DETAILED ACTION

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Information Disclosure Statement
The information disclosure statements filed September 28, 2020 and January 6, 2022 have been placed in the application file and the information referred to therein has been considered as to the merits.

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1-2, 6-9, and 13-15 are rejected under 35 U.S.C. 103 as being unpatentable over US patent application 20140181504 granted to Almahallaway et al and further in view of US patent application 20170353435 granted to Pritikin et al.
Regarding claim 1, Almahallawy discloses a method of creating a signing request using a security module {see paragraph [0032] (The security module 204 may also be configured to generate a certificate signing request . . .) and Figure 2, elements 204 and element 132}; transmitting the signing request to an authority (see paragraph [0026] (. . . server 162 may also be configured to receive certificate signing request . . .)}; receiving a response authorizing the request message and a signature and creating a master seed (certificate) based on or associated with the signature. {(see paragraph [0043]; Figure 4, elements 406, 408, 162.)}
Almahallawy fails to specifically teach the security module is a location based HSM and transmitting the message with coordinates of the location.
In an analogous art, Pritikin discloses a computing device comprising a TPM (HSM) and location information {see paragraph [0011] (. . . location information (such as latitude and longitude) for a computing device 16A or 16B . . .) that is subsequently sent to an administrative portal (location authority) for generating a geolocation certificate {see paragraph [0011] ( . . . to send the location information and cryptographic credentials to  . . . administrative portal 20 for generation of a signed geolocation certificate 24A or 24B . . .)}. It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine Pritikin’s method for cryptographically binding a geolocation certificate to a computing device with Almahallawy’s method for securely provisioning the computing devices for connectivity to enterprises. One of ordinary skill in the art would have been motivated to combine the two in order to overcome the shortcomings in providing secure data to an enterprise located in a specific jurisdiction (see Pritikin; paragraphs [0002] and [0016]).
Regarding claim 2, Almahallawy as modified above (see claim 1) further discloses creating the signing request message comprises: acquiring location data of the location-based HSM; determining the location data is located at a predetermined location, wherein the predetermined location is an undisclosed location known only by an operator of the location-based HSM; extracting longitudinal and latitudinal values from the location data; generating a random number using a random number generator; and creating the signing request message using the random number and attaching the longitudinal and latitudinal values. see Pritikin paragraphs [0011] and [0022] (. . . location information (such as latitude and longitude) for a computing device 16A or 16B . . .) that is subsequently sent to an administrative portal (location authority) for generating a geolocation certificate {see paragraph [0011] ( . . . to send the location information and cryptographic credentials to  . . . administrative portal 20 for generation of a signed geolocation certificate 24A or 24B . . .)}. It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine Pritikin’s method for cryptographically binding a geolocation certificate to a computing device with Almahallawy’s method for securely provisioning the computing devices for connectivity to enterprises. One of ordinary skill in the art would have been motivated to combine the two in order to overcome the shortcomings in providing secure data to an enterprise located in a specific jurisdiction (see Pritikin; paragraphs [0002] and [0016]).


Regarding claim 6, Almahallawy as modified above (see claim 1) further teaches wherein the location is within an authorization zone of the location authority  (see Pritikin paragraph [0014]). It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine Pritikin’s method for cryptographically binding a geolocation certificate to a computing device with Almahallawy’s method for securely provisioning the computing devices for connectivity to enterprises. One of ordinary skill in the art would have been motivated to combine the two in order to overcome the shortcomings in providing secure data to an enterprise located in a specific jurisdiction (see Pritikin; paragraphs [0002] and [0016]).
Regarding claim 7, Almahallawy as modified above (see claim 1) further teaches wherein the location authority is physically located at a geographically assured location (see Pritikin paragraph [0014]). It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine Pritikin’s method for cryptographically binding a geolocation certificate to a computing device with Almahallawy’s method for securely provisioning the computing devices for connectivity to enterprises. One of ordinary skill in the art would have been motivated to combine the two in order to overcome the shortcomings in providing secure data to an enterprise located in a specific jurisdiction (see Pritikin; paragraphs [0002] and [0016]).

Claims 8-9 and 13-14 are computer program product claims that are substantially equivalent to method claims 1-2 and 6-7. Therefore claims 8-9 and 13-14 are rejected by a similar rationale.

Claim 15 is hardware security module that is substantially equivalent to method claim 1. Therefore claim 15 is rejected by a similar rationale.

Allowable Subject Matter
Claims 3-5, 10-12,and 16-20 are objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims.
The following is a statement of reasons for the indication of allowable subject matter:  
With respect to claim 3, the cited prior art fails to specifically teach the computer-implemented method of claim 2, wherein the random number generator generates the random number using a current time of the location-based HSM.
With respect to claim 4, the cited prior art fails to specifically teach the computer-implemented method of claim 1, further comprising: receiving a recovery mnemonic sentence to regenerate a second master seed; creating signing request messages using the location-based HSM at the location; transmitting the signing request messages to the location authority with the coordinates of the location attached; receiving a second response from the location authority authorizing the signing request messages and providing a second signature; verifying a checksum derived from the mnemonic sentence with a second checksum derived from the second signature; and creating a second master seed based on the mnemonic sentence and the second signature and the verification of the checksum.
With respect to claim 5, the cited prior art fails to specifically teach the computer-implemented method of claim 4, wherein the signing request messages include location data around the location.
With respect to claim 10, the cited prior art fails to specifically teach the computer program product of claim 9, wherein the random number generator generates the random number using a current time of the location-based HSM.
With respect to claim 11, the cited prior art fails to specifically teach the computer program product of claim 8, further comprising: program instructions to receive a recovery mnemonic sentence to regenerate a second master seed; program instructions to generate signing request messages using the location- based HSM at the location; program instructions to transmit the signing request messages to the location authority with the coordinates of the predetermined location attached; program instructions to receive a second response from the location authority authorizing the signing request messages and providing a second signature; program instructions to verify a checksum derived from the mnemonic sentence with a second checksum derived from the second signature; and program instructions to create a second master seed based on the mnemonic sentence and the second signature and the verification of the checksum.
With respect to claim 12, the cited prior art fails to specifically teach the computer program product of claim 11, wherein the signing request messages include location data around the location.
With respect to claim 16, the cited prior art fails to specifically teach the location-based HSM of claim 15, wherein the PRNG generates the random number using a current time as entropy.
With respect to claim 17, the cited prior art fails to specifically teach the location-based HSM of claim 15, where the location is a longitudinal and latitudinal coordinate of the location-based HSM that is within an authorization zone of the location authority.
With respect to claim 18, the cited prior art fails to specifically teach the location-based HSM of claim 15, wherein the encryption module is further configured to recreate the master seed based on a mnemonic sentence.
With respect to claim 19, the cited prior art fails to specifically teach the location-based HSM of claim 15, wherein the communication device is further configured to transmit the signing request message to multiple location authorities in order to receive the signature.
With respect to claim 20, the cited prior art fails to specifically teach the location-based HSM of claim 15, wherein the location authority is a facility located at a fixed location.

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to MATTHEW B SMITHERS whose telephone number is (571)272-3876. The examiner can normally be reached 8:00-4:00 (Teleworking).
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Kristine Kincaid can be reached on 571-272-4063. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/MATTHEW SMITHERS/
Primary Examiner
Art Unit 2437