Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Detailed action
Claims 1-18 are pending and are being considered.
Claims 1, 3, 8, 11 and 12 have been amended.

Response to 103
Applicants arguments filed on 05/16/2022 have been fully considered. In response to applicants arguments on page 7-8 of remarks that McGough (i.e. primary reference) fails to teach the amended limitation of generating the protected key without exposing the unencrypted version of the protected key to the license service system by citing para [0080] of McGough which discloses symmetric knowledge of browsers SMK (session master key). The examiner respectfully disagrees with applicants point of view because session master key (SMK) is result of combining first encrypted portion and second encrypted portion of session master key, thereby resulting an encrypted SMK generated by the computing device. Therefore, the encrypted version of SMK is generated at the computing device without exposing the unencrypted version of the SMK to the computing device. 
Since the amended limitation of the claim is not explicitly described/taught by McGough as explained above, therefore.  the examiner relied upon a new reference to explicitly teach the amended limitation. Hence applicants’ arguments with respect to amended limitation are moot in view of new grounds of rejection. The argument does not apply to the current art being used. 
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1-13 and 17-18 are rejected under 35 U.S.C. 103 as being unpatentable over McGough (US 20080056501) in view of KESELMAN et al (hereinafter KESELMAN) (US 20200112429) and further in view of Parann-Nissany et al (hereinafter Parann) (US 9660805).

Regarding claim 1 McGough teaches a method for managing an electronic content item performed by a first license service system comprising (McGough on [0007-0008] teaches a system and method for secure exchange of numeric authentication and encryption keys and for authenticated encryption of any accompanying message content. See on [0010] teaches a method for obtaining a session master key by an application executing on a computer (i.e. first license service system) from a server);
 a processor and a non-transitory computer-readable medium storing instructions that, when executed by the processor, cause the first license service system to perform the method, the method comprising (McGough on [0026] teaches  computer program embodied in a computer readable and usable medium for ensuring private communications between application programs running on different computers (i.e. having processor and memory));
receiving a first content key share of a content key from a content service managing the electronic content item (McGough on [0010-0011] teaches computer (i.e. first license service system) executing an application receives a first portion of the session master key (i.e. first content key share) from server (i.e. content service));
receiving a protected second content key share of the content key from a second license service, the protected second content key share comprising a second content key share of the content key encrypted by the second license service using the public key (McGough on [0010-0011] teaches the application sends an open request to the directory server specified by the server in the first reply for the second portion of the session master key. The directory server (i.e. second license service) sends the second portion of the session master key (i.e. second content key share) to the application. Further teaches the open request sent by the application to the directory server may also include a public key, in which case the second portion of the session master key sent from the directory server to the application is encrypted with the public key);
generating a protected first content key share of the content key by encrypting the first content key share using the public key (McGough on [0010-0011] teaches the open request received by the server from the application may include a public key, in which case the first reply sent from the server to the application includes the first portion of the session master key encrypted with the public key);
generating a protected content key based on the protected first content key share and the protected second content key share, [[wherein generating the protected content key is performed by the first license service system without exposing an unencrypted version of the content key to the first license service system]] (McGough on [0010-0011] teaches the session master key is generated by the application using the first portion received from the server and the second portion received from the directory server).
	Although McGough teaches using public key for encrypting portions of master keys, but fails to explicitly teach receiving a public key from a device and transmitting the protected content key to the device for use in accessing the electronic content item, however KESELMAN from analogous art teaches receiving a public key from a device (KESELMAN on [0045] teaches a client device may send public key PK to RCC processor. See also on [0059-0060] teaches RCC receives a request containing public key from client device);
and transmitting the protected content key to the device for use in accessing the electronic content item (KESELMAN on [0009] teaches  RCC 120 may compute an encrypted, or blinded, derived key (i.e. protected content key) using data from the other elements and send the blinded derived key to client 150. See on [0047-0050] teaches RCC 120 may use PK, s.sub.j.Math.K, and b.sub.i.Math.K (i.e. multiplying two different keys) to compute the blinded derived key in blind and send the derived key to the client device. See also on [0059-0061] teaches RCC receives a request containing public key from client device. RCC will compute blinded key and transmit it to client device).
Thus, it would have been obvious to one ordinary skill in the art before the effective filing date to implement the teaching of KESELMAN into the teaching of McGough by transmitting the protected key to client device for accessing electronic content item. One would be motivated to do so in order to ensure security in a system (KESELMAN on [0006]).
Although the combination of McGough and KESELMAN teaches the protected key is generated by the computing device based on encrypted first and second key share, but fails to explicitly teach wherein generating the protected content key is performed by the first license service system without exposing an unencrypted version of the content key to the first license service system, however Parann from analogous art teaches wherein generating the protected content key is performed by the first license service system without exposing an unencrypted version of the content key to the first license service system (Parann on [Col 3 line 50-67, Col 6 line 5-15 and Claim 1] teaches computing device having N numbers of resources for creating a secure key upon request, wherein the secure key is never revealed to the any of the resources of the computing device in an unencrypted format because the secure key will be encrypted before the key is entered in the computing environment (i.e. secure key is not exposed to the computing device in plain format)).
Thus, it would have been obvious to one ordinary skill in the art before the effective filing date to implement the teaching of Parann into the combined teaching of McGough and KESELMAN by generating encrypted key without exposing the unencrypted version of the key. One would be motivated to do so in order to secure and prevent the keys from unauthorized access (Parann on [Col 1 line 60-67]).

