DETAILED ACTION
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection.  Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114.  Applicant's submission filed on 3/10/2022 has been entered.
	Claims 1, 2, 4-8 and 10-15 are pending with claims 1, 10 and 12 have been amended.

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Priority
Acknowledgment is made of applicant's claim for foreign priority under 35 U.S.C. 119(a)-(d).  The certified copy has been received.

Response to Arguments
Applicant's arguments filed 3/10/2022 have been fully considered.
Applicant’s arguments with respect to the rejection(s) of newly amended claim(s) 1, 10 and 12 under 102 have been fully considered and are persuasive.  Therefore, the rejection has been withdrawn.  However, upon further consideration, a new ground(s) of rejection is made in view of Kanai et al (US 2009/0185223) in view of Krahn et al (US 9,391,980).

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claim(s) 1, 2, 4, 6-8, 10 and 12-15 are rejected under 35 U.S.C. 103 as being unpatentable over Kanai et al (US 2009/0185223) in view of Krahn et al (US 9,391,980).
With respect claim 1, Kanai teaches a method for enforcing a secure print policy, the method comprising: 
providing a security policy at a source device, the security policy specifying security properties of a target device to which a print job is to be sent, the target device comprising at least one of: a printer and an intermediary device (see Kanai figure 2 paragraph 0144 i.e. The document protecting program 111 is a program to set a print requirement to a document file (hereinafter, simply called a document) in response to an input operation by a distributor using the distributor terminal 101 and figure 8 paragraph 0156-0157 i.e. the print requirement or only a special printer can process the print requirement, information showing that may be provided to the user before executing the printing process); 
cryptographically binding the security policy to the print job to generate a secure print job (see Kanai figure 9 and paragraph 0160-0161 i.e. First, the document protecting program 111 attaches the print requirement (i.e. claimed security policy) which the distributor set using the input unit of the distributor terminal 101, with the document. Next, the document protecting program 111 encrypts the document attached with the print requirement by using the password input by the distributor and generates the secured document and paragraph 0388); 
verifying security properties (see Kanai paragraph 0167 i.e. First, the document printing program 121 decrypts the secured document 13 by using the password input by the user using the input unit of the user terminal 102, and restores the document attached with the print requirement. Next, the document printing program 121 sets the printer driver so as to satisfy the print requirement set to the document. For example, if the PAC is indicated as the print requirement, the document printing program 121 sets the private access mode. Then, the document printing program 121 prints out the document and 0411-0412 i.e. When the document printing program 421 receives the permission information, the encryption key, and the print requirement from the access control server 404, the document printing program 421 decrypts the secured document by using the encryption key and then restores the document); and 
provided the security properties are verified, sending the print job to the target device (see Kanai paragraph 0167-0168 i.e. First, the document printing program 121 decrypts the secured document 13 by using the password input by the user using the input unit of the user terminal 102, and restores the document attached with the print requirement. Next, the document printing program 121 sets the printer driver so as to satisfy the print requirement set to the document. For example, if the PAC is indicated as the print requirement, the document printing program 121 sets the private access mode. Then, the document printing program 121 prints out the document. If necessary, a message may be displayed at the display unit to require the user to set a print parameter. If the printer 103 cannot satisfy the print requirement attached to the document, that is, if the printer 103 does not implement a function satisfying the print requirement set to the document, the document printing program 121 displays a message at the display unit of the user terminal 102 to inform the user, and terminates the operation without the printing process and paragraph 0411-0413).
Kanai does not teaches prior to sending the print job to the target device remotely verifying at the source device via a remote attestation protocol, the security properties of the target device.
Krahn teaches prior to sending the print job to the target device remotely verifying at the source device via a remote attestation protocol, the security properties of the target device (see column 3 lines 17-47 i.e. Enterprises or other organization may wish to verify the integrity of computing devices used by users to access enterprise resources. Thus, a platform verification or remote attestation solution, that allows a remote computing device to prove information about itself (e.g., that the remote computing device has a valid version of its operating system that is approved by a developer of the operating system) may be desirable).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Kanai in view of Krahn to have used remote attestation as a way to verify that a user (e.g., an employee) who is trying to use a client computing device to access an enterprise resource is using a legitimate client computing device, which has valid hardware and/or a valid operating system (e.g., an operating system acknowledged by a specified operating system developer as being valid) on the client computing device as a prerequisite for access. Therefore one would have been motivated to have used remote attestation as a way to confirm the OS of the target device.


