DETAILED ACTION

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .


Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.


The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.


Claims 1-20 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA  35 U.S.C. 112, the applicant), regards as the invention.

Claims 1, 8, 14 recite “…receiving, by a security component running on a server…and initiating the transmitting of second information…running on a server…”. There is insufficient antecedent basis for this limitation in the claim. Appropriate correction is required.





Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1-5, 7-11, 13-18, 20 are rejected under 35 U.S.C. 103 as being unpatentable over Bacastow (Pub. No. US 2018/0343565) in view of Shoji et al (Pub. US 2008/0307522).


As per claim 1, Bacastow discloses a method comprising: provisioning a computing device with a first secret known to a first party but not a second party (…see fig.3; PC 3.1 (interpreted as first party) and message 3.1.1. that contains a serial number to uniquely identify the PC 3.1 (interpreted as a first secret known to a first party) sent to remote computing device 3.5…see par. 84-86); provisioning the computing device with a second secret that is known to the second party but not the first party (…see fig.3; PC 3.8 (interpreted as second party) and message 3.8.1. that contains a serial number to uniquely identify the PC 3.8 (interpreted as a first secret known to a second party) sent to remote computing device 3.5…see par. 87-89); receiving, by a security component running on a server, a request for the performance of an action on the computing device, the security component requiring proof knowledge of the first secret and the second secret to permit the request (see par. 91-95); determining, by the security component without receiving the first secret with the request, that the request is from the first party having knowledge of the first secret (…the remote computing device receives the authentication request from PC 4.1 (first party)…the remote computing device retrieves from the security settings file unique security settings related to the mobile communication device using the unique software license key…see par. 91-92). Bacastow does not explicitly disclose initiating the transmitting of first information to the computing device, by the security component running on a server, the first information indicating knowledge of the first secret; and initiating the transmitting of second information to the computing device, by the security component running on a server, the second information indicating knowledge of the second secret, the computing device permitting the requested action upon the computing device verifying the first information and the second information. Shoji discloses initiating the transmitting of first information to the computing device, by the security component running on a server, the first information indicating knowledge of the first secret; and initiating the transmitting of second information to the computing device, by the security component running on a server, the second information indicating knowledge of the second secret, the computing device permitting the requested action upon the computing device verifying the first information and the second information (…the corporation consists of two groups A and B, and each group has a plurality of electronics computers…the groups A and B have single authentication memory devices (fig.11 , memory devices 201 and 202)…the group A has the authentication memory device 201…a secret key A for authentication has been stored in the authentication memory device 201…a public key pairing with the secret key A has been stored in all the computers PC-A1 to A4 of the group A…the authentication memory device 201 can control the recording devices of all the computers PC-A1 to A4 in the group A…the group B has the authentication memory device 202…the authentication memory device 202 can control the recording devices of the computers PC-B1 to B4 in the group B…the secret keys A and B of the groups A and B are stored in the authentication memory device…see par. 104-106). Therefore one ordinary skill in the art would have found it obvious before the effective filling date of the claimed invention to use Shoji in Bacastow for including the above limitations because one ordinary skill in the art would recognize it would further prevent unauthorized leakage to the outside of the electronic data stored in the electronic computer…see Shoji, par. 48-49.



