DETAILED ACTION
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
The Amendment filed 01/13/2022 has been received and considered.
Claims 1 and 3-13 are pending.
This action is Final.
Response to Arguments
2.	Applicant's arguments filed 01/13/2022 have been fully considered but they are not persuasive. Applicant argues that regarding independent claims 1 and 7, Levy in view of Sitrick fails to teach “decrypting the file of the encrypted application by using the encryption module to obtain a decrypted application, wherein the decrypted application comprises a decryption algorithm corresponding to the encrypted control data” and “decrypting the encrypted control data according to the decrypted application.”
	With respect to this argument, as disclosed below, Levy in paragraph [0104] discloses decrypting with the access control and encryption module the selected file of the container application associated with the user. In paragraph [0119], Levy discloses a closed definition of a set of processes bound to a list of files within each application container. Therefore, the claimed decryption algorithm corresponding to the encrypted control data can be obtained by the application container policy. Sitrick in paragraph [0100] discloses selectively providing the decrypted content (control data) for executing as an application program according to a permission usage rights. In paragraph [0118], Sitrick discloses execution of the decrypted original content as an application program with an associated usage rights ticket.
	Applicant further argues that the combination of Levy and Sitrick is reasonably unexpected by one of ordinary skill in the art. 
	With respect to this argument, Levy teaches access control encryption for a file system. As disclosed in paragraphs [0053]-[0059], a resource management module hosts a virtual file system and manages direct access to sensitive data within a storage container. An application container policy and encryption are used order to protect the integrity of the data. Sitrick teaches a secured system for access to protected electronic data files in accordance with usage rights. As disclosed in paragraph [0067]-[0070], data files are encrypted and access to the content is selectively controlled or allowed for a respective user or device.  The encrypted content is made selectively available and only utilizable on the recipient device utilizing the respective application software program running on the respective computer. The encrypted content is selectively usable only by the specific computer that generated the Appliance ID that was provided to the production subsystem, and that was utilized by the production subsystem to encrypt the respective production key. Therefore, both Levy and Sitrick teach protection of sensitive data files using a policy or usage rights pertaining to the encrypted files. One of ordinary skill in the art would have a good reason to combine these references with the motivation for specific application or appliance level protection of content.
Therefore, Levy in view of Sitrick teaches the claimed limitations of amended claims 1 and 7 and thereby the dependent claims. 

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.



3.	Claims 1 and 3-13 are rejected under 35 U.S.C. 103 as being unpatentable over US Pub No. US 2017/0249472 A1 to Levy, (hereinafter, “Levy”) in view of US Pub. No. US 2008/0092239 A1 to Sitrick, (hereinafter, “Sitrick”).
As per claims 1 and 13, Levy teaches a data decryption method and an electronic device, respectively, comprising: at least one processor; and a memory communicatively connected to the at least one processor, wherein the memory stores an instruction executable by the at least one processor, and the instruction is executed by the at least one processor, so that the at least one processor performs the method (Levy, para. 0009] “a storage container is implemented on one or more physical or virtual memory devices/data sources. A resource management module manages one or more storage containers as well as other resources such as processing devices and peripheral devices.”), wherein the method comprises: 
obtaining, by a control module, a file of an encrypted application and encrypted control data (Levy, para. [0075] “the access control and encryption module 115 not only encrypts the individual files with unique file encryption keys 171, but also encrypts the file encryption keys 171. Thus, in one embodiment, the file encryption keys 171 are themselves encrypted. The encrypted file encryption keys 171 can only be decrypted for an authorized user.” And para. [0080] “At block 206, the access control and encryption module 115 communicates with the gateway module 114 to call for the selected file, according to one embodiment.”); 
sending the obtained file of the encrypted application to an encryption module (Levy, para. [0084] “the access control and encryption module receives the selected file from the gateway module 114”); and
 decrypting the encrypted control data by using the encryption module to obtain decrypted control data (Levy, para. [0085] “the access control and encryption module 115 decrypts the selected file, according to one embodiment. From block 216, the process proceeds to block 218.” And para. [0086] “the access control and encryption module 115 outputs the selected file”).
