DETAILED ACTION
This Final Office Action is in response to amendment filed on 03/21/2022.
Claims 1, 9, 15-16, and 21 have been amended. Claims 1-23  remain pending in the application. 

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Drawings
The drawings filed on 07/10/2020 are accepted.

Response to Amendment 
Applicant’s amendments to the Specification has overcome the objection previously set forth in the Non-Final Office Action mailed on 12/21/2022. 

Response to Arguments 
 Applicant’s arguments, see Applicant Remarks, Pages 12-15, regarding the newly added limitation “each of the one or more additional keys define a group of users who can access the data.”, filed 03/21/2022, with respect to the rejection(s) of claim(s) 1, 9, 15-16 and 21 under 35 U.S.C 103 have been fully considered and are persuasive.  Therefore, the rejection has been withdrawn. However, upon further consideration, a new ground(s) of rejection is made in view of the newly found prior art: Fujimoto et. al. (US 20160299924 A1). Please see detailed rejection below.

	
Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459 (1966), that are applied for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.

Claims 1-2 and 7-10 and 15 are rejected under 35 U.S.C. 103 as being unpatentable over Katz (US 20150372991 A1), hereinafter Katz, in view of Mehr (US 10033703 B1), hereinafter Mehr and Fujimoto et. al. (US 20160299924 A1), hereinafter Fujimoto.
	Regarding claim 1 (Currently Amended), Katz teaches a method (Katz Abstract “A method for transmitting data”) comprising: 
encrypting, by one or more processors, data based at least in part on a session key to generate encrypted data (Katz Fig. 4 (404) [0048] “In Step 404, the data elements identified in Step 402 are encrypted using a sender session key(s).”, [0021] discloses system of devices with a processor); 
encrypting, by the one or more processors, the session key based at least in part on a sender key to generate an encrypted session key (Katz Fig. 4 (414) [0050] “In Step 412, a combined key is generated using the SK and the receiver key value.”, [0051] “In Step 414, the session key(s) is encrypted using the combined key to generate an encrypted session key(s)”), 
[the sender key previously obtained from a key management system (KMS)]; 
transmitting, by the one or more processors, a request to the KMS [for an encrypted sender key index] (Katz Fig. 4 (406) [0049] “In Step 406, a receiver key value and corresponding indices are requested from the key management system (KMS). In one embodiment of the invention, the receiver key value is generated by applying an XOR function to a KMS key (DK) and a receiver compartmentalization key (RK). Further, the indices correspond to the DK index associated with the DK and the RK index associated with the RK. In one embodiment of the invention, the KMS may select any non-expired DK and RK. In one embodiment of the invention, the KMS authenticates the sender system (or sender security enforcer) before servicing the request.”, [0050] In Step 408, the protected receiver key value and the corresponding indices are received from the KMS.), 
the request comprising an index of the sender key and an index of each of one or more additional keys ([0008] “wherein the request comprises the DK index and the SK index (i.e. sender key)”, [0054] “ the DK index and the SK index are sent to the KMS in a request for a sender key value.”); 
[receiving, by the one or more processors, the encrypted sender key index from the KMS, the encrypted sender key index generated by the KMS based at least in part on the sender key and the one or more additional keys]; 
generating, by the one or more processors, an object that includes the encrypted data, the encrypted session key, the index of each of the one or more additional keys, and the [encrypted] sender key index (Katz Fig. 4 (416-418) [0051] “In Step 416, a data passport is generated using the encrypted session key(s), the DK index, the RK index, and the SK index…the SK index is obtained from the sender key repository and corresponds to the SK. In Step 418, protected data is generated using the data passport, the encrypted data elements and, if present, any unencrypted data elements…the data passport is appended to the encrypted data elements and, if present, any unencrypted data elements. In Step 420, the protected data is transmitted to the receiver system.”, where the data passport combined/appended with the encrypted data element correspond to the object, DK index and RK index correspond to additional key index), 
wherein access to the data via the object is controlled based at least in part on whether a receiver has access to the sender key and to the one or more additional keys (Katz Figure 5 (520) illustrates accessing/decrypting the data from the sender key (508) and additional keys DK and RK (506, 512), see [0054-0056]).
Katz discloses the aforementioned limitations, including sender key, Additional keys, session key for encrypting data, however, Katz does not disclose the below limitations where a key and its associated encrypted index is provided from the KMS. Emphasis in Italic. 
Mehr discloses the sender key previously obtained from a key management system (KMS) (Mehr discloses in Col. 11 line 26-38 “At block 604, the client generates a DEK. In some implementations, a random DEK is generated. In another implementation, a DEK is provided by a data encryption key server. In some embodiments, DEKs are reused for a number of requests before a new DEK is generated or requested. The client encrypts 606 the identified data with the DEK, and then encrypts 608 the DEK with a KEK. The encrypted DEK is stored 610 on a data encryption key server. The data encryption key server returns a DEKR that is received 612 by the client. At block 614, the client generates a data record that includes the DEK-encrypted data, and the DEKR. The generated data record is then sent 616 by the client to the storage server.”, where the DEK corresponds to the sender key, where the DEK corresponds to the sender key),
transmitting, by the one or more processors, a request to the KMS for an encrypted sender key index (Mehr Col. 12 line 25-31 “When the request is authorized, the storage server 704 locates the requested data using the data ID and returns the data in an encrypted form, along with DEKR. In some implementations, the DEKR is also encrypted. When the client receives the DEKR, the client decrypts the DEKR with the KEK 712 if the DEKR is encrypted, and sends the DEKR to the data encryption key server 710.”, where the request is sent to the storage server and in return an encrypted DEKR, i.e. data encryption key reference/index as disclosed in Col. 8 line 16-32, corresponding to the sender key index, Col. 12 line 45-49 “The client receives 804 data encrypted with a DEK and a DEKR associated with the DEK…the DEKR is encrypted with the client's KEK. When the client receives an encrypted DEKR…”),
receiving, by the one or more processors, the encrypted sender key index from the KMS, the encrypted sender key index generated by the KMS based at least in part on the sender key and the one or more additional keys (Mehr discloses the encrypted KEDR received by the server, where the KEDR is generated based on the received DEK, i.e. sender key, Col. 8 line 16-19 “When the data encryption key server receives the encrypted DEK, the data encryption key server stores 306 the encrypted DEK, and then generates 308 a reference to the DEK called a DEKR”, where the reference DEKR is encrypted based on KEK, corresponding to the one or more additional keys as disclosed in Col. 12 line 25-31),
each of the one or more additional keys define [a group of users] clients who can access the data (Mehr discloses the encrypted DEKR, encrypted key index, is based on the KEK, i.e. one or more additional keys, where the KEK is associated with clients who can access the data as disclosed in Col. 11 line 55-57 “When more than one client is authorized to access particular data maintained by the storage server, each client has access to the same KEK 712.”, similarly in Col. 10 line 43-45, where the KEK encrypts the key index DEKR to generate the encrypted DEKR),
Mehr further discloses generating, by the one or more processors, an object that includes…the encrypted sender key index is (Mehr Col. 8 line 24-27 “…the sender places the DEKR into an envelope with the DEK-encrypted message. In some implementations, the sender encrypts the DEKR with the KEK and places the encrypted DEKR into the envelope with the DEK-encrypted message.”).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Katz to incorporate the teaching of Mehr to utilize the above feature, with the motivation of ensuring security of sensitive data between sender, recipients or storage devices through key reference, as recognized by (Mehr Col. 3 line 1-34).
Katz in view Mehr disclose the aforementioned limitations. Mehr further discloses the encrypted DEKR, encrypted key index, is based on the KEK, i.e. one or more additional keys, where the KEK is associated with clients who can access the data as disclosed in Col. 11 line 55-57 “When more than one client is authorized to access particular data maintained by the storage server, each client has access to the same KEK 712.”, similarly in Col. 10 line 43-45, however, Katz in view Mehr do not explicitly disclose the below limitation. 
Fujimoto disclose each of the one or more additional keys define a group of users who can access the data (Fujimoto illustrates in Figure 3 a group key in 113 that define a group of users accessing data/document 1241, where the group key is used to encrypt/decrypt the document key and index key, and in turn the document key 142 is used to encrypt/decrypt the document, [0077] “The document server 125 obtains documents corresponding to the document IDs obtained in the step 306 from the document database 124, decrypts the documents, and sends the decrypted documents to the web browser 111 (step 309). The decryption of the documents is executed in the following way. First, the document server 125 searches the document keys 1242 associated with the documents for a document key decrypted with the user key or the group key of the group to which the user belongs. Next, the document server 125 sends the searched and encrypted document keys and the user's or group's token to the key server 113. Next, the key server 113 decrypts the document keys and decrypts the documents with the decrypted document keys.”, where the group key defines the group of e.g. an organization to which the user belongs, group and users illustrated in Figure 4 and disclosed in [0036, 0052-0054]).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Katz in view Mehr to incorporate the teaching of Fujimoto to utilize the above feature, with the motivation of enabling group of users, e.g. organization, to access data utilizing a group key that define the group, as recognized by (Fujimoto [0028, 0036] and throughout).