Regarding claim 2 the combination of McGough, KESELMAN and Parann teaches all the limitations of claim 1 above, KESELMAN further teaches wherein the method further comprises receiving a request for a license to access the electronic content item from the device (KESELMAN on [0059-0060] teaches RCC receives a request containing public key from client device).
Thus, it would have been obvious to one ordinary skill in the art before the effective filing date to implement the teaching of KESELMAN into the teaching of McGough by transmitting the protected key to client device for accessing electronic content item. One would be motivated to do so in order to ensure security in a system (KESELMAN on [0006]).

Regarding claim 3 the combination of McGough, KESELMAN and Parann teaches all the limitations of claim 2 above, KESELMAN  further teaches wherein the method further comprises generating an electronic license for the electronic content item, the electronic license comprising the protected content key (KESELMAN on [0009] teaches  RCC 120 may compute an encrypted, or blinded, derived key (i.e. protected content key) using data from the other elements and send the blinded derived key to client 150. See on [0047-0050] teaches RCC 120 may use PK, s.sub.j.Math.K, and b.sub.i.Math.K (i.e. multiplying two different keys) to compute the blinded derived key in blind and send the derived key to the client device. See also on [0059-0061] teaches RCC receives a request containing public key from client device. RCC will compute blinded key and transmit it to client device).
Thus, it would have been obvious to one ordinary skill in the art before the effective filing date to implement the teaching of KESELMAN into the teaching of McGough by transmitting the protected key to client device for accessing electronic content item. One would be motivated to do so in order to ensure security in a system (KESELMAN on [0006]).

Regarding claim 4 the combination of McGough, KESELMAN and Parann teaches all the limitations of claim 3 above, KESELMAN further teaches wherein transmitting the protected content key to the device comprises transmitting the electronic license to the device (KESELMAN on [0009] teaches RCC 120 may compute an encrypted, or blinded, derived key (i.e. protected content key) using data from the other elements and send the blinded derived key to client 150. See on [0047-0050] teaches RCC 120 may use PK, s.sub.j.Math.K, and b.sub.i.Math.K (i.e. multiplying two different keys) to compute the blinded derived key in blind and send the derived key to the client device. See also on [0059-0061] teaches RCC receives a request containing public key from client device. RCC will compute blinded key and transmit it to client device).
Thus, it would have been obvious to one ordinary skill in the art before the effective filing date to implement the teaching of KESELMAN into the teaching of McGough by transmitting the protected key to client device for accessing electronic content item. One would be motivated to do so in order to ensure security in a system (KESELMAN on [0006]).

Regarding claim 5 the combination of McGough, KESELMAN and Parann teaches all the limitations of claim 1 above, KESELMAN  further teaches wherein generating the protected content key comprises multiplying the protected first content key share and the protected second content key share (KESELMAN on [0047-0050] teaches RCC 120 may use PK, s.sub.j.Math.K, and b.sub.i.Math.K (i.e. multiplying two different keys) to compute the blinded derived key in blind and send the derived key to the client device).
Thus, it would have been obvious to one ordinary skill in the art before the effective filing date to implement the teaching of KESELMAN into the teaching of McGough by transmitting the protected key to client device for accessing electronic content item. One would be motivated to do so in order to ensure security in a system (KESELMAN on [0006]).

Regarding claim 6 the combination of McGough, KESELMAN and Parann teaches all the limitations of claim 1 above, McGough further teaches wherein the first license service is separate from the second license service (McGough on [0010] teaches a method for obtaining a session master key by an application executing on a computer (i.e. first license service system) from a server. Further teaches the directory server (i.e. second license service) sends the second portion of the session master key (i.e. second key share) to the application).