wherein the encrypted control data is decrypted by: decrypting the file of the encrypted application by using the encryption module to obtain a decrypted application (Levy, [0104] “at DECRYPT, WITH THE ACCESS CONTROL AND ENCRYPTION MODULE, THE SELECTED FILE IF THE SELECTED FILE IS LISTED IN THE CONTAINER APPLICATION ASSOCIATED WITH THE USER 318 the process 300 for providing access control and enhanced encryption for a file system decrypts, with the access control and encryption module, the selected file if the selected file is listed in the container application associated with the user.”); and 
decrypting the encrypted control data according to the decrypted application (Levy, [0119] “the application containers are the main entity of the policy. Each application container contains a closed definition of a set of processes bound to a list of files. On top of that, it also defines a set of rules to be able to deny access to a root user. The application container include an App id, a description, Xids, files, and deny rules. The App_id is a string representing the ID of the application container. The description is an optional short string describing the application container. The Xids are a list of processes that are allowed by this application container.”).
Levy teaches all the limitations of claims 1 and 13 above, however fails to explicitly teach but Sitrick teaches:
to obtain decrypted control data (Sitrick, para. [0096] “FIG. 20 is a flow chart and state flow diagram illustrating the selection of authorized utilization, for selectively providing for one of printing, exporting, or viewing, or executing as an application program, of at least a portion of the decrypted content, either in accordance with predetermined default usage rights, or in accordance with a permission usage rights ticket”)
wherein the decrypted application comprises a decryption algorithm corresponding to the encrypted control data (Sitrick, para. [0100] “FIG. 24 is a flow chart and state flow diagram illustrating the control of selective usage within the recipient device of decrypted content responsive to a decrypted ticket as provided from within the recipient device, (see, for example, FIG. 23), to selectively provide for one of regulated usage of exporting, printing, executing of a file as an application program, or of viewing of a video presentation, for at least a portion of (or all of) the decrypted content and optionally for a defined number of usages, responsive to the usage rights permitted by the decrypted ticket, and also illustrates the process of storing control data with the encrypted ticket in the recipient device, for setting a defined number of usages permitted (e.g., to be printed or copied or exported or an application program executed” and para. [0118] “Execution of the decrypted original content (or a part thereof) as an application program running on the recipient device, where there is an associated usage rights ticket, the uses and usage of the application program are regulated and defined as per the permissions of the associated ticket.”).
Therefore, it would have been obvious to one of the ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Sitrick’s system for secure distribution of selected content into Levy’s access-control file system, with a motivation for secured communication or distribution of data files to be protected (Sitrick, para. [0005]). 
As per claim 3, the combination of Levy and Sitrick teach the method according to claim 1, wherein the decrypting the encrypted control data according to the decrypted application comprises: 
sending, by the control module, the obtained encrypted control data to the encryption module; and running the decrypted application by using the encryption module, to decrypt the encrypted control data (Sitrick, para. [0100] “FIG. 24 is a flow chart and state flow diagram illustrating the control of selective usage within the recipient device of decrypted content responsive to a decrypted ticket as provided from within the recipient device, (see, for example, FIG. 23), to selectively provide for one of regulated usage of exporting, printing, executing of a file as an application program, or of viewing of a video presentation, for at least a portion of (or all of) the decrypted content and optionally for a defined number of usages, responsive to the usage rights permitted by the decrypted ticket, and also illustrates the process of storing control data with the encrypted ticket in the recipient device, for setting a defined number of usages permitted (e.g., to be printed or copied or exported or an application program executed” and para. [0118] “Execution of the decrypted original content (or a part thereof) as an application program running on the recipient device, where there is an associated usage rights ticket, the uses and usage of the application program are regulated and defined as per the permissions of the associated ticket.”).
Therefore, it would have been obvious to one of the ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Sitrick’s system for secure distribution of selected content into Levy’s access-control file system, with a motivation for secured communication or distribution of data files to be protected (Sitrick, para. [0005]). 

