021 has been inspected and is in compliance with MPEP 608.02.
Claim Objections
8.    NO objections warranted at initial time of filing for patent.

Remarks
9.	Examiner request Applicant review relevant prior art under the conclusion of this office action.

Terminal Disclaimer
10.	The terminal disclaimer filed on 05/04/2022 disclaiming the terminal portion of any patent granted on this application which would extend beyond the expiration date of  patent No. 10,742,408 and 10,903,994 has been reviewed and is accepted.  The terminal disclaimer has been recorded.

Reasons for Allowance
11.	Claims 1-20 including all of the limitations of the base claim and any intervening claims are allowed.

Closest Prior Art:
U.S. Patent No. 8,670,564 discloses on Figs. 1 and Fig. 1, Col. 7 Lines 43-55 "In this regard, the encryption logic 25 (within a sender device) requests four randomly generated numbers from the random number generator 52, which provides the logic 25 with the base numbers, P, G, and C, as well as the sender's private number P.sub.s, which is private to the encryption logic 25. In addition, the decryption logic 28 (within the receiver device) requests a randomly generated number from the random number generator 72, which provides the logic 28 with P.sub.r, which is private to the decryption logic 28. As indicated by block 114, the base numbers. P, G, and C, are exchanged. In this regard, the encryption logic 25 transmits P, G, and C to the recipient apparatus 15, and the decryption logic 28 stores P, G, and C in memory 35." Col. 8 Lines 23- 26 “The encryption logic 25 further calculates v.sub.2 based on Equation 3 and the known values of K, M, and S, as indicated by block 144. After encrypting the data 14 with K and using K to calculate v.sub.1 and v.sub.2. the encryption logic 25deletes K. as indicated by block 147. Thus, at this point, K no longer exists within thesystem 10,”Col. 8 Lines 36-42 “Then, the decryption logic 28 calculates M and K based on Equations 2 and 3 and the known values of v.sub.1, v.sub.2. S, and C. as_indicated by block 163. Having now calculated the key, K, the decryption logic 28 decrypts the data 14. as indicated by block 166. At this point, K is no longer needed, and the logic 28 deletes K, as indicated by block 169.” Though the sender and receiver devices are not the same, they both contain logic which must use variables to calculate a key and once the key is encrypted or decrypted, the key is deleted.

U.S. Publication No.20130275744 discloses on Fig. 42 and paragraph 0274 “The DST client module 34 includes an encoding module, a sub-set partitioning module, two chunk set grouping modules, two outputting modules, a task partitioning module, a key generator 386, and a plurality of encryptor modules” This is an example of a single device having a plurality of encryptor modules executed by a microprocessors (paragraph 0107, the DST has a plurality of microprocessors). Also, the DST client contains a key generator module on paragraph 0281.

U.S. Publication No. 20160306585 discloses on Fig. 1, paragraph 0026 “FIG. 1 is a block diagram illustrating an implementation of a content transfer system 100, in accordance with some embodiments. The content transfer system 100 includes a communications network 160 and a plurality of client-servers, including a first client- server 110 and a second client-server 130.” Each client server has an encryption and decryption module and a key generator. Paragraph 0058 “In some embodiments, operation 404, 406 or 408 includes generating a key for the selected data, for example using key generator 115 (FIG. 1). or accessing a key for the selected_data previously generated using a key generator such as key generator 115, and encrypting the selected data using that key.” Paragraph 0060 “Next, the content transfer system erases (414) at least the corresponding key for the selected data from NVM A. More generally, after the corresponding data is read from the first non-volatile storage medium to the first volatile memory, or after the corresponding data is transmitted to the second volatile memory B, the content transfer system erases at least a portion of the selected data (e.g., the corresponding key for the selected data) from the first non-volatile storage medium.”