Regarding claim 2 (Original), Katz in view of Mehr and Fujimoto teaches the method of claim 1, wherein access to the data via the object is further controlled based at least in part on whether the sender key and the one or more additional keys are valid (Katz illustrates in Figure 5 [0054-0056] accessing the data based on the sender key (SK) , RK and DK, where the SK, DK and RK are associated with a timestamp that indicates when they expire as illustrated in Figure 3 (308, 314, 320) and disclosed in [0037-0039, 0049-0050], where the expired key is not valid and will not enable the receiver to access the data).  

Regarding claim 7 (Original), Katz in view of Mehr and Fujimoto teaches the method of claim 1, further comprising transmitting the object to the receiver (Katz Fig. 4 (418-420) [0051] “In Step 418, protected data is generated using the data passport, the encrypted data elements and, if present, any unencrypted data elements. In one embodiment of the invention, the data passport is appended to the encrypted data elements and, if present, any unencrypted data elements. In Step 420, the protected data is transmitted to the receiver system.”).  

Regarding claim 8 (Original), Katz in view of Mehr and Fujimoto teaches the method of claim 7, wherein the transmitting is via a network (Katz Figure 1 [0025] “[0025] The sender system (102) includes a sender security enforcer (114) configured to generate, send, and store sender compartmentalization keys and to protect the data (or portions thereof) based on enterprise defined security policies as described in FIG. 4 and to transmit (typically using the networked system described above) the protected data (120) to the receiver system.”).  

Regarding claim 9 (Currently Amended), Katz teaches a system (Katz Abstract illustrates in Figure 1 a system for communicating data, including processors) comprising: one or more processors for executing computer-readable instructions, the computer-readable instructions controlling the one or more processors to perform operations (Katz [0021] discloses system of devices with a processor) comprising: 
encrypting data based at least in part on a session key to generate encrypted data (Katz Fig. 4 (404) [0048] “In Step 404, the data elements identified in Step 402 are encrypted using a sender session key(s).”);
encrypting the session key based at least in part on a sender key to generate an encrypted session key (Katz Fig. 4 (414) [0050] “In Step 412, a combined key is generated using the SK and the receiver key value.”, [0051] “In Step 414, the session key(s) is encrypted using the combined key to generate an encrypted session key(s)”), 
[the sender key previously obtained from a key management system (KMS)]; 
P202004229US01Page 38 of 43transmitting a request to the KMS [for an encrypted sender key index] (Katz Fig. 4 (406) [0049] “In Step 406, a receiver key value and corresponding indices are requested from the key management system (KMS). In one embodiment of the invention, the receiver key value is generated by applying an XOR function to a KMS key (DK) and a receiver compartmentalization key (RK). Further, the indices correspond to the DK index associated with the DK and the RK index associated with the RK. In one embodiment of the invention, the KMS may select any non-expired DK and RK. In one embodiment of the invention, the KMS authenticates the sender system (or sender security enforcer) before servicing the request.”, [0050] In Step 408, the protected receiver key value and the corresponding indices are received from the KMS.),  
the request comprising an index of the sender key and an index of each of one or more additional keys (Katz [0008] “wherein the request comprises the DK index and the SK index”, [0054] “ the DK index and the SK index are sent to the KMS in a request for a sender key value.”), 
 [receiving the encrypted sender key index from the KMS, the encrypted sender key index generated by the KMS based at least in part on the sender key and the one or more additional keys]; and 
generating an object that includes the encrypted data, the encrypted session key, the index of each of the one or more additional keys, and the [encrypted] sender key index (Katz Fig. 4 (416-418) [0051] “In Step 416, a data passport is generated using the encrypted session key(s), the DK index, the RK index, and the SK index…the SK index is obtained from the sender key repository and corresponds to the SK. In Step 418, protected data is generated using the data passport, the encrypted data elements and, if present, any unencrypted data elements. In one embodiment of the invention, the data passport is appended to the encrypted data elements and, if present, any unencrypted data elements. In Step 420, the protected data is transmitted to the receiver system.”, where the data passport combined/appended with the encrypted data element correspond to the object, DK index and RK index correspond to additional key index), 
wherein access to the data via the object is controlled based at least in part on whether a receiver has access to the sender key and to the one or more additional keys (Katz Figure 5 (520) illustrates accessing/decrypting the data from the sender key (508) and additional keys DK and RK (506, 512), see [0054-0056]).
Katz discloses the aforementioned limitations, including sender key, Additional keys, session key for encrypting data, however, Katz does not disclose the below limitations where a key and its associated encrypted index is provided form the KMS.  
Mehr discloses the sender key previously obtained from a key management system (KMS) (Mehr discloses in Col. 11 line 26-38 “At block 604, the client generates a DEK. In some implementations, a random DEK is generated. In another implementation, a DEK is provided by a data encryption key server. In some embodiments, DEKs are reused for a number of requests before a new DEK is generated or requested. The client encrypts 606 the identified data with the DEK, and then encrypts 608 the DEK with a KEK. The encrypted DEK is stored 610 on a data encryption key server. The data encryption key server returns a DEKR that is received 612 by the client. At block 614, the client generates a data record that includes the DEK-encrypted data, and the DEKR. The generated data record is then sent 616 by the client to the storage server.”, where the DEK corresponds to the sender key, where the DEK corresponds to the sender key),
transmitting a request to the KMS for an encrypted sender key index (Mehr Col. 12 line 25-31 “When the request is authorized, the storage server 704 locates the requested data using the data ID and returns the data in an encrypted form, along with DEKR. In some implementations, the DEKR is also encrypted. When the client receives the DEKR, the client decrypts the DEKR with the KEK 712 if the DEKR is encrypted, and sends the DEKR to the data encryption key server 710.”, where the request is sent to the storage server and in return an encrypted DEKR, i.e. data encryption key reference/index as disclosed in Col. 8 line 16-32, corresponding to the sender key index, Col. 12 line 45-49 “The client receives 804 data encrypted with a DEK and a DEKR associated with the DEK…the DEKR is encrypted with the client's KEK. When the client receives an encrypted DEKR…”),
receiving the encrypted sender key index from the KMS, the encrypted sender key index generated by the KMS based at least in part on the sender key and the one or more additional keys (Mehr discloses the encrypted KEDR received by the server, where the KEDR is generated based on the received DEK, i.e. sender key,
Col. 8 line 16-19 “When the data encryption key server receives the encrypted DEK, the data encryption key server stores 306 the encrypted DEK, and then generates 308 a reference to the DEK called a DEKR”, where the reference DEKR is encrypted based on KEK, corresponding to the one or more additional keys as disclosed in Col. 12 line 25-31),
each of the one or more additional keys define [a group of users] clients who can access the data (Mehr discloses the encrypted DEKR, encrypted key index, is based on the KEK, i.e. one or more additional keys, where the KEK is associated with clients who can access the data as disclosed in Col. 11 line 55-57 “When more than one client is authorized to access particular data maintained by the storage server, each client has access to the same KEK 712.”, similarly in Col. 10 line 43-45, where the KEK encrypts the key index DEKR to generate the encrypted DEKR); 