Toegle teaches prior to sending the print job to the target device remotely verifying at the source device via a remote attestation protocol, the security properties of the target device (see Toegle section 4 Mobile attestation token).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Kanai in view of Toegle to used remote attestation as a way to learn if a public general-purpose desktop computer (i.e. point-of-sales terminal, Automatic Teller Machines (ATMs), payment terminals, Vending machines, peripherals like printers or access points) is secure for ad hoc use, as a useful way to improve the security for a number of computing services, including not only remote but, as we believe, also physically present systems (see Toegle Section 3.3 Scenario). Therefore one would have been motivated to have used remote attestation as a way to learn if printer is secure.

With respect claim 2, Kanai teaches a method as claimed in claim 1, wherein providing the security policy is performed when a user initiates the print job (see Kanai paragraph 0481 i.e. When the user attempts to access the document (for example, to print the document), the access control server 604 refers to the security policy 644 stored therein in response to a request from the document printing program 621, determines whether or not the user is authorized to access the document, and obtains the process requirement).

With respect claim 4, Kanai teaches a method as claimed in claim 3, wherein the properties are comprised of one or more of: whether the printer or intermediary device has full-disk encryption turned on; a specific set of printers or intermediary devices that the print job are to be printed at; whether the print job can be retained after use; whether the printer or intermediary device have specific operating system versions installed; an expiry date on the print job after which it is to be destroyed if if is not released; and whether the print job can be transported on a bring-your-own-device or mobile device (see Kanai paragraph 0495 i.e. In a case in that the user attempts to print out the document, the secured document 13 is implemented to the user terminal 602. For example, the user terminal 602 may read out the secured document 13 stored in the information recording medium set in the external storage unit. Alternatively, in a case in that the user terminal 602 connects with the distributor terminal 601 through a network, the user terminal 602 may obtain the secured document 13 through the network and figure 8 paragraph 0157).

With respect claim 6, Kanai teaches a method as claimed in claim 1, wherein the secure print job is encrypted before transportation to the printer or intermediary device (see Kanai figure 44 and paragraph 0402-0403 i.e. The distributor provides the secured document 13 generated by the document protecting program 411 to the user).

With respect claim 7, Kanai teaches a method as claimed in claim 1, wherein a bring-your-own-device or mobile device verifies the security properties (see Kanai paragraph 0495 i.e. In a case in that the user attempts to print out the document, the secured document 13 is implemented to the user terminal 602. For example, the user terminal 602 may read out the secured document 13 stored in the information recording medium set in the external storage unit. Alternatively, in a case in that the user terminal 602 connects with the distributor terminal 601 through a network, the user terminal 602 may obtain the secured document 13 through the network).

With respect to claim 8 Kanai teaches a method as claimed in claim 1, but does not disclose wherein the security policy is sent to a device performing the remote attestation protocol.
Krahn teaches wherein the security policy is sent to a device performing the remote attestation protocol (see column 6 lines 3-13 i.e. The platform verification module 168 stores instructions for receiving, via the application server 140 (e.g., a corporate virtual private network (VPN) server), a request for platform verification of the client computing device 150 and processing the request. The platform verification module 168 stores instructions for providing, in response to the request for platform verification, identifying information of the EMK 164 and/or identifying information of the EUK 166 to the platform verification server 120, while foregoing providing the identifying information of the EMK 164 and/or the identifying information of the EUK 166 to the application server 140).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Kanai in view of Krahn to have used remote attestation as a way to verify that a user (e.g., an employee) who is trying to use a client computing device to access an enterprise resource is using a legitimate client computing device, which has valid hardware and/or a valid operating system (e.g., an operating system acknowledged by a specified operating system developer as being valid) on the client computing device as a prerequisite for access. Therefore one would have been motivated to have used remote attestation as a way to confirm the OS of the target device.