Regarding claim 7 the combination of McGough, KESELMAN and Parann teaches all the limitations of claim 1 above, KESELMAN further teaches wherein the content key comprises a content decryption key associated with the electronic content item (KESELMAN on [0058] teaches client 150 may request and receive a current b.sub.i. At 414, as described above, client 150 may use b.sub.i and SK to decrypt the data received).
Thus, it would have been obvious to one ordinary skill in the art before the effective filing date to implement the teaching of KESELMAN into the teaching of McGough by transmitting the protected key to client device for accessing electronic content item. One would be motivated to do so in order to ensure security in a system (KESELMAN on [0006]).

Regarding claim 8 the combination of McGough, KESELMAN and Parann teaches all the limitations of claim 1 above, McGough further teaches wherein the content key is generated by the content service (McGough on [0010-0011] teaches the session master key is generated by the application of computer using the first portion received from the server and the second portion received from the directory server).

Regarding claim 9 the combination of McGough, KESELMAN and Parann teaches all the limitations of claim 1 above, McGough further teaches wherein the first content key share is generated by the content service (McGough on [0010-0011] teaches computer executing an application receives a first portion of the session master key (i.e. first content key share) from server (i.e. content service indicating separate device)).

Regarding claim 10 the combination of McGough, KESELMAN and Parann teaches all the limitations of claim 1 above, McGough further teaches wherein the second content key share is generated by the content service (McGough on [0011] teaches server sending a second reply to a directory server with a second portion of the session master key (i.e. indicating the second portion of the key is generated at server which in this case is the content service)).
Regarding claim 11 the combination of McGough, KESELMAN and Parann teaches all the limitations of claim 1 above, McGough further teaches wherein the protected content key comprises the content key encrypted with the public key (McGough on [0010-0011] teaches the session master key is generated by the application using the first portion received from the server and the second portion received from the directory server (i.e. first and second portion are encrypted based on public key)).

Regarding claim 12 the combination of McGough, KESELMAN and Parann teaches all the limitations of claim 1 above, KESELMAN  further teaches wherein the protected content key comprises the content key encrypted with the public key with a homomorphic encryption algorithm (KESELMAN on [0007, 0014 and 0024] teaches Key derivation service instructions 218 may include instructions that perform the various homomorphic key derivation functions).
Thus, it would have been obvious to one ordinary skill in the art before the effective filing date to implement the teaching of KESELMAN into the teaching of McGough by transmitting the protected key to client device for accessing electronic content item. One would be motivated to do so in order to ensure security in a system (KESELMAN on [0006]).

Regarding claim 13 the combination of McGough, KESELMAN and Parann teaches all the limitations of claim 1 above, McGough further teaches wherein the protected second content key share comprises the second content key share encrypted by the second license service with the public key [[using a homomorphic encryption algorithm]] (McGough on [0010-0011] teaches the application sends an open request to the directory server specified by the server in the first reply for the second portion of the session master key. The directory server (i.e. second license service) sends the second portion of the session master key (i.e. second key share) to the application. Further teaches the open request sent by the application to the directory server may also include a public key, in which case the second portion of the session master key sent from the directory server to the application is encrypted with the public key).
KESELMAN teaches encrypting using homomorphic encryption algorithm (KESELMAN on [0007, 0014 and 0024] teaches Key derivation service instructions 218 may include instructions that perform the various homomorphic key derivation functions).
Thus, it would have been obvious to one ordinary skill in the art before the effective filing date to implement the teaching of KESELMAN into the teaching of McGough by transmitting the protected key to client device for accessing electronic content item. One would be motivated to do so in order to ensure security in a system (KESELMAN on [0006]).

Regarding claim 17 the combination of McGough, KESELMAN and Parann teaches all the limitations of claim 1 above, KESELMAN further teaches wherein the public key is associated with the device (KESELMAN on [0009] teaches client may generated public key (i.e. public key associated with client device). See on [0007] teaches client 150 may be any device configured to provide access to remote applications. For example, client 150 may be a smartphone, personal computer, tablet, laptop computer, or other device).
Thus, it would have been obvious to one ordinary skill in the art before the effective filing date to implement the teaching of KESELMAN into the teaching of McGough by transmitting the protected key to client device for accessing electronic content item. One would be motivated to do so in order to ensure security in a system (KESELMAN on [0006]).