U.S. Publication No. 20100313024 discloses on paragraph 0361 “Please note that | denotes a concatenation of the binding key Kom and the sequence number seqno in the binding update received/sent by the mobile node. First (x, . . .) is a function extracting the first x bits from the result of the hash function SFIA1 applied to the a concatenation of the binding key Kbm and the sequence number segno. Please note that the binding key used in this function could be for example the home keygentoken obtained from the home test of the return mutability procedure, any other or combination of cryptographic information obtained from a return mutability procedure including a home test. In one embodiment of the invention, the binding key Kbm is calculated as defined in IETF RFC 3755 mentioned previously herein.” This is just an algorithm using keygen data and a token to obtain a key.

U.S. Publication No. 20150188893 discloses on paragraph 0022 “As illustrated in the example of FIG. 5, during unexposed mode(s), the SCIT server may process data being transported between internal and external networks. If there is outgoing data 510 in the data storage 572, a SCIT server 560 may retrieve the outgoing data 510 from the data storage 572, retrieve an encryption key 582 from a key server 580; generate encrypted outgoing data 512 by encrypting the outgoing data 510 with the encryption key 582; delete the encryption key 582; and delete the outgoing data 510 from the data storage 572. Similarly, if there is encrypted incoming data 522 in incoming data storage 574, a SCIT server 560 may: retrieve encrypted incoming data 522 from the incoming data storage 574; retrieve a decryption key 584 from key server 580; generate incoming data 520 by decrypting the encrypted incoming data 522 with the decryption key 584; delete the decryption key 584; and delete the encrypted incoming data 522. The incoming data 520 may be stored in the incoming data storage 574.”

U.S. Publication No. 20140082376 discloses on paragraph 0039 “The user device running the RamCloud client receives the file containing the encrypted data from the server device in block 352. The RamCloud client generates a decryption key based on a user key and a dynamic variable in block 354. The user key is obtained from the server device. The dynamic variable is based on one or more characteristics of the file. The encrypted data is decrypted using the decryption key in block 356, and the decrypted data is decompressed in block 358. The decryption key is destroyed after itis used. Additional functionality will be described below in reference to the Server SDK functions.

U.S. Publication No. 20100011431 discloses on paragraph 0053 “In some embodiments, controlled access module 310 can receive requests, send tokens, receive tokens, and provide access to controlled data using more or fewer modules. For example, a controlled-access server can include a single module configured to function as both a token module and a data access module. In other embodiments, a controlled-access server can include additional modules such as, for example, cryptographic modules capable of encrypting and/or decrypting data; database modules capable of storing and/or accessing data in one or more databases; web server modules capable of providing access by, for example, web browsers over the Internet to resources provided by the controlled-access server; and/or authentication modules capable of providing authentication for partner applications and/or other parties attempting to interface with the controlled-access server. Such modules can be implemented as software or in hardware such as, for example, ASICs.”

The following is an Examiner’s Statement of Reasons for Allowance:
Claims 1-20 are allowable over prior art references taken individually or in combination fails to particularly disclose, fairly suggests or render obvious are argued by the applicant which examiner considers persuasive as set forth above. 
Although the prior art discloses cryptographic modules encrypting documents, using a key generator and deleting an encryption key, no one or two references anticipates or obviously suggest receive a document for encryption, receive a token and perform a walk through an entropy space, which is a large set of random bits, to fetch a string of bits, the walk through and the fetched string of bits depending on the token.
Generate a secret key for encrypting the document based on the fetched string of bits, thereby generating an encrypted document and destroy the secret key upon encrypting the document.
Furthermore, transmitting the encrypted document and the token to another one of the plurality of cryptographic modules over the communication network, for decryption and at said another one of the plurality of cryptographic modules, the computer readable instructions causing the at least one microprocessor to receive the token and perform the walk through the entropy space to fetch the string of bits and generate the secret key for decrypting the encrypted document based on the fetched string of bits in order thereby avoiding storing or communicating the secret key.

 Any comments considered necessary by applicant must be submitted no later than the payment of the issue fee and, to avoid processing delays, should preferably accompany the issue fee.  Such submissions should be clearly labeled “Comments on Statement of Reasons for Allowance.”

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to GARY S GRACIA whose telephone number is (571)270-5192. The examiner can normally be reached Monday-Friday 9am-6pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Ashok Patel can be reached on 5712723972. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/GARY S GRACIA/Primary Examiner, Art Unit 2499