With respect claim 10, Kanai teaches a production device for enforcing a secure print policy, the production device comprising: 
a processor configured to, 
receive a security policy specifying security properties of a target device comprising at least one of: a printer and an intermediary device (see Kanai paragraph 0149-0151 i.e. the distributor provides the document to the document protecting program 111 by operating the input unit. The document protecting program 111 that obtained the document requires the distributor to set a password necessary to access the document after the document is encrypted, and a setting of a security process (that is, the print requirement) which the distributor enforces with respect to the document. For example, the document protecting program 111 displays a message at the display unit of the distributor terminal 101 and requires the distributor of setting the password and the print requirement. FIG. 5 is a diagram showing a screen requiring of setting the password and the print requirement according to the first embodiment of the present invention); 
receive a secure print job having the security policy cryptographically bound the print job (see Kanai figure 9 and paragraph 0160-0161 i.e. First, the document protecting program 111 attaches the print requirement which the distributor set using the input unit of the distributor terminal 101, with the document. Next, the document protecting program 111 encrypts the document attached with the print requirement by using the password input by the distributor and generates the secured document and paragraph 0388); 
verifying security properties of the production device (see Kanai paragraph 0167 i.e. First, the document printing program 121 decrypts the secured document 13 by using the password input by the user using the input unit of the user terminal 102, and restores the document attached with the print requirement. Next, the document printing program 121 sets the printer driver so as to satisfy the print requirement set to the document. For example, if the PAC is indicated as the print requirement, the document printing program 121 sets the private access mode. Then, the document printing program 121 prints out the document and 0411-0412 i.e. When the document printing program 421 receives the permission information, the encryption key, and the print requirement from the access control server 404, the document printing program 421 decrypts the secured document by using the encryption key and then restores the document); and 
provided the security properties are verified, sending the print job to the target device (see Kanai paragraph 0167-0168 i.e. First, the document printing program 121 decrypts the secured document 13 by using the password input by the user using the input unit of the user terminal 102, and restores the document attached with the print requirement. Next, the document printing program 121 sets the printer driver so as to satisfy the print requirement set to the document. For example, if the PAC is indicated as the print requirement, the document printing program 121 sets the private access mode. Then, the document printing program 121 prints out the document. If necessary, a message may be displayed at the display unit to require the user to set a print parameter. If the printer 103 cannot satisfy the print requirement attached to the document, that is, if the printer 103 does not implement a function satisfying the print requirement set to the document, the document printing program 121 displays a message at the display unit of the user terminal 102 to inform the user, and terminates the operation without the printing process and paragraph 0411-0413).
Kanai does not teaches prior to sending the print job to the target device remotely verifying at the source device via a remote attestation protocol, the security properties of the target device.
Krahn teaches prior to sending the print job to the target device remotely verifying at the source device via a remote attestation protocol, the security properties of the target device (see column 3 lines 17-47 i.e. Enterprises or other organization may wish to verify the integrity of computing devices used by users to access enterprise resources. Thus, a platform verification or remote attestation solution, that allows a remote computing device to prove information about itself (e.g., that the remote computing device has a valid version of its operating system that is approved by a developer of the operating system) may be desirable).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Kanai in view of Krahn to have used remote attestation as a way to verify that a user (e.g., an employee) who is trying to use a client computing device to access an enterprise resource is using a legitimate client computing device, which has valid hardware and/or a valid operating system (e.g., an operating system acknowledged by a specified operating system developer as being valid) on the client computing device as a prerequisite for access. Therefore one would have been motivated to have used remote attestation as a way to confirm the OS of the target device.