Mehr further discloses generating an object that includes the encrypted sender key index (Mehr Col. 8 line 24-27 “…the sender places the DEKR into an envelope with the DEK-encrypted message. In some implementations, the sender encrypts the DEKR with the KEK and places the encrypted DEKR into the envelope with the DEK-encrypted message.”).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Katz to incorporate the teaching of Mehr to utilize the above feature, with the motivation of ensuring security of sensitive data between sender, recipients or storage devices through key reference, as recognized by (Mehr Col. 3 line 1-34).
Katz in view Mehr disclose the aforementioned limitations. Mehr further discloses the encrypted DEKR, encrypted key index, is based on the KEK, i.e. one or more additional keys, where the KEK is associated with clients who can access the data as disclosed in Col. 11 line 55-57 “When more than one client is authorized to access particular data maintained by the storage server, each client has access to the same KEK 712.”, similarly in Col. 10 line 43-45, however, Katz in view Mehr do not explicitly disclose the below limitation. 
Fujimoto disclose each of the one or more additional keys define a group of users who can access the data (Fujimoto illustrates in Figure 3 a group key in 113 that define a group of users accessing data/document 1241, where the group key is used to encrypt/decrypt the document key and index key, and in turn the document key 142 is used to encrypt/decrypt the document, [0077] “The document server 125 obtains documents corresponding to the document IDs obtained in the step 306 from the document database 124, decrypts the documents, and sends the decrypted documents to the web browser 111 (step 309). The decryption of the documents is executed in the following way. First, the document server 125 searches the document keys 1242 associated with the documents for a document key decrypted with the user key or the group key of the group to which the user belongs. Next, the document server 125 sends the searched and encrypted document keys and the user's or group's token to the key server 113. Next, the key server 113 decrypts the document keys and decrypts the documents with the decrypted document keys.”, where the group key defines the group of e.g. an organization to which the user belongs, group and users illustrated in Figure 4 and disclosed in [0036, 0052-0054]).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Katz in view Mehr to incorporate the teaching of Fujimoto to utilize the above feature, with the motivation of enabling group of users, e.g. organization, to access data utilizing a group key that define the group, as recognized by (Fujimoto [0028, 0036] and throughout).

Regarding claim 10 (Original), Katz in view of Mehr and Fujimoto teaches the system of claim 9, wherein access to the data via the object is further controlled based at least in part on whether the sender key and the one or more additional keys are valid (Katz illustrates in Figure 5 [0054-0056] accessing the data based on the sender key (SK) , RK and DK, where the SK, DK and RK are associated with a timestamp that indicates when they expire as illustrated in Figure 3 (308, 314, 320) and disclosed in [0037-0039, 0049-0050], where the expired key is not valid and will not enable the receiver to access the data) 

