DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

The factual inquiries for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.
Claims 1, 2, 5-20 are rejected under 35 U.S.C. 103 as being unpatentable over Endresen, U.S. Patent No. 9,330,275, in view of Iyer, U.S. Patent No. 10,826,693.
Referring to claim 1, Endresen discloses location based content access that includes a first media device (Figure 1, element 102(1): reads on the claimed first computing system), a second media device (Figure 1, element 102(2): reads on the claimed second computing system), and a server (Figure 1, element 104: reads on the claimed data storage device), which meets the limitation of a computing environment including a first computing system, a second computing system, and a data storage device in communication with one another. The first media device is located within location 116(1) (Col. 4, lines 14-16) such that the first media device stores a cryptographic key 112 which can be used to decrypt encrypted content (Col. 5, lines 3-36), which meets the limitation of the first computing system is disposed at a first location and includes [a first hardware security module containing a first master key protecting] a first set of decryption keys. The second media device moves into an authorized location and is provided with a cryptographic key 112 (Col. 6, lines 1-8, 16-20), which meets the limitation of the second computing system is disposed at a second location includes [a second hardware security module containing a second master key protecting] a second set of decryption keys. The cryptographic keys 112 are configured to be based on the media device location information (Col. 5, lines 26-30), which meets the limitation of the first set of decryption keys being determined based on the first location, and the second set of decryption keys being determined based on the second location.
Endresen does not disclose that the media devices includes a hardware security module with a master key utilized to protect the cryptographic keys. Iyer discloses the use of hardware security modules to stored master keys that are utilized to encrypt a plurality of encryption keys (Col. 13, line 55 – Col. 14, line 25), which meets the limitation of a first hardware security module containing a first master key protecting a first set of decryption keys, a second hardware security module containing a second master key protecting a second set of decryption keys. It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention for the media devices of Endresen to have included hardware security modules with master keys that encrypt/decrypt the cryptographic keys 112 in order to reduce the potential for misuse of the cryptographic keys while allowing for the cryptographic keys to be externally stored in devices with lower security requirements as suggested by Iyer (Abstract).
Referring to claim 2, Endresen discloses that the cryptographic key 112 can be utilized decrypt a portion of the encrypted content (Col. 10, lines 17-19), which meets the limitation of wherein the first set of decryption keys are configured to decrypt a first subset of encrypted data objects in a data storage device.
Referring to claim 5, Endresen discloses that the location of the media device is utilized to retrieve a cryptographic key 112 that is utilized to decrypt the encrypted content (Col. 4, line 49 – Col. 5, line 20), which meets the limitation of wherein the first computing system is further configured to decrypt the encrypted data based on a determination that the data encryption key corresponds to one of the first set of decryption keys.
Referring to claim 6, Endresen discloses location based content access wherein media device users are prompted enter a password that is utilized to authenticate the user prior to receiving encrypted content (Col. 9, lines 59-67), which meets the limitation of wherein the computing environment further comprises an authentication system that controls user access to the first computing system and the second computing system.
Referring to claims 7, 14, Endresen discloses location based content access wherein media device users are authenticated prior to receiving encrypted content (Col. 9, lines 59-67: user of media device would be considered an authenticated user) such that the media device initiates receipt of the encrypted content from a server (Col. 3, lines 61-64: initiation from the media device reads on the claimed request to access an encrypted data from an authenticated user; server 104 reads on the claimed computing system), which meets the limitation of receiving, by a computing system of the computing environment, a request to access an encrypted data from an authenticated user. The encrypted content includes application data (Figure 4, element 110(4)) that identifies certain functionality such as the acquisition of the cryptographic key 112 used to decrypt the encrypted content at specific locations (Col. 11, lines 13-16 & 26-39: cryptographic key 112…applied to a string or a block of data to encrypt or decrypt encrypted data; location information where cryptographic key can be accessed reads on the claimed information about a data encryption key), which meets the limitation of wherein the encrypted data includes information about a data encryption key used to encrypt the encrypted data. Media device users are authenticated prior to receiving encrypted content (Col. 9, lines 59-67) such that the server 104 transmits the encrypted content to media device (Col. 3, lines 61-65), which meets the limitation of providing, by the computing system, the encrypted data to the computer system where the user was authenticated. The media device stores cryptographic keys (Figure 4, 112 & Col. 11, lines 10-11), which meets the limitation of the computer system including a set of decryption keys. The location of the media device is utilized to retrieve a cryptographic key 112 that is utilized to decrypt the encrypted content (Col. 4, line 49 – Col. 5, line 20), which meets the limitation of decrypting, [by the hardware security module], the encrypted data based on a determination that the data encryption key corresponds to one of the set of decryption keys, wherein the set of decryption keys are determined based on the location of the [hardware security module].
Endresen does not disclose that the media devices includes a hardware security module with a master key utilized to protect the cryptographic keys. Iyer discloses the use of hardware security modules to stored master keys that are utilized to encrypt a plurality of encryption keys (Col. 13, line 55 – Col. 14, line 25: master keys of Iyer are stored in the hardware security modules and would therefore be considered to be associated with the location of the hardware security module to the extent that the master keys are stored within the hardware security module), which meets the limitation of a set of decryption keys protected by a master key stored within a hardware security module associated with the location of the hardware security module. The hardware security module can utilize the master key to decrypt the encryption key such that the decrypted encryption key can be utilized to decrypt encrypted data (Col. 15, lines 4-14), which meets the limitation of decrypting, by the hardware security module, the encrypted data based on a determination that the data encryption key corresponds to one of the set of decryption keys. It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention for the media devices of Endresen to have included hardware security modules with master keys that encrypt/decrypt the cryptographic keys 112 in order to reduce the potential for misuse of the cryptographic keys while allowing for the cryptographic keys to be externally stored in devices with lower security requirements as suggested by Iyer (Abstract). 