Regarding claim 18 the combination of McGough, KESELMAN and Parann teaches all the limitations of claim 1 above, KESELMAN further teaches wherein the public key is associated with a user of the device (KESELMAN on [0009] teaches client may generated public key (i.e. public key associated with client device). See on [0007] teaches client 150 may be any device configured to provide access to remote applications. For example, client 150 may be a smartphone, personal computer, tablet, laptop computer, or other device).
Thus, it would have been obvious to one ordinary skill in the art before the effective filing date to implement the teaching of KESELMAN into the teaching of McGough by transmitting the protected key to client device for accessing electronic content item. One would be motivated to do so in order to ensure security in a system (KESELMAN on [0006]).

Claims 14-16 are rejected under 35 U.S.C. 103 as being unpatentable over McGough (US 20080056501) in view of KESELMAN et al (hereinafter KESELMAN) (US 20200112429), in view of Parann-Nissany et al (hereinafter Parann) (US 9660805) and further in view of Dean et al (hereinafter Dean) (US 11238140).

Regarding claim 14 the combination of McGough, KESELMAN and Parann teaches all the limitations of claim 1 above, the combination fails to explicitly teach wherein the first content key share comprises a first padded content key share, however Dean from analogous art teaches wherein the first content key share comprises a first padded content key share (Dean on [Col 25 line 45-55] teaches the LUK 614 may be divided into two portions. The first portion of LUK 614 may be generated by padding the key index with a first value to generate a first padded key index (e.g., 1YHHHHCC80000000), and encrypting the first padded key index using the second encryption key 608. The second portion of LUK 614 may be generated by padding the key index with a second value to generate a second padded key index (e.g., 2YHHHHCC80000000), and encrypting the second padded key index using the second encryption key 608).
Thus, it would have been obvious to one ordinary skill in the art before the effective filing date to implement the teaching of Dean into the combined teaching of McGough and KESELMAN by having a padded key share. One would be motivated to do so in order to ensure transactions in a secure and reliable manner (Dean on [Col 1 line 50-55]).
Regarding claim 15 the combination of McGough, KESELMAN and Parann teaches all the limitations of claim 1 above, the combination fails to explicitly teach wherein the protected second content key share comprises a protected padded content key share, however Dean from analogous art teaches wherein the protected second content key share comprises a protected padded content key share (Dean on [Col 25 line 45-55] teaches the LUK 614 may be divided into two portions. The first portion of LUK 614 may be generated by padding the key index with a first value to generate a first padded key index (e.g., 1YHHHHCC80000000), and encrypting the first padded key index using the second encryption key 608. The second portion of LUK 614 may be generated by padding the key index with a second value to generate a second padded key index (e.g., 2YHHHHCC80000000), and encrypting the second padded key index using the second encryption key 608).
Thus, it would have been obvious to one ordinary skill in the art before the effective filing date to implement the teaching of Dean into the combined teaching of McGough and KESELMAN by having a padded key share. One would be motivated to do so in order to ensure transactions in a secure and reliable manner (Dean on [Col 1 line 50-55]).

Regarding claim 16 the combination of McGough, KESELMAN and Parann teaches all the limitations of claim 1 above, the combination fails to explicitly teach wherein the protected content key comprises a protected padded content key, however Dean from analogous art teaches wherein the protected content key comprises a protected padded content key (Dean on [Col 25 line 45-55] teaches the LUK 614 may be divided into two portions. The first portion of LUK 614 may be generated by padding the key index with a first value to generate a first padded key index (e.g., 1YHHHHCC80000000), and encrypting the first padded key index using the second encryption key 608. The second portion of LUK 614 may be generated by padding the key index with a second value to generate a second padded key index (e.g., 2YHHHHCC80000000), and encrypting the second padded key index using the second encryption key 608).
Thus, it would have been obvious to one ordinary skill in the art before the effective filing date to implement the teaching of Dean into the combined teaching of McGough and KESELMAN by having a padded key share. One would be motivated to do so in order to ensure transactions in a secure and reliable manner (Dean on [Col 1 line 50-55]).
Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 

Any inquiry concerning this communication or earlier communications from the examiner should be directed to MOEEN KHAN whose telephone number is (571)272-3522. The examiner can normally be reached 7AM-5PM EST M-TH Alternate Fridays.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Shewaye Gelagay can be reached on (571)272-4219. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/MOEEN KHAN/Examiner, Art Unit 2436                                                                                                                                                                                                        
/SHEWAYE GELAGAY/Supervisory Patent Examiner, Art Unit 2436