Regarding claim 15 (Currently Amended), Katz teaches a computer program product comprising a computer-readable storage medium having program instructions embodied therewith, the program instructions executable by one or more processors to cause the one or more processors to perform operations (Katz Abstract, [0021], Figure 1 illustrates a system for communicating data, including processors) comprising: 
encrypting data based at least in part on a session key to generate encrypted data (Katz Fig. 4 (404) [0048] “In Step 404, the data elements identified in Step 402 are encrypted using a sender session key(s).”); 
encrypting the session key based at least in part on a sender key to generate an encrypted session key (Katz Fig. 4 (414) [0050] “In Step 412, a combined key is generated using the SK and the receiver key value.”, [0051] “In Step 414, the session key(s) is encrypted using the combined key to generate an encrypted session key(s)”), 
[the sender key previously obtained from a key management system (KMS)]; 
transmitting a request to the KMS [for an encrypted sender key index] (Katz Fig. 4 (406) [0049] “In Step 406, a receiver key value and corresponding indices are requested from the key management system (KMS). In one embodiment of the invention, the receiver key value is generated by applying an XOR function to a KMS key (DK) and a receiver compartmentalization key (RK). Further, the indices correspond to the DK index associated with the DK and the RK index associated with the RK. In one embodiment of the invention, the KMS may select any non-expired DK and RK. In one embodiment of the invention, the KMS authenticates the sender system (or sender security enforcer) before servicing the request.”, [0050] In Step 408, the protected receiver key value and the corresponding indices are received from the KMS.), 
the request comprising an index of the sender key and an index of each of one or more additional keys (Katz [0008] “wherein the request comprises the DK index and the SK index”, [0054] “ the DK index and the SK index are sent to the KMS in a request for a sender key value.”), 
 [receiving the encrypted sender key index from the KMS, the encrypted sender key index generated by the KMS based at least in part on the sender key and the one or more additional keys]; and 
generating an object that includes the encrypted data, the encrypted session key, the index of each of the one or more additional keys, and the [encrypted] sender key index (Katz Fig. 4 (416-418) [0051] “In Step 416, a data passport is generated using the encrypted session key(s), the DK index, the RK index, and the SK index…the SK index is obtained from the sender key repository and corresponds to the SK. In Step 418, protected data is generated using the data passport, the encrypted data elements and, if present, any unencrypted data elements. In one embodiment of the invention, the data passport is appended to the encrypted data elements and, if present, any unencrypted data elements. In Step 420, the protected data is transmitted to the receiver system.”, where the data passport combined/appended with the encrypted data element correspond to the object, DK index and RK index correspond to additional key index), 
wherein access to the data via the object is controlled based at least in part on whether a receiver has access to the sender key and to the one or more additional keys (Katz Figure 5 (520) illustrates accessing/decrypting the data from the sender key (508) and additional keys DK and RK (506, 512), see [0054-0056]).
Katz discloses the aforementioned limitations, including sender key, Additional keys, session key for encrypting data, however, Katz does not disclose the below limitations where a key and its associated encrypted index is provided form the KMS.  
  	Mehr discloses the sender key previously obtained from a key management system (KMS) (Mehr discloses in Col. 11 line 26-38 “At block 604, the client generates a DEK. In some implementations, a random DEK is generated. In another implementation, a DEK is provided by a data encryption key server. In some embodiments, DEKs are reused for a number of requests before a new DEK is generated or requested. The client encrypts 606 the identified data with the DEK, and then encrypts 608 the DEK with a KEK. The encrypted DEK is stored 610 on a data encryption key server. The data encryption key server returns a DEKR that is received 612 by the client. At block 614, the client generates a data record that includes the DEK-encrypted data, and the DEKR. The generated data record is then sent 616 by the client to the storage server.”, where the DEK corresponds to the sender key, where the DEK corresponds to the sender key),
transmitting a request to the KMS for an encrypted sender key index (Mehr Col. 12 line 25-31 “When the request is authorized, the storage server 704 locates the requested data using the data ID and returns the data in an encrypted form, along with DEKR. In some implementations, the DEKR is also encrypted. When the client receives the DEKR, the client decrypts the DEKR with the KEK 712 if the DEKR is encrypted, and sends the DEKR to the data encryption key server 710.”, where the request is sent to the storage server and in return an encrypted DEKR, i.e. data encryption key reference/index as disclosed in Col. 8 line 16-32, corresponding to the sender key index, Col. 12 line 45-49 “The client receives 804 data encrypted with a DEK and a DEKR associated with the DEK…the DEKR is encrypted with the client's KEK. When the client receives an encrypted DEKR…”),
receiving the encrypted sender key index from the KMS, the encrypted sender key index generated by the KMS based at least in part on the sender key and the one or more additional keys (Mehr discloses the encrypted KEDR received by the server, where the KEDR is generated based on the received DEK, i.e. sender key,
Col. 8 line 16-19 “When the data encryption key server receives the encrypted DEK, the data encryption key server stores 306 the encrypted DEK, and then generates 308 a reference to the DEK called a DEKR”, where the reference DEKR is encrypted based on KEK, corresponding to the one or more additional keys as disclosed in Col. 12 line 25-31),
each of the one or more additional keys define [a group of users] clients who can access the data (Mehr discloses the encrypted DEKR, encrypted key index, is based on the KEK, i.e. one or more additional keys, where the KEK is associated with clients who can access the data as disclosed in Col. 11 line 55-57 “When more than one client is authorized to access particular data maintained by the storage server, each client has access to the same KEK 712.”, similarly in Col. 10 line 43-45, where the KEK encrypts the key index DEKR to generate the encrypted DEKR); 
generating an object that includes…the encrypted sender key index (Mehr Col. 8 line 24-27 “…the sender places the DEKR into an envelope with the DEK-encrypted message. In some implementations, the sender encrypts the DEKR with the KEK and places the encrypted DEKR into the envelope with the DEK-encrypted message.”).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Katz to incorporate the teaching of Mehr to utilize the above feature, with the motivation of ensuring security of sensitive data between sender, recipients or storage devices through key reference, as recognized by (Mehr Col. 3 line 1-34).
Katz in view Mehr disclose the aforementioned limitations. Mehr further discloses the encrypted DEKR, encrypted key index, is based on the KEK, i.e. one or more additional keys, where the KEK is associated with clients who can access the data as disclosed in Col. 11 line 55-57 “When more than one client is authorized to access particular data maintained by the storage server, each client has access to the same KEK 712.”, similarly in Col. 10 line 43-45, however, Katz in view Mehr do not explicitly disclose the below limitation. 
Fujimoto disclose each of the one or more additional keys define a group of users who can access the data (Fujimoto illustrates in Figure 3 a group key in 113 that define a group of users accessing data/document 1241, where the group key is used to encrypt/decrypt the document key and index key, and in turn the document key 142 is used to encrypt/decrypt the document, [0077] “The document server 125 obtains documents corresponding to the document IDs obtained in the step 306 from the document database 124, decrypts the documents, and sends the decrypted documents to the web browser 111 (step 309). The decryption of the documents is executed in the following way. First, the document server 125 searches the document keys 1242 associated with the documents for a document key decrypted with the user key or the group key of the group to which the user belongs. Next, the document server 125 sends the searched and encrypted document keys and the user's or group's token to the key server 113. Next, the key server 113 decrypts the document keys and decrypts the documents with the decrypted document keys.”, where the group key defines the group of e.g. an organization to which the user belongs, group and users illustrated in Figure 4 and disclosed in [0036, 0052-0054]).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Katz in view Mehr to incorporate the teaching of Fujimoto to utilize the above feature, with the motivation of enabling group of users, e.g. organization, to access data utilizing a group key that define the group, as recognized by (Fujimoto [0028, 0036] and throughout).


Claims 3-5 and 11-13 are rejected under 35 U.S.C. 103 as being unpatentable over Katz (US 20150372991 A1), hereinafter Katz, in view of Mehr (US 10033703 B1), hereinafter Mehr, Fujimoto et. al. (US 20160299924 A1), hereinafter Fujimoto, and further in view of Zhao (US 8649515 B1), hereinafter Zhao.

Regarding claim 3 (Original), Katz in view of Mehr and Fujimoto teaches the method of claim 2,
Katz does not disclose the below limitation.
Mehr discloses further comprising preventing the receiver from accessing the data via the object, the preventing comprising [transmitting a request to the KMS] to invalidate the sender key (Mehr Col. 3 line 26-34 “when the contents of a particular envelope are compromised, data owners can update the data encryption key server's configuration to stop resolving the compromised DEKRs to DEKs. When a KEK is compromised, in some implementations, audit logs on the data encryption key server can be used to identify particular DEKRs that were resolved by an attacker. Once the particular DEKRs are identified, the associated DEKs can be updated, and the associated data can be re-encrypted.”, Col. 11 line 1-5 “…the set of access controls 518 can include a list of authorized clients, a range of time periods when resolution is permitted or denied, particular sets of DEKRs that may be resolved by particular clients, and ownership information relating to particular DEKs. In some embodiments, a DEK-owner is permitted to change or delete the owned DEK.”, where the DEK are stored at the DEK datastore 514 of the data encryption key server 510 illustrated in Figure 5, as disclosed in Col. 10 line 50-64, where the change of the DEK by one of the client owners implies transmitting instruction to the data encryption key server 510 to perform the change, where changing the DEK invalidates the old DEK and in turn the receiver will not be able to access the data based on the old key).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Katz to incorporate the teaching of Mehr to utilize the above feature, with the motivation of ensuring security of sensitive data between sender, recipients or storage devices through key reference, as recognized by (Mehr Col. 3 line 1-34).
Katz in view of Mehr and Fujimoto disclose the above limitations, where Mehr discloses detecting a compromise, and accordingly, preventing receivers from accessing data with by invalidating additional keys, however, Katz in view of Mehr do not disclose a request being transmitted.
Zhao discloses transmitting a request to KMS (Zhao Col. 3 line 25-30 “When the owner wants to prevent a recipient from further access to the media data, the owner client side logic 221 may be configured to instruct the key management server 203 to prevent that recipient from further receiving the encrypted session key.”).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Katz in view of Mehr and Fujimoto to incorporate the teaching of Zhao to utilize the above feature, with the motivation of transmitting instructions to key managements for preventing recipients selectively from receiving encryption keys, as recognized by (Zhao Col. 3 line 25-30).

 Regarding claim 4 (Original), Katz in view of Mehr and Fujimoto teaches the method of claim 2, 
Katz does not disclose the below limitations.
Mehr discloses further comprising preventing the receiver from accessing the data via the object, the preventing comprising [transmitting a request to the KMS] to invalidate at least one of the one or more additional keys (Mehr discloses that when the key encryption key, KEK, is compromised, the server invalidate/delete the compromised KEK as illustrated in Figure 4 (402-406), Col. 9 line 28-35 “a compromised KEK is detected when an unauthorized client attempts to resolve DEKRs. At block 404, the data encryption key server blocks further resolution of DEKRs, protecting uncompromised DEKs from being released. The data encryption key server generates 406 a new KEK. In some implementations, the data encryption key server is provided with a new KEK by a system administrator or other authoritative source.”, where updating the KEK prevent receivers, which may be attacker, from accessing the data).
Katz in view of Mehr and Fujimoto disclose the above limitations, where Mehr discloses detecting a compromise, and accordingly, preventing receivers from accessing data with by invalidating additional keys, however, Katz in view of Mehr do not disclose a request being transmitted to KMS.
Zhao discloses transmitting a request to KMS (Zhao Col. 3 line 25-30 “When the owner wants to prevent a recipient from further access to the media data, the owner client side logic 221 may be configured to instruct the key management server 203 to prevent that recipient from further receiving the encrypted session key.”).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Katz in view of Mehr and Fujimoto to incorporate the teaching of Zhao to utilize the above feature, with the motivation of transmitting instructions to key managements for preventing recipients selectively from receiving encryption keys, as recognized by (Zhao Col. 3 line 25-30).