With respect claim 12, Kanai teaches a non-transitory machine-readable storage medium encoded with instructions executable by a processor, the machine-readable storage medium comprising: instructions to: 
(i) providing a security policy at a source device, the security policy specifying security properties of a target device comprising at least one of: a printer and an intermediary device (see Kanai paragraph 0149-0151 i.e. the distributor provides the document to the document protecting program 111 by operating the input unit. The document protecting program 111 that obtained the document requires the distributor to set a password necessary to access the document after the document is encrypted, and a setting of a security process (that is, the print requirement) which the distributor enforces with respect to the document. For example, the document protecting program 111 displays a message at the display unit of the distributor terminal 101 and requires the distributor of setting the password and the print requirement. FIG. 5 is a diagram showing a screen requiring of setting the password and the print requirement according to the first embodiment of the present invention); 
(ii) cryptographically binding the security policy to a print job to generate a secure print job (see Kanai figure 9 and paragraph 0160-0161 i.e. First, the document protecting program 111 attaches the print requirement which the distributor set using the input unit of the distributor terminal 101, with the document. Next, the document protecting program 111 encrypts the document attached with the print requirement by using the password input by the distributor and generates the secured document and paragraph 0388); 
(iii) verifying security properties (see Kanai paragraph 0167 i.e. First, the document printing program 121 decrypts the secured document 13 by using the password input by the user using the input unit of the user terminal 102, and restores the document attached with the print requirement. Next, the document printing program 121 sets the printer driver so as to satisfy the print requirement set to the document. For example, if the PAC is indicated as the print requirement, the document printing program 121 sets the private access mode. Then, the document printing program 121 prints out the document and 0411-0412 i.e. When the document printing program 421 receives the permission information, the encryption key, and the print requirement from the access control server 404, the document printing program 421 decrypts the secured document by using the encryption key and then restores the document); and 
(iv) provided the security properties are verified, sending the print job to the target device (see Kanai paragraph 0167-0168 i.e. First, the document printing program 121 decrypts the secured document 13 by using the password input by the user using the input unit of the user terminal 102, and restores the document attached with the print requirement. Next, the document printing program 121 sets the printer driver so as to satisfy the print requirement set to the document. For example, if the PAC is indicated as the print requirement, the document printing program 121 sets the private access mode. Then, the document printing program 121 prints out the document. If necessary, a message may be displayed at the display unit to require the user to set a print parameter. If the printer 103 cannot satisfy the print requirement attached to the document, that is, if the printer 103 does not implement a function satisfying the print requirement set to the document, the document printing program 121 displays a message at the display unit of the user terminal 102 to inform the user, and terminates the operation without the printing process and paragraph 0411-0413).
Kanai does not teaches prior to sending the print job to the target device remotely verifying at the source device via a remote attestation protocol, the security properties of the target device.
Krahn teaches prior to sending the print job to the target device remotely verifying at the source device via a remote attestation protocol, the security properties of the target device (see column 3 lines 17-47 i.e. Enterprises or other organization may wish to verify the integrity of computing devices used by users to access enterprise resources. Thus, a platform verification or remote attestation solution, that allows a remote computing device to prove information about itself (e.g., that the remote computing device has a valid version of its operating system that is approved by a developer of the operating system) may be desirable).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Kanai in view of Krahn to have used remote attestation as a way to verify that a user (e.g., an employee) who is trying to use a client computing device to access an enterprise resource is using a legitimate client computing device, which has valid hardware and/or a valid operating system (e.g., an operating system acknowledged by a specified operating system developer as being valid) on the client computing device as a prerequisite for access. Therefore one would have been motivated to have used remote attestation as a way to confirm the OS of the target device.

With respect claim 13, Kanai teaches a non-transitory machine-readable storage medium encoded with instructions executable by a processor as claimed in claim 12, further comprising instructions to: provide the security policy when a user initiates the print job (see Kanai paragraph 0478-0481 i.e. When the user attempts to access the document (for example, to print the document), the access control server 604 refers to the security policy 644 stored therein in response to a request from the document printing program 621, determines whether or not the user is authorized to access the document, and obtains the process requirement. FIG. 58 is a diagram showing a configuration example of the access control server according to the sixth embodiment of the present invention. FIG. 58, the access control server 604 includes an attribute DB registering part 604a, a user authenticating part 604b, an access authorization confirming part 604c, and a print requirement obtaining/sending part 604d).

With respect claim 14, Kanai teaches a non-transitory machine-readable storage medium encoded with instructions executable by a processor as claimed in claim 12, further comprising instructions to: encrypt the secure print job prior to transportation to the printer or intermediary device (see Kanai figure 44 and paragraph 0402-0403 i.e. Also, the document protecting program 411 provides the document ID to the document which is encrypted by using the encryption key and then generates the secured document 13).