As per claim 4, the combination of Levy and Sitrick teach the method according to claim 3, wherein the obtaining decrypted control data comprises: receiving, by the control module, the decrypted control data sent by the encryption module (Sitrick, para. [0101] “FIG. 25 shows an alternate embodiment, showing a flow chart, state flow, and data flow diagrams, illustrating processing in the recipient device of decrypted original content which original content is itself representative of a ticket defining usage rights for an associated data file, where the recipient device is responsive to a usage request for use of the respective associated data file, and regulates the usage on the recipient device of the associated data file as restricted to the defined usage rights for permitted usage as is granted by the permissions of the ticket of the original content, to provide for regulated permitted usage of the associated data file by the recipient device, such as printing, viewing, exporting, saving, or execution of an application program, represented by the associated data file”).
Therefore, it would have been obvious to one of the ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Sitrick’s system for secure distribution of selected content into Levy’s access-control file system, with a motivation for secured communication or distribution of data files to be protected (Sitrick, para. [0005]). 
As per claim 5, the combination of Levy and Sitrick teach the method according to claim 1, wherein the decrypting the encrypted control data according to the decrypted application comprises: running the decrypted application by using the encryption module to obtain a key corresponding to the control data; receiving, by the control module, the key sent by the encryption module; and decrypting, by the control module, the encrypted control data according to the key (Levy, para. [0169] “When an authorized user wishes to access a data entity from among the associated data entities 541, the access control and encryption module 515 decrypts the encrypted data entity encryption key 571 (or 544) in order to obtain the original unencrypted data entity encryption key. The data entity itself can then be decrypted.” And para. [0170] “the data access and encryption module decrypts the data entities on demand as a stream. Thus, the data access and encryption module 515 does not encrypt an entire data entity before outputting the data entity to a user. Instead, the data access and encryption module decrypts the data entity sequentially in segments outputs segments to the user as they are decrypted. According to an embodiment the segments can correspond to block or sectors of a storage container or other physical or virtual memory”).

As per claim 6, the combination of Levy and Sitrick teach the method according to claim 1, wherein the obtaining a file of an encrypted application and encrypted control data specifically comprises: 
obtaining, by the control module, the file of the encrypted application and the encrypted control data from a storage module, wherein the control module obtains, according to a current to-be-executed control function, a file of an encrypted application and encrypted control data corresponding to the control function (Levy, para. [0180] “The method includes providing a storage container, the storage container including data, providing a virtual file system, the virtual file system including a plurality of files, the files representing subsets of the data in the storage container, defining two or more application containers, each of the application containers including a list of processes mapped to a set of one or more files of the plurality of files in the virtual file system, for each application container, defining privileged user access rules, the privileged user access rules controlling access to the one or more files in that application container by privileged users, generating privileged user access rules data representing the defined privileged user access rules, and for each application container, assigning an application key specific to that application container. The method further includes, for each file associated with an application container, assigning a file encryption key specific to that file, for each file encryption key, generating file specific encryption key data representing respective file encryption keys, encrypting the file encryption key data for each file, for each application container, encrypting the data in each of the files of the virtual file system associated with that application container with the specific file encryption key data representing the file encryption key specific to that file.”)

As per claim 7, Levy teaches a data decryption method applied to an encryption module, wherein the method comprises: 
receiving, by the encryption module, a file of an encrypted application (Levy, para. [0075] “the access control and encryption module 115 not only encrypts the individual files with unique file encryption keys 171, but also encrypts the file encryption keys 171. Thus, in one embodiment, the file encryption keys 171 are themselves encrypted. The encrypted file encryption keys 171 can only be decrypted for an authorized user.” And para. [0080] “At block 206, the access control and encryption module 115 communicates with the gateway module 114 to call for the selected file, according to one embodiment.”); 
decrypting the file of the encrypted application to obtain and run a decrypted application (Levy, para. [0085] “the access control and encryption module 115 decrypts the selected file, according to one embodiment. From block 216, the process proceeds to block 218.” And para. [0086] “the access control and encryption module 115 outputs the selected file”); and 
wherein the encrypted control data is decrypted by: decrypting the file of the encrypted application by using the encryption module to obtain a decrypted application (Levy, [0104] “at DECRYPT, WITH THE ACCESS CONTROL AND ENCRYPTION MODULE, THE SELECTED FILE IF THE SELECTED FILE IS LISTED IN THE CONTAINER APPLICATION ASSOCIATED WITH THE USER 318 the process 300 for providing access control and enhanced encryption for a file system decrypts, with the access control and encryption module, the selected file if the selected file is listed in the container application associated with the user.”); and 
decrypting the encrypted control data according to the decrypted application (Levy, [0119] “the application containers are the main entity of the policy. Each application container contains a closed definition of a set of processes bound to a list of files. On top of that, it also defines a set of rules to be able to deny access to a root user. The application container include an App id, a description, Xids, files, and deny rules. The App_id is a string representing the ID of the application container. The description is an optional short string describing the application container. The Xids are a list of processes that are allowed by this application container.”).