Regarding claim 5 (Original), Katz in view of Mehr and Fujimoto teaches the method of claim 1, 
Katz does not disclose the below limitations.
Mehr discloses determining whether the receiver is from the list of authorized receivers (Mehr illustrates in Figure 3 (318) determining by the data encryption server, i.e. KMS, whether the receiver/recipient is authorized to access the data, Co. 8 line 36-40 “…the data encryption key server determines whether the recipient is authorized based at least in part on a database of access controls. Access controls can include permissions that are based at least in part on the identity of the recipient…” and accordingly provide access to the DEK, i.e. sender key).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Katz to incorporate the teaching of Mehr to utilize the above feature, with the motivation of ensuring security of sensitive data between sender, recipients or storage devices through key reference, as recognized by (Mehr Col. 3 line 1-34).
Katz in view of Mehr and Fujimoto does not disclose modifying the access to the data by removing or adding the receiver from the authorized list of receivers. Emphasis in italic.
Zhao discloses wherein access to the data via the object is modified in response to the KMS adding or removing the receiver from a list of users having access to the sender key (Zhao Col. 3 line 25-30 “When the owner wants to prevent a recipient from further access to the media data, the owner client side logic 221 may be configured to instruct the key management server 203 to prevent that recipient from further receiving the encrypted session key.”).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Katz in view of Mehr and Fujimoto to incorporate the teaching of Zhao to utilize the above feature, with the motivation of transmitting instructions to key managements for preventing recipients selectively from receiving encryption keys, as recognized by (Zhao Col. 3 line 25-30).
Regarding claim 11 (Original), Katz in view of Mehr and Fujimoto teaches the system of claim 10, wherein the operations further comprise preventing the receiver from accessing the data via the object, the preventing comprising [transmitting a request to the KMS] to invalidate the sender key (Mehr Col. 3 line 26-34 “when the contents of a particular envelope are compromised, data owners can update the data encryption key server's configuration to stop resolving the compromised DEKRs to DEKs. When a KEK is compromised, in some implementations, audit logs on the data encryption key server can be used to identify particular DEKRs that were resolved by an attacker. Once the particular DEKRs are identified, the associated DEKs can be updated, and the associated data can be re-encrypted.”, Col. 11 line 1-5 “…the set of access controls 518 can include a list of authorized clients, a range of time periods when resolution is permitted or denied, particular sets of DEKRs that may be resolved by particular clients, and ownership information relating to particular DEKs. In some embodiments, a DEK-owner is permitted to change or delete the owned DEK.”, where the DEK are stored at the DEK datastore 514 of the data encryption key server 510 illustrated in Figure 5, as disclosed in Col. 10 line 50-64, where the change of the DEK by one of the client owners implies transmitting instruction to the data encryption key server 510 to perform the change, where changing the DEK invalidates the old DEK and in turn the receiver will not be able to access the data based on the old key).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Katz to incorporate the teaching of Mehr to utilize the above feature, with the motivation of ensuring security of sensitive data between sender, recipients or storage devices through key reference, as recognized by (Mehr Col. 3 line 1-34).
  	Katz in view of Mehr and Fujimoto disclose the above limitations, where Mehr discloses detecting a compromise, and accordingly, preventing receivers from accessing data with by invalidating additional keys, however, Katz in view of Mehr and Fujimoto do not disclose a request being transmitted.
Zhao discloses transmitting a request to KMS (Zhao Col. 3 line 25-30 “When the owner wants to prevent a recipient from further access to the media data, the owner client side logic 221 may be configured to instruct the key management server 203 to prevent that recipient from further receiving the encrypted session key.”).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Katz in view of Mehr and Fujimoto to incorporate the teaching of Zhao to utilize the above feature, with the motivation of transmitting instructions to key managements for preventing recipients selectively from receiving encryption keys, as recognized by (Zhao Col. 3 line 25-30).

Regarding claim 12 (Original), Katz in view of Mehr and Fujimoto teaches the system of claim 10, wherein the operations further comprise preventing the receiver from accessing the data via the object, the preventing comprising [transmitting a request to the KMS] to invalidate at least one of the one or more additional keys (Mehr discloses that when the key encryption key, KEK, is compromised, the server invalidate/delete the compromised KEK as illustrated in Figure 4 (402-406), Col. 9 line 28-35 “a compromised KEK is detected when an unauthorized client attempts to resolve DEKRs. At block 404, the data encryption key server blocks further resolution of DEKRs, protecting uncompromised DEKs from being released. The data encryption key server generates 406 a new KEK. In some implementations, the data encryption key server is provided with a new KEK by a system administrator or other authoritative source.”, where updating the KEK prevent receivers, which may be attacker, from accessing the data).
Katz in view of Mehr disclose the above limitations, where Mehr discloses detecting a compromise, and accordingly, preventing receivers from accessing data with by invalidating additional keys, however, Katz in view of Mehr and Fujimoto do not disclose a request being transmitted to KMS.
Zhao discloses transmitting a request to KMS (Zhao Col. 3 line 25-30 “When the owner wants to prevent a recipient from further access to the media data, the owner client side logic 221 may be configured to instruct the key management server 203 to prevent that recipient from further receiving the encrypted session key.”).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Katz in view of Mehr and Fujimoto to incorporate the teaching of Zhao to utilize the above feature, with the motivation of transmitting instructions to key managements for preventing recipients selectively from receiving encryption keys, as recognized by (Zhao Col. 3 line 25-30).
 
Regarding claim 13 (Original), Katz in view of Mehr and Fujimoto teaches the system of claim 9, 
Katz does not disclose the below limitations.
Mehr discloses determining whether the receiver is from the list of authorized receivers (Mehr illustrates in Figure 3 (318) determining by the data encryption server, i.e. KMS, whether the receiver/recipient is authorized to access the data, Co. 8 line 36-40 “…the data encryption key server determines whether the recipient is authorized based at least in part on a database of access controls. Access controls can include permissions that are based at least in part on the identity of the recipient…”, Col. 11 line 1-5 “…the set of access controls 518 can include a list of authorized clients, a range of time periods when resolution is permitted or denied, particular sets of DEKRs that may be resolved by particular clients, and ownership information relating to particular DEKs. In some embodiments, a DEK-owner is permitted to change or delete the owned DEK.” and accordingly provide access to the DEK, i.e. sender key).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Katz to incorporate the teaching of Mehr to utilize the above feature, with the motivation of ensuring security of sensitive data between sender, recipients or storage devices through key reference, as recognized by (Mehr Col. 3 line 1-34).
Katz in view of Mehr and Fujimoto does not disclose modifying the access to the data by removing or adding the receiver from the authorized list of receivers. Emphasis in Italic.
Zhao discloses wherein access to the data via the object is modified in response to the KMS adding or removing the receiver from a list of users having access to the sender key (Zhao Col. 3 line 25-30 “When the owner wants to prevent a recipient from further access to the media data, the owner client side logic 221 may be configured to instruct the key management server 203 to prevent that recipient from further receiving the encrypted session key.”).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Katz in view of Mehr and Fujimoto to incorporate the teaching of Zhao to utilize the above feature, with the motivation of transmitting instructions to key managements for preventing recipients selectively from receiving encryption keys, as recognized by (Zhao Col. 3 line 25-30).