Referring to claims 8, 15, Endresen discloses location based content access wherein media device users are prompted enter a password that is utilized to authenticate the user prior to receiving encrypted content (Col. 9, lines 59-67), which meets the limitation of wherein the authenticated user is authenticated by an authentication system of the computing environment that is configured to verify an identity of a user of the computer system.
Referring to claims 9, 16, Endresen does not disclose that the media devices includes a hardware security module with a master key utilized to protect the cryptographic keys. Iyer discloses the use of hardware security modules to stored master keys, which never leave the hardware security module (Col. 15, lines 6-7: never leaving the HSM would mean that the master key is unique to the HSM where it is stored), and that are utilized to encrypt a plurality of encryption keys (Col. 13, line 55 – Col. 14, line 25), which meets the limitation of wherein the master key is unique to the hardware security module. It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention for the media devices of Endresen to have included hardware security modules with master keys that encrypt/decrypt the cryptographic keys 112 in order to reduce the potential for misuse of the cryptographic keys while allowing for the cryptographic keys to be externally stored in devices with lower security requirements as suggested by Iyer (Abstract).
Referring to claims 10, 17, Endresen discloses that the cryptographic key 112 can be utilized decrypt a portion of the encrypted content (Col. 10, lines 17-19), which meets the limitation of wherein the set of decryption keys are configured to decrypt a subset of encrypted data objects in a data storage device of the computing environment. 
Referring to claims 11, 18, Endresen discloses that the cryptographic key can be have an associated validity period such that the cryptographic key is considered to be invalid, and access to the content is denied, once that validity period expires (Col. 10, lines 41-52), which meets the limitation of denying access to the encrypted data based on a determination that the data encryption key does not correspond to one of the set of decryption keys.
Referring to claims 12, 13, 19, 20, Endresen discloses that before the media device can be provided with a cryptographic key to decrypt the content, the media device must be located at an authorized location (Col. 16, lines 1-10: media device can be a smartphone, column 1, line 5, therefore, the location of the media device would correspond with the location of the user), which meets the limitation of wherein an identification of the [hardware security module] associated with the location includes determining one or more attributes of the authenticated user, wherein the one or more attributes of the authenticated user include one or more of a physical location of the authenticated user, wherein the one or more attributes of the authenticated user include one or more of a physical location of the authenticated user.
Endresen does not disclose that the media devices includes a hardware security module with a master key utilized to protect the cryptographic keys. Iyer discloses the use of hardware security modules to stored master keys that are utilized to encrypt a plurality of encryption keys (Col. 13, line 55 – Col. 14, line 25), which meets the limitation of the hardware security module. It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention for the media devices of Endresen to have included hardware security modules with master keys that encrypt/decrypt the cryptographic keys 112 in order to reduce the potential for misuse of the cryptographic keys while allowing for the cryptographic keys to be externally stored in devices with lower security requirements as suggested by Iyer (Abstract).
Claims 3, 4 are rejected under 35 U.S.C. 103 as being unpatentable over Endresen, U.S. Patent No. 9,330,275, in view of Iyer, U.S. Patent No. 10,826,693, and further in view of Balinsky, U.S. Publication No. 2012/0185701. Referring to claim 3, Endresen discloses that the first media device is located within location 116(1) (Col. 4, lines 14-16) such that the first media device stores a cryptographic key 112 which can be used to decrypt encrypted content (Col. 5, lines 3-36).The second media device moves into an authorized location and is provided with a cryptographic key 112 (Col. 6, lines 1-8, 16-20), and that the cryptographic key 112 can be utilized decrypt a portion of the encrypted content (Col. 10, lines 17-19), which meets the limitation of wherein the second set of decryption keys are configured to decrypt a second subset of encrypted data objects in the data storage device [and wherein the first subset is different from the second subset.]
Endresen does not disclose that the first media device can decrypt a different portion of the content than the second media device. Balinsky discloses that content can be encrypted such that different parts of the content are accessible by specific users and that the different parts can be encrypted with a different key ([0088]-[0089]), which meets the limitation of wherein the first subset is different from the second subset. It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention for the portions of content decryptable and accessible by the different media device users of Endresen to have been different for each users in order to provide multi-user document security that ensure that users can only access the sections of the content that they are authorized to access as suggested by Balinsky ([0018] & [0026]).
Referring to claim 4, Endresen discloses that the users can designate the authorized locations content can be accessed (Col. 4, lines 60-63: authorized location that the key can be used to decrypt the content would be considered information about the data encryption key), which meets the limitation of wherein the first computing system is configured to receive [encrypted] data from an authenticated user at the first location, wherein the [encrypted] data includes information about a data encryption key used to encrypt the encrypted data.
Endresen does not specify that the user enters the content that is encrypted. Balinsky discloses that authorized users provide contributions to the document content at sections the user is authorized to edit ([0019] & [0026] & [0028]: as it pertains to Endresen authorization requires that the user be at the authorized location. See Endresen column 16, lines 1-10), which meets the limitation of wherein the first computing system is configured to receive encrypted data from an authenticated user at the first location. It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention for the content of Endresen to have included content provided by authorized users in order to provide multi-user document security that can ensure that users can only access the sections of the content that they are authorized to access as suggested by Balinsky ([0018] & [0026]).
Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.
Minkovich, U.S. Publication No. 2018/0124066, discloses geographically based access control. 
Reddy, U.S. Patent No. 9,819,987, discloses location based content playback control.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to BENJAMIN E LANIER whose telephone number is (571)272-3805. The examiner can normally be reached M-Th: 6:20-4:50.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Kristine Kincaid can be reached on 5712724063. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/BENJAMIN E LANIER/          Primary Examiner, Art Unit 2437