Levy teaches all the limitations of claim 7 above, however fails to explicitly teach but Sitrick teaches:

decrypting encrypted control data according to the decrypted application to obtain decrypted control data (Sitrick, para. [0100] “FIG. 24 is a flow chart and state flow diagram illustrating the control of selective usage within the recipient device of decrypted content responsive to a decrypted ticket as provided from within the recipient device, (see, for example, FIG. 23), to selectively provide for one of regulated usage of exporting, printing, executing of a file as an application program, or of viewing of a video presentation, for at least a portion of (or all of) the decrypted content and optionally for a defined number of usages, responsive to the usage rights permitted by the decrypted ticket, and also illustrates the process of storing control data with the encrypted ticket in the recipient device, for setting a defined number of usages permitted (e.g., to be printed or copied or exported or an application program executed” and para. [0118] “Execution of the decrypted original content (or a part thereof) as an application program running on the recipient device, where there is an associated usage rights ticket, the uses and usage of the application program are regulated and defined as per the permissions of the associated ticket.”).
wherein the decrypted application comprises a decryption algorithm corresponding to the encrypted control data (Sitrick, para. [0100] “FIG. 24 is a flow chart and state flow diagram illustrating the control of selective usage within the recipient device of decrypted content responsive to a decrypted ticket as provided from within the recipient device, (see, for example, FIG. 23), to selectively provide for one of regulated usage of exporting, printing, executing of a file as an application program, or of viewing of a video presentation, for at least a portion of (or all of) the decrypted content and optionally for a defined number of usages, responsive to the usage rights permitted by the decrypted ticket, and also illustrates the process of storing control data with the encrypted ticket in the recipient device, for setting a defined number of usages permitted (e.g., to be printed or copied or exported or an application program executed” and para. [0118] “Execution of the decrypted original content (or a part thereof) as an application program running on the recipient device, where there is an associated usage rights ticket, the uses and usage of the application program are regulated and defined as per the permissions of the associated ticket.”).
Therefore, it would have been obvious to one of the ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Sitrick’s system for secure distribution of selected content into Levy’s access-control file system, with a motivation for secured communication or distribution of data files to be protected (Sitrick, para. [0005]). 
As per claim 8, the combination of Levy and Sitrick teach the method according to claim 7, wherein the decrypting encrypted control data according to the decrypted application to obtain decrypted control data comprises: 
receiving, by the encryption module, the encrypted control data from a control module; and decrypting the encrypted control data according to the decrypted application to obtain the decrypted control data (Sitrick, para. [0100] “FIG. 24 is a flow chart and state flow diagram illustrating the control of selective usage within the recipient device of decrypted content responsive to a decrypted ticket as provided from within the recipient device, (see, for example, FIG. 23), to selectively provide for one of regulated usage of exporting, printing, executing of a file as an application program, or of viewing of a video presentation, for at least a portion of (or all of) the decrypted content and optionally for a defined number of usages, responsive to the usage rights permitted by the decrypted ticket, and also illustrates the process of storing control data with the encrypted ticket in the recipient device, for setting a defined number of usages permitted (e.g., to be printed or copied or exported or an application program executed” and para. [0118] “Execution of the decrypted original content (or a part thereof) as an application program running on the recipient device, where there is an associated usage rights ticket, the uses and usage of the application program are regulated and defined as per the permissions of the associated ticket.”)
Therefore, it would have been obvious to one of the ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Sitrick’s system for secure distribution of selected content into Levy’s access-control file system, with a motivation for secured communication or distribution of data files to be protected (Sitrick, para. [0005]). 