Claims 6 and 14 are rejected under 35 U.S.C. 103 as being unpatentable over Katz (US 20150372991 A1), hereinafter Katz, in view of Mehr (US 10033703 B1), hereinafter Mehr, Fujimoto et. al. (US 20160299924 A1), hereinafter Fujimoto and in view of Basin (US 20170126642 A1), hereinafter Basin.
 Regarding claim 6 (Original), Katz in view of Mehr and Fujimoto teaches the method of claim 1, 
Katz in view of Mehr and Fujimoto disclose the aforementioned limitations, where Katz discloses session key, sender key and additional keys, Mehr further discloses list of authorized users/receivers accessing the data, however, Katz in view of Mehr and Fujimoto do not disclose the adding or removing of the receiver/user for accessing keys. Emphasis in italic.
Basin discloses wherein access to the data via the object is modified in response to the KMS adding or removing the receiver from a list of users having access to an additional key of the one or more additional keys (Basin discloses a key provider and an owner of an encryption key, corresponding to KMS, may add users to a list of allowed users to access the encryption key, or may remove users from accessing the encryption key, [0371] “a Key Provider may provide a list of users to an owner of an encryption key. A list of users may be provided using a User Interface system. An owner of an encryption key may select users from the list that may use the encryption key thereby allowing access to the encryption key by the selected users. An owner of an encryption key may add other users to a list of users allowed to use an encryption key thereby changing the users allowed to use an encryption key. An owner may remove users from a list of users allowed to use an encryption key. An owner may remove a user from a list of users allowed to use an encryption key thereby denying a user access to use an encryption key. Other methods for allowing and denying access to an encryption key may be used”, where they encryption key can be more than one encryption key as disclosed in [0367] “Applications and users using encrypted information may possess more than one encryption key used for the encryption and decryption of information by an encryption application for the user or application to use. Applications and users using encrypted information may possess more than one type of encryption key used for the encryption and decryption of information by an encryption application for the user or application to use.”).  
 It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Katz in view of Mehr and Fujimoto to incorporate the teaching of Basin to utilize the above feature, with the motivation of enabling owners of keys to control which user to add or remove to the access list, as recognized by (Basin [0371).

Regarding claim 14 (Original), Katz in view of Mehr and Fujimoto teaches the system of claim 9, 
Katz in view of Mehr and Fujimoto disclose the aforementioned limitations, where Katz discloses session key, sender key and additional keys, Mehr further discloses list of authorized users/receivers accessing the data, however, Katz in view of Mehr and Fujimoto do not disclose the adding or removing of the receiver/user for accessing keys. Emphasis in italic.
Basin discloses wherein access to the data via the object is modified in response to the KMS adding or removing the receiver from a list of users having access to an additional key of the one or more additional keys (Basin discloses a key provider and an owner of an encryption key, corresponding to KMS, may add users to a list of allowed users to access the encryption key, or may remove users from accessing the encryption key, [0371] “a Key Provider may provide a list of users to an owner of an encryption key. A list of users may be provided using a User Interface system. An owner of an encryption key may select users from the list that may use the encryption key thereby allowing access to the encryption key by the selected users. An owner of an encryption key may add other users to a list of users allowed to use an encryption key thereby changing the users allowed to use an encryption key. An owner may remove users from a list of users allowed to use an encryption key. An owner may remove a user from a list of users allowed to use an encryption key thereby denying a user access to use an encryption key. Other methods for allowing and denying access to an encryption key may be used”, where they encryption key can be more than one encryption key as disclosed in [0367] “Applications and users using encrypted information may possess more than one encryption key used for the encryption and decryption of information by an encryption application for the user or application to use. Applications and users using encrypted information may possess more than one type of encryption key used for the encryption and decryption of information by an encryption application for the user or application to use.”).  
 It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Katz in view of Mehr and Fujimoto to incorporate the teaching of Basin to utilize the above feature, with the motivation of enabling owners of keys to control which user to add or remove to the access list, as recognized by (Basin [0371).

 
Claim 16 is rejected under 35 U.S.C. 103 as being unpatentable over Katz (US 20150372991 A1), hereinafter Katz, in view of Mehr (US 10033703 B1), hereinafter Mehr, Fujimoto et. al. (US 20160299924 A1), hereinafter Fujimoto and further in view of Le Saint (US 20160241389 A1), hereinafter Le.
  
Regarding claim 16 (Currently Amended), Katz teaches a method (Katz Abstract “A method for transmitting data”) comprising: 
receiving, by one or more processors, an object that includes encrypted data, an encrypted session key, an index of each of one or more additional keys, and an [encrypted] sender key index (Katz Fig. 4 (416-420) [0051] “In Step 416, a data passport is generated using the encrypted session key(s), the DK index, the RK index, and the SK index…the SK index is obtained from the sender key repository and corresponds to the SK. In Step 418, protected data is generated using the data passport, the encrypted data elements and, if present, any unencrypted data elements. In one embodiment of the invention, the data passport is appended to the encrypted data elements and, if present, any unencrypted data elements. In Step 420, the protected data is transmitted to the receiver system.”, 
[0054] “Turning to FIG. 5, in step 500, protected data is received by the receiver security enforcer.”, 
where the data passport combined/appended with the encrypted data element correspond to the object, DK index and RK index correspond to additional key index); 
transmitting, by the one or more processors, a request for a sender key corresponding to the encrypted sender key index to a key management system (KMS) (Katz Figure 5 (506) [0054] “ In Step 506, the DK index and the SK index are sent to the KMS…the DK index and the SK index are sent to the KMS in a request for a sender key value.”), 
P202004229US01Page 40 of 43the request from a requestor and the request comprising the [encrypted] sender key index and the index of each of the one or more additional keys (Katz Figure 5 (506) [0054] “ In Step 506, the DK index and the SK index are sent to the KMS…the DK index and the SK index are sent to the KMS in a request for a sender key value.”; and in response to receiving the sender key from the KMS (Katz Figure 5 (508)): 
decrypting the encrypted session key based at least in part on the sender key to generate a session key (Katz Figure 5 (516)); and 
decrypting the encrypted data based at least in part on the session key to generate unencrypted data (Katz Figure 5 (5520)), 
wherein the sender key is sent to the requestor by the KMS in response to a determination by the KMS that the requestor has access to the sender key and to each of the one or more additional keys (Katz [0054] “the KMS authenticates the receiver system (or receiver security enforcer) before servicing the request. The authentication may be performed using PKI or symmetric key infrastructure.”).  
Katz discloses the aforementioned limitations, including sender key, Additional keys, session key for encrypting data, however, Katz does not disclose the below limitation. Emphasis in italic.
Mehr discloses an object that includes…encrypted sender key index (Mehr Col. 8 line 24-27 “…the sender places the DEKR into an envelope with the DEK-encrypted message. In some implementations, the sender encrypts the DEKR with the KEK and places the encrypted DEKR into the envelope with the DEK-encrypted message.”),
Mehr further discloses each of the one or more additional keys define a group of users who can access the data (Mehr discloses the encrypted DEKR, encrypted key index, is based on the KEK, i.e. one or more additional keys, where the KEK is associated with clients who can access the data as disclosed in Col. 11 line 55-57 “When more than one client is authorized to access particular data maintained by the storage server, each client has access to the same KEK 712.”, similarly in Col. 10 line 43-45, where the KEK encrypts the key index DEKR to generate the encrypted DEKR).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Katz to incorporate the teaching of Mehr to utilize the above feature, with the motivation of ensuring security of sensitive data between sender, recipients or storage devices through key reference, as recognized by (Mehr Col. 3 line 1-34).
Katz in view of Mehr does not explicitly disclose that the request comprises encrypted sender key index. Emphasis in italic.
Le discloses the request comprising the encrypted sender key index (Le discloses in [0005] “…a server computer can receive a request from a client computer. The request message can include a protected server key identifier and encrypted request data. The server computer can decrypt the protected server key identifier using a server identifier encryption key to obtain a server key identifier. A server private key associated with the server key identifier can be determined. The encrypted data can be decrypted using the server private key to obtain request data.” where the key identifier correspond to the key index).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Katz in view of Mehr to incorporate the teaching of Le to utilize the above feature, with the motivation of improving a key agreement protocol, as recognized by (Le [0004]).
Katz in view of Mehr and Le do not disclose the below limitation.
Fujimoto disclose each of the one or more additional keys define a group of users who can access the data (Fujimoto illustrates in Figure 3 a group key in 113 that define a group of users accessing data/document 1241, where the group key is used to encrypt/decrypt the document key and index key, and in turn the document key 142 is used to encrypt/decrypt the document, [0077] “The document server 125 obtains documents corresponding to the document IDs obtained in the step 306 from the document database 124, decrypts the documents, and sends the decrypted documents to the web browser 111 (step 309). The decryption of the documents is executed in the following way. First, the document server 125 searches the document keys 1242 associated with the documents for a document key decrypted with the user key or the group key of the group to which the user belongs. Next, the document server 125 sends the searched and encrypted document keys and the user's or group's token to the key server 113. Next, the key server 113 decrypts the document keys and decrypts the documents with the decrypted document keys.”, where the group key defines the group of e.g. an organization to which the user belongs, group and users illustrated in Figure 4 and disclosed in [0036, 0052-0054]).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Katz in view Mehr and Le to incorporate the teaching of Fujimoto to utilize the above feature, with the motivation of enabling group of users, e.g. organization, to access data utilizing a group key that define the group, as recognized by (Fujimoto [0028, 0036] and throughout).