With respect to claim 15 Kanai teaches a non-transitory machine-readable storage medium encoded with instructions executable by a processor as claimed in claim 12, but does not disclose further comprising instructions to: transmit the security policy to a device performing the remote attestation protocol.
Krahn teaches wherein the security policy is sent to a device performing the remote attestation protocol (see column 6 lines 3-13 i.e. The platform verification module 168 stores instructions for receiving, via the application server 140 (e.g., a corporate virtual private network (VPN) server), a request for platform verification of the client computing device 150 and processing the request. The platform verification module 168 stores instructions for providing, in response to the request for platform verification, identifying information of the EMK 164 and/or identifying information of the EUK 166 to the platform verification server 120, while foregoing providing the identifying information of the EMK 164 and/or the identifying information of the EUK 166 to the application server 140).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Kanai in view of Krahn to have used remote attestation as a way to verify that a user (e.g., an employee) who is trying to use a client computing device to access an enterprise resource is using a legitimate client computing device, which has valid hardware and/or a valid operating system (e.g., an operating system acknowledged by a specified operating system developer as being valid) on the client computing device as a prerequisite for access. Therefore one would have been motivated to have used remote attestation as a way to confirm the OS of the target device.

Claims 5 and 11 are rejected under 35 U.S.C. 103 as being unpatentable over Kanai et al (US 2009/0185223) in view of Krahn et al (US 9,391,980) in view of Bastaldo-Tsampalis et al (US 2016/0026418) 
With respect to claim 5 Kanai teaches a method as claimed in claim 1, but does not disclose wherein a workstation shares a symmetric key with the printer or intermediary device or a server thereof to protect the integrity of the security policy. 
Bastaldo-Tsampalis teaches wherein a workstation shares a symmetric key with the printer or intermediary device or a server thereof to protect the integrity of the security policy (see Bastaldo-Tsampalis paragraph 0031 i.e. The printer 200 may also be configured such that it and only it may open 3D print files delivered thereto by the network 101. Any encryption scheme that achieves this result may be used. For example, a symmetric key encryption scheme may be used in which the network 101 operator and the printer 200 have matching private keys, and the 3D print file is encrypted by the network 101 operator prior to transmission to the printer 200 using the private key. In such a case, only someone having the matching private key could decrypt the 3D print file, and thus if the printer 200 is the only entity with the matching private key, then only the printer 200 could decrypt the file).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Kanai in view of Bastaldo-Tsampalis to have used a symmetric key as a way to encrypt the 3D print files as a way to securely transmit the print files over network (see Bastaldo-Tsampalis paragraph 0031. Therefore one would have been motivated to have to have used a symmetric key as a way to encrypt the 3D print files.

With respect to claim 11 Kanai teaches a production device as claimed in claim 10, but does not disclose wherein the production device is a three-dimensional printer.  
Bastaldo-Tsampalis teaches wherein the production device is a three-dimensional printer (see Bastaldo-Tsampalis paragraph 0029).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Kanai in view of Bastaldo-Tsampalis to have used a 3d printer as way to print the file (see Bastaldo-Tsampalis paragraph 0029). Therefore one would have been motivated to have to have used a 3d printer to print the 3D print files.
Prior Art
	Novak et al (US 2012/0084850) titled “TRUSTWORTHY DEVICE CLAIMS FOR ENTERPRISE APPLICATIONS”
	Smith et al (US 2016/0125180) titled “Near Field Communication Authentication Mechanism”
	Hitchcock et al (US 9,727,737) titled “Trustworthy Indication Of Software Integrity”
	Itagaki (US 2007/0013938) titled “Printing Apparatus Capable Of Performing Confidential Printing And Printing Method For Use Therein”

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to DEVIN E ALMEIDA whose telephone number is (571)270-1018.  The examiner can normally be reached on Monday-Thursday from 7:30 A.M. to 5:00 P.M.  The examiner can also be reached on alternate Fridays from 7:30 A.M. to 4:00 P.M. 
If attempts to reach the examiner by telephone are unsuccessful, the examiner's supervisor, Saleh Najjar, can be reached on 571-272-4006. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free).
/DEVIN E ALMEIDA/Examiner, Art Unit 2492                                                                                                                                                                                                        
/SALEH NAJJAR/Supervisory Patent Examiner, Art Unit 2492