As per claim 9, the combination of Levy and Sitrick teach the method according to claim 8, wherein after the encryption module obtains the decrypted control data, the method further comprises: sending the decrypted control data to the control module (Sitrick, para. [0101] “FIG. 25 shows an alternate embodiment, showing a flow chart, state flow, and data flow diagrams, illustrating processing in the recipient device of decrypted original content which original content is itself representative of a ticket defining usage rights for an associated data file, where the recipient device is responsive to a usage request for use of the respective associated data file, and regulates the usage on the recipient device of the associated data file as restricted to the defined usage rights for permitted usage as is granted by the permissions of the ticket of the original content, to provide for regulated permitted usage of the associated data file by the recipient device, such as printing, viewing, exporting, saving, or execution of an application program, represented by the associated data file”).
Therefore, it would have been obvious to one of the ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Sitrick’s system for secure distribution of selected content into Levy’s access-control file system, with a motivation for secured communication or distribution of data files to be protected (Sitrick, para. [0005]). 
As per claim 10, the combination of Levy and Sitrick teach the method according to claim 8, wherein the encrypted control data is read by the control module from a storage module and then sent to the encryption module (Levy, para. [0169] “When an authorized user wishes to access a data entity from among the associated data entities 541, the access control and encryption module 515 decrypts the encrypted data entity encryption key 571 (or 544) in order to obtain the original unencrypted data entity encryption key. The data entity itself can then be decrypted.” And para. [0170] “the data access and encryption module decrypts the data entities on demand as a stream. Thus, the data access and encryption module 515 does not encrypt an entire data entity before outputting the data entity to a user. Instead, the data access and encryption module decrypts the data entity sequentially in segments outputs segments to the user as they are decrypted…the segments can correspond to block or sectors of a storage container or other physical or virtual memory”).
As per claim 11, the combination of Levy and Sitrick teach the method according to claim 7, wherein the decrypting encrypted control data according to the decrypted application to obtain decrypted control data comprises: 
running the decrypted application to obtain a key; and sending the key to a control module, so that the control module decrypts the encrypted control data according to the key (Levy, para. [0169] “When an authorized user wishes to access a data entity from among the associated data entities 541, the access control and encryption module 515 decrypts the encrypted data entity encryption key 571 (or 544) in order to obtain the original unencrypted data entity encryption key. The data entity itself can then be decrypted.” And para. [0170] “the data access and encryption module decrypts the data entities on demand as a stream. Thus, the data access and encryption module 515 does not encrypt an entire data entity before outputting the data entity to a user. Instead, the data access and encryption module decrypts the data entity sequentially in segments outputs segments to the user as they are decrypted. According to an embodiment the segments can correspond to block or sectors of a storage container or other physical or virtual memory”).
As per claim 12, the combination of Levy and Sitrick teach the method according to claim 7, wherein the file of the encrypted application is read by the control module from the storage module and then sent to the encryption module (Levy, para. [0169] “When an authorized user wishes to access a data entity from among the associated data entities 541, the access control and encryption module 515 decrypts the encrypted data entity encryption key 571 (or 544) in order to obtain the original unencrypted data entity encryption key. The data entity itself can then be decrypted.” And para. [0170] “the data access and encryption module decrypts the data entities on demand as a stream. Thus, the data access and encryption module 515 does not encrypt an entire data entity before outputting the data entity to a user. Instead, the data access and encryption module decrypts the data entity sequentially in segments outputs segments to the user as they are decrypted. According to an embodiment the segments can correspond to block or sectors of a storage container or other physical or virtual memory”).
Conclusion
4.	The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. 
US 20140189340 A1 – Validation control data specifying a validation technique.
US 20130339750 A1 – Reducing encryption latency for encryption processing.
THIS ACTION IS MADE FINAL.  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action.  
Any inquiry concerning this communication or earlier communications from the examiner should be directed to ZOHA P TAFAGHODI whose telephone number is (571)272-5199.  The examiner can normally be reached on 9AM-5PM EST M-F.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s acting supervisor, Kristine Kincaid can be reached on (571) 272-4063. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/ZOHA PIYADEHGHIBI TAFAGHODI/Examiner, Art Unit 2437       

/KRISTINE L KINCAID/Supervisory Patent Examiner, Art Unit 2437