Claims 17-20 are rejected under 35 U.S.C. 103 as being unpatentable over Katz (US 20150372991 A1), hereinafter Katz, in view of Mehr (US 10033703 B1), hereinafter Mehr, Fujimoto et. al. (US 20160299924 A1), hereinafter Fujimoto and in view of Le Saint (US 20160241389 A1), hereinafter Le, and further in view of Valente (US 20210067324 A1), hereinafter Valente.

Regarding claim 17 (Original), Katz in view of Mehr, Fujimoto and Le teaches the method of claim 16, 
Katz does not disclose the below limitation.
Mehr discloses further comprising (denial) [receiving an error message] from the KMS in response to a determination by the KMS that the requestor does not have access to the sender key (Mehr illustrates in Figure 3 (318-320) the KMS determining that the recipient is not authorized and accordingly denying the request, as disclosed in Col. 8 line 33-47).
Katz in view of Mehr, Fujimoto and Le do not disclose receiving error message from KMS.
Valente disclose receiving error message from KMS (Valente [0042] “On the other hand, when the external key management service 180 denies access to the customer data 50 (e.g., denies access to the corresponding client-side encryption key 121), the AMS 300 may provide an access denied response 350 to the requestor device 120 to inform the requestor 20 that access to the customer data 20 requested in the access request 302 is denied. In some examples, the AMS 300 sends the access denied response 350 after a predetermined period of time elapses without receiving an authorized access token 310 from the external key management service 180.”, where the requestor receives the denied response, i.e. error message, from the access management service, [0052] further discloses the response denial message).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Katz in view of Mehr, Fujimoto and Le to incorporate the teaching of Valente to utilize the above feature, with the motivation of informing the customer of the denying the request and possibly provide rationale as to why the request was denied, as recognized by (Valente [0042, 0052]).

Regarding claim 18 (Original), Katz in view of Mehr, Le, Fujimoto and Valente teaches the method of claim 17, wherein it is determined that the requestor does not have access to the sender key when the sender key is invalid (Katz illustrates in Figure 5 [0054-0056] accessing the data based on the sender key (SK) , RK and DK, where the SK, DK and RK are associated with a timestamp that indicates when they expire as illustrated in Figure 3 (308, 314, 320) and disclosed in [0037-0039, 0049-0050], where the expired key is not valid and will not enable the receiver to access the data).  

Regarding claim 19 (Original), Katz in view of Mehr, Le and Fujimoto teaches the method of claim 16, 
Katz does not disclose the below limitation.
Mehr discloses further comprising (denial) [receiving an error message] from the KMS in response to a determination by the KMS that the requestor does not have access to all of the at least one or more additional keys (Mehr illustrates in Figure 4 (404, 406418) that when the KEK, i.e. additional key is compromised, then the data encryption key server, KMS, blocks the process of returning encryption key and the use of the current key encryption key (KEK), i.e. additional key, until generating a new KEK).  
Katz in view of Mehr Le and Fujimoto do not disclose receiving error message from KMS.
Valente disclose receiving error message from KMS (Valente [0042] “On the other hand, when the external key management service 180 denies access to the customer data 50 (e.g., denies access to the corresponding client-side encryption key 121), the AMS 300 may provide an access denied response 350 to the requestor device 120 to inform the requestor 20 that access to the customer data 20 requested in the access request 302 is denied. In some examples, the AMS 300 sends the access denied response 350 after a predetermined period of time elapses without receiving an authorized access token 310 from the external key management service 180.”, where the requestor receives the denied response, i.e. error message, from the access management service, [0052] further discloses the response denial message).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Katz in view of Mehr, Le and Fujimoto to incorporate the teaching of Valente to utilize the above feature, with the motivation of informing the customer of the denying the request and possibly provide rationale as to why the request was denied, as recognized by (Valente [0042, 0052]).

Regarding claim 20 (Original), Katz in view of Mehr, Le and Fujimoto teaches the method of claim 19, wherein it is determined that the requestor does not have access to all of the one or more additional keys when at least one of the one or more additional keys is invalid (Katz illustrates in Figure 5 [0054-0056] accessing the data based on the sender key (SK) , RK and DK, where the SK, DK and RK are associated with a timestamp that indicates when they expire as illustrated in Figure 3 (308, 314, 320) and disclosed in [0037-0039, 0049-0050], where the expired key is not valid and will not enable the receiver to access the data).  

Claim 21 is rejected under 35 U.S.C. 103 as being unpatentable over Katz (US 20150372991 A1), hereinafter Katz, in view of Le Saint (US 20160241389 A1), hereinafter Le and Fujimoto et. al. (US 20160299924 A1), hereinafter Fujimoto.