As per claim 8, Bacastow discloses a non-transitory, computer-readable storage medium having stored thereon instructions, which, when executed by a processor of a server, cause the server to perform actions comprising: receiving, by a security component running on the server, a request for the performance of an action on the computing device, the security component requiring proof of knowledge of a first secret and proof of knowledge of a second secret to permit the request (see par. 91-95), the first secret provisioned on the computing device and known to a first party but not a second party (interpreted as first party) and message 3.1.1. that contains a serial number to uniquely identify the PC 3.1 (interpreted as a first secret known to a first party) sent to remote computing device 3.5…see par. 84-86), the second secret provisioned on the computing device and known to the second party but not the first party (…see fig.3; PC 3.8 (interpreted as second party) and message 3.8.1. that contains a serial number to uniquely identify the PC 3.8 (interpreted as a first secret known to a second party) sent to remote computing device 3.5…see par. 87-89);
determining, by the security component without receiving the first secret with the request, that the request is from the first party having knowledge of the first secret
(…the remote computing device receives the authentication request from PC 4.1 (first party)…the remote computing device retrieves from the security settings file unique security settings related to the mobile communication device using the unique software license key…see par. 91-92). Bacastow does not explicitly disclose initiating the transmitting of first information to the computing device, by the security component running on a server, the first information indicating knowledge of the first secret; and initiating the transmitting of second information to the computing device, by the security component running on a server, the second information indicating knowledge of the second secret, the computing device permitting the requested action upon the computing device verifying the first information and the second information. Shoji discloses initiating the transmitting of first information to the computing device, by the security component running on a server, the first information indicating knowledge of the first secret; and initiating the transmitting of second information to the computing device, by the security component running on a server, the second information indicating knowledge of the second secret, the computing device permitting the requested action upon the computing device verifying the first information and the second information (…the corporation consists of two groups A and B, and each group has a plurality of electronics computers…the groups A and B have single authentication memory devices (fig.11 , memory devices 201 and 202)…the group A has the authentication memory device 201…a secret key A for authentication has been stored in the authentication memory device 201…a public key pairing with the secret key A has been stored in all the computers PC-A1 to A4 of the group A…the authentication memory device 201 can control the recording devices of all the computers PC-A1 to A4 in the group A…the group B has the authentication memory device 202…the authentication memory device 202 can control the recording devices of the computers PC-B1 to B4 in the group B…the secret keys A and B of the groups A and B are stored in the authentication memory device…see par. 104-106). Therefore one ordinary skill in the art would have found it obvious before the effective filling date of the claimed invention to use Shoji in Bacastow for including the above limitations because one ordinary skill in the art would recognize it would further prevent unauthorized leakage to the outside of the electronic data stored in the electronic computer…see Shoji, par. 48-49.



As per claim 14, Bacastow discloses a system, comprising a server including at least one processor and memory with instructions that when executed by the at least one processor, cause the server to perform receiving, by a security component running on the server, a request for the performance of an action on the computing device, the security component requiring proof of knowledge of a first secret and proof of knowledge of a second secret to permit the request (see par. 91-95), the first secret provisioned on the computing device and known to a first party but not a second party (interpreted as first party) and message 3.1.1. that contains a serial number to uniquely identify the PC 3.1 (interpreted as a first secret known to a first party) sent to remote computing device 3.5…see par. 84-86), the second secret provisioned on the computing device and known to the second party but not the first party (…see fig.3; PC 3.8 (interpreted as second party) and message 3.8.1. that contains a serial number to uniquely identify the PC 3.8 (interpreted as a first secret known to a second party) sent to remote computing device 3.5…see par. 87-89); determining, by the security component without receiving the first secret with the request, that the request is from the first party having knowledge of the first secret (…the remote computing device receives the authentication request from PC 4.1 (first party)…the remote computing device retrieves from the security settings file unique security settings related to the mobile communication device using the unique software license key…see par. 91-92). Bacastow does not explicitly disclose initiating the transmitting of first information to the computing device, by the security component running on a server, the first information indicating knowledge of the first secret; and initiating the transmitting of second information to the computing device, by the security component running on a server, the second information indicating knowledge of the second secret, the computing device permitting the requested action upon the computing device verifying the first information and the second information. Shoji discloses initiating the transmitting of first information to the computing device, by the security component running on a server, the first information indicating knowledge of the first secret; and initiating the transmitting of second information to the computing device, by the security component running on a server, the second information indicating knowledge of the second secret, the computing device permitting the requested action upon the computing device verifying the first information and the second information (…the corporation consists of two groups A and B, and each group has a plurality of electronics computers…the groups A and B have single authentication memory devices (fig.11 , memory devices 201 and 202)…the group A has the authentication memory device 201…a secret key A for authentication has been stored in the authentication memory device 201…a public key pairing with the secret key A has been stored in all the computers PC-A1 to A4 of the group A…the authentication memory device 201 can control the recording devices of all the computers PC-A1 to A4 in the group A…the group B has the authentication memory device 202…the authentication memory device 202 can control the recording devices of the computers PC-B1 to B4 in the group B…the secret keys A and B of the groups A and B are stored in the authentication memory device…see par. 104-106). Therefore one ordinary skill in the art would have found it obvious before the effective filling date of the claimed invention to use Shoji in Bacastow for including the above limitations because one ordinary skill in the art would recognize it would further prevent unauthorized leakage to the outside of the electronic data stored in the electronic computer…see Shoji, par. 48-49.
 


As per claims 2, 9, 15, the combination of Bacastow and Shoji discloses the requested action implementing a disable switch, the disable switch disabling a subset of the functions of the computing device (Shoji: see par. 34). The motivation for claims 2, 9, 15 is the same motivation as in claims 1, 8, 14.


As per claims 3, 10, 16, the combination of Bacastow and Shoji discloses the requested action including the disablement of all forms of updating the computing device (Shoji: see par. 34-35). The motivation for claims 3, 10, 16 is the same motivation as in claims 1, 8, 14.


As per claims 4, 17, the combination of Bacastow and Shoji discloses the provisioning the computing device with a first secret comprising: accessing a secure environment on the computing device, the secure environment bypassing a host operating system; opening in the secure environment a user interface; and providing, using the user interface, the first secret as keying material (Shoji: see par. 67-68). The motivation for claims 4, 17 is the same motivation as in claims 1, 14.


As per claims 5, 11, 18, the combination of Bacastow and Shoji discloses wherein: the determining, by the security component without receiving the first secret, that the request is from the first party, includes: sending, by the security component, a cryptographic challenge to the first party, a solution to the cryptographic challenge requiring knowledge of the first secret; and receiving, by the security component from the first party, the solution to the cryptographic challenge (Bacastow: see par. 146).


As per claims 7, 13, 20, the combination of Bacastow and Shoji discloses wherein the second secret was provisioned by one of: a network operator (Bacastow:…security administrators to provide access to remote data…data…contains a unique mobile device serial number and a unique software license key that are passed from the mobile device, see par. 10, 73), a device manufacturer, or a security software provider, and wherein the second information indicating knowledge of the second secret (Bacastow: see par. 91-92).





Claims 6, 12, 19 are rejected under 35 U.S.C. 103 as being unpatentable over Bacastow (Pub. No. US 2018/0343565) in view of Shoji et al (Pub. US 2008/0307522) as applied to claims 1, 8, 14 above, and in further view of Lerner (Pub. No. US 2011/0202766).


As per claims 6, 12, 19, the combination of Bacastow and Shoji does not teach wherein the cryptographic challenge employs a zero-knowledge protocol. However Lerner discloses wherein the cryptographic challenge employs a zero-knowledge protocol (…computational zero knowledge arguments which relay on the same security assumptions as the ciphers used elsewhere in the protocol…see par. 117). Therefore one ordinary skill in the art would have found it obvious before the effective filling date of the claimed invention to use Lerner in the combination of Bacastow and Shoji for including the above limitations because one ordinary skill in the art would recognize it would further provide an efficient protocol, verifying operations…see Lerner, par. 117.






Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure (see PTO-form 892).
The following Patents and Papers are cited to further show the state of the art at the time of Applicant’s invention with respect to systems and methods for mobile device security.


Girard (Pub. No. US 2004/0221168); “System and Method for Protected Messaging”;

-Teaches sending messages between the pre-operating system and enabling the ability to have single, or at least simplified, log on capability…see par. 10-11.



Any inquiry concerning this communication or earlier communications from the examiner should be directed to GHAZAL B SHEHNI whose telephone number is (571)270-7479. The examiner can normally be reached Mon-Fri 9am-5pm PCT.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Philip Chea can be reached on 5712723951. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/GHAZAL B SHEHNI/Primary Examiner, Art Unit 2499