Regarding claim 21 (Currently Amended), Katz teaches a method (Katz Abstract “A method for transmitting data”) comprising: 
P202004229US01Page 41 of 43receiving, by one or more processors, a request from a requestor for a sender key, the request comprising an [encrypted] sender key index and an index of each of one or more additional keys (Katz Figure 5 (506) [0054] “ In Step 506, the DK index and the SK index are sent to the KMS…the DK index and the SK index are sent to the KMS in a request for a sender key value.”); 
determining whether the requestor has access to one or more additional keys identified by the index of each of the one or more additional keys (Katz [0023] “…the key management service (110) is configured to authenticate any sender system or receiver system that requests or sends a key(s) and to securely transmit keys or key values (described in FIGS. 4 and 5) to/from the sender system and the receiver system.”, Figure 4 (406) and [0049] and Figure 5 (506) and [0054] disclose that the requests for indices are serviced after determining that the requestor is authenticated); and 
in response to determining that the requestor has access to the one or more additional keys (Katz illustrates in Figure 5 (506-508), in response to the KMS receiving DK index, the KMS sends the protected sender key): [decrypting the encrypted sender key index to generate a sender key index; locating the sender key based at least in part on the sender key index]; 
determining whether the requestor has access to the sender key (Katz Figure 5 (508) [0054] “…the KMS authenticates the receiver system (or receiver security enforcer) before servicing the request. The authentication may be performed using PKI or symmetric key infrastructure.”; and 
transmitting the sender key to the requestor based on determining that the requestor has access to the sender key (Katz Figure 5 (508) [0054] “…the KMS authenticates the receiver system (or receiver security enforcer) before servicing the request. The authentication may be performed using PKI or symmetric key infrastructure.”, [0055] “In Step 508, a protected sender key value is obtained from the KMS”).
Kats does not disclose the below limitations.
Le discloses request comprising the encrypted sender key index, decrypting the encrypted sender key index to generate a sender key index; locating the sender key based at least in part on the sender key index (Le discloses in [0005] “…a server computer can receive a request from a client computer. The request message can include a protected server key identifier and encrypted request data. The server computer can decrypt the protected server key identifier using a server identifier encryption key to obtain a server key identifier. A server private key associated with the server key identifier can be determined. The encrypted data can be decrypted using the server private key to obtain request data.”, where the identifier correspond to the key index).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Katz in view of Mehr to incorporate the teaching of Le to utilize the above feature, with the motivation of improving a key agreement protocol, as recognized by (Le [0004]).
Katz in view of Le do not disclose the below limitations.
Fujimoto disclose each of the one or more additional keys define a group of users who can access the data (Fujimoto illustrates in Figure 3 a group key in 113 that define a group of users accessing data/document 1241, where the group key is used to encrypt/decrypt the document key and index key, and in turn the document key 142 is used to encrypt/decrypt the document, [0077] “The document server 125 obtains documents corresponding to the document IDs obtained in the step 306 from the document database 124, decrypts the documents, and sends the decrypted documents to the web browser 111 (step 309). The decryption of the documents is executed in the following way. First, the document server 125 searches the document keys 1242 associated with the documents for a document key decrypted with the user key or the group key of the group to which the user belongs. Next, the document server 125 sends the searched and encrypted document keys and the user's or group's token to the key server 113. Next, the key server 113 decrypts the document keys and decrypts the documents with the decrypted document keys.”, where the group key defines the group of e.g. an organization to which the user belongs, group and users illustrated in Figure 4 and disclosed in [0036, 0052-0054]).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Katz in view Le to incorporate the teaching of Fujimoto to utilize the above feature, with the motivation of enabling group of users, e.g. organization, to access data utilizing a group key that define the group, as recognized by (Fujimoto [0028, 0036] and throughout).

Claims 22-23 are rejected under 35 U.S.C. 103 as being unpatentable over Katz (US 20150372991 A1), hereinafter Katz, in view of Le Saint (US 20160241389 A1), hereinafter Le, Mehr, Fujimoto et. al. (US 20160299924 A1), hereinafter Fujimoto, and further in view of Pedlow (US 8165302 B2), hereinafter Pedloaw.

Regarding claim 22 (Original), Katz in view Le and Fujimoto teaches the method of claim 21, 
Katz does not disclose the below limitation.
Mehr discloses further comprising generating the encrypted sender key index based at least in part on the sender key index and [the index of each of] the one or more additional keys (Mehr discloses the encrypted KEDR received by the server, where the KEDR is generated based on the received DEK, i.e. sender key, Col. 8 line 16-19 “When the data encryption key server receives the encrypted DEK, the data encryption key server stores 306 the encrypted DEK, and then generates 308 a reference to the DEK called a DEKR”, where the reference DEKR is encrypted based on KEK, corresponding to the one or more additional keys as disclosed in Col. 12 line 25-31).  
Katz in view of Le, Mehr and Fujimoto do not explicitly disclose the below limitations. Emphasis in italic. 
Pedlow discloses encrypted sender key index based at least in part on the sender key index and the index of each of the one or more additional keys (Pedlow discloses in Col. 17 line 40-56 “…a key index that stores a key index to be used for decryption of at least a portion of the content stored on the electronic storage device; the key index referencing a decryption key stored in the electronic media reader device in a secure persistent storage location that stores a key table containing a plurality of keys indexed by indices; a plurality of content data stored on the electronic storage device in encrypted form, wherein the content data is encrypted by an encryption key corresponding to the key indexed by the key index…the key index is embedded in a key index packet forming part of a stream of data from the packaged media…the key index is stored in a table on the packaged media…the key index stored in on the packaged media is encrypted using a pre-defined default key…the key index stored on the packaged media is encrypted using a key indexed in the packaged media.”, where the key index, i.e. sender key index, which his based on its association with the actual key its indexing, is also encrypted based on an indexed key, which can be located based on its index, where the indexed key corresponds to the one or more additional key).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Katz in view of Le, Mehr and Fujimoto to incorporate the teaching of Pedlow to utilize the above feature, with the motivation of ensuring that no key is ever exposed to be viewed or otherwise compromised, as recognized by (Pedlow Col. 3 line 42-47 and Col. 16 line 44-45).

Regarding claim 23 (Original), Katz in view of Le, Mehr, Fujimoto and Pedlow teaches the method of claim 22, wherein the generating comprises: 
Katz in view of Le, Mehr and Fujimoto do not explicitly disclose the below limitations.
Pedlow discloses locating the one or more additional keys based at least in part on an index of each of the one or more additional keys; combining the one or more additional keys into a combined additional key; and encrypting the sender key index based at least in part on the combined additional key (Pedlow discloses in Col. 17 line 40-56 “…a key index that stores a key index to be used for decryption of at least a portion of the content stored on the electronic storage device; the key index referencing a decryption key stored in the electronic media reader device in a secure persistent storage location that stores a key table containing a plurality of keys indexed by indices; a plurality of content data stored on the electronic storage device in encrypted form, wherein the content data is encrypted by an encryption key corresponding to the key indexed by the key index…the key index is embedded in a key index packet forming part of a stream of data from the packaged media…the key index is stored in a table on the packaged media…the key index stored in on the packaged media is encrypted using a pre-defined default key…the key index stored on the packaged media is encrypted using a key indexed in the packaged media.”, where the key index, i.e. sender key index, is encrypted based on an indexed key, which can be located based on its index, where the indexed key corresponds to the one or more additional key, examiner notes that if one key is utilized then the combination is reduced to the same key).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Katz in view of Le to incorporate the teaching of Pedlow to utilize the above feature, with the motivation of ensuring that no key is ever exposed to be viewed or otherwise compromised, as recognized by (Pedlow Col. 3 line 42-47 and Col. 16 line 44-45).
 
Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to BASSAM A NOAMAN whose telephone number is (571)272-2705. The examiner can normally be reached Monday-Friday 8:30 AM-5:00PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Eleni A. Shiferaw can be reached on (571) 272-3867. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/BASSAM A NOAMAN/Examiner, Art Unit 2497                                                                                                                                                                                                        

/IZUNNA OKEKE/Primary Examiner, Art Unit 2497