Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
This written action is responding to the AFCP 2.0 amendment dated on June 22, 2022.
Claims 1-8, 10-16 and 18-20 and 22 are allowed.
EXAMINER’S AMENDMENT
An examiner’s amendment to the record appears below.  Should the changes and/or additions be unacceptable to Applicant, an amendment may filed as provided by 37 CFR 1.312.  To ensure consideration of such an amendment, it MUST be submitted no later than the payment of issue fee.
Authorization for this examiner’s amendment was given in a telephone interview with Mr. Greg A. Raburn of registration number 65,174, on 07/07/2022.  During the telephone conference, Mr. Raburn has agreed and authorized the examiner to further amend Claims 1-8, 10-16 and 18-20 and 22 on the AFCP 2.0 amendment dated on June 22, 2022.
Claims
Replacing Claims 1-8, 10-16 and 18-20 and 22  of the AFCP 2.0 amendment dated on June 22, 2022with the following:
Claims:
1.	A computer-implemented method performed by a hardware security module joining a hardware security module fleet, the computer-implemented method comprising:
obtaining an indication for the hardware security module to join the hardware security module fleet;
removing, in response to detecting the indication for the hardware security module to join the hardware security module fleet, unexpected key material from the hardware security module;
obtaining, from a requestor, a request to establish a cryptographically protected communication session, the request including a digital certificate;
verifying, using at least a part of a plurality of public keys, the digital certificate;
establishing the cryptographically protected communication session with the requestor, the cryptographically protected communication session involving a shared secret between the requestor and the hardware security module;
obtaining encrypted data via the cryptographically protected communication session; and
decrypting, using a fleet transfer key, the encrypted data, the fleet transfer key being obtained based at least in part on the shared secret,
		wherein the hardware security module includes synchronized key material, and wherein the synchronized key material remains on the hardware security module while the hardware security module joins the hardware security module fleet.
2.	The computer-implemented method of claim 1, wherein:
the plurality of public keys comprises a service provider public key and a manufacturer public key;
the unexpected key material excludes the service provider public key and the manufacturer public key; and
verifying the digital certificate comprises establishing a first chain of trust to a service certificate authority based at least in part on the service provider public key and establish a second chain of trust to a manufacturer certificate authority based at least in part on the manufacturer public key.
3.	The computer-implemented method of claim 1, further comprises:
detecting an indication to leave the hardware security module fleet; and
as a result of detecting the indication to leave the hardware security module fleet, erasing at least the fleet transfer key and cryptographic material associated with the hardware security module fleet.
4.	The computer-implemented method of claim 1, wherein the digital certificate is a X.509 certificate.
5.	A system, comprising:
one or more processors; and
memory storing instructions that, as a result of execution by the one or more processors, cause the system to:
obtain, at a hardware security module, an indication to join a hardware security module fleet;
remove, in response to detecting the indication to join the hardware security module fleet, one or more unexpected cryptographic keys;
obtain, from a requestor, a request to establish a cryptographically protected communication session, the request including a digital certificate;
verify, using at least a part of a plurality of public keys, the digital certificate;
establish the cryptographically protected communication session with the requestor, the cryptographically protected communication session involving a shared secret between the requestor and the hardware security module;
obtain encrypted data via the cryptographically protected communication session; and
decrypt, using a fleet transfer key, the encrypted data, the fleet transfer key being obtained based at least in part on the shared secret,
wherein the hardware security module includes synchronized key material, and wherein the synchronized key material remains on the hardware security module while the hardware security module joins the hardware security module fleet.
6.	The system of claim 5, wherein:
the plurality of public keys comprises a service provider public key and a manufacturer public key;
the one or more unexpected cryptographic keys excludes the service provider public key and the manufacturer public key; and
the instructions to verify the digital certificate include instructions that, as a result of execution by the one or more processors, cause the system to establish a first chain of trust to a service certificate authority based at least in part on the service provider public key and establish a second chain of trust to a manufacturer certificate authority based at least in part on the manufacturer public key.
7.	The system of claim 5, wherein the data includes a client application public key usable to establish an additional cryptographically protected communication session with a client.
8.	The system of claim 5, wherein the data includes a network address associated with a particular hardware security module provided with access to the fleet transfer key.
9.	(Canceled)
10.	The system of claim 5, the data includes information regarding one or more communication sessions between the client and a virtual HSM of the hardware security module fleet.
11.	The system of claim 5, wherein the requestor comprises a second hardware security module.
12.	The system of claim 7, wherein instructions include further instructions that, as a result of execution by the one or more processors, further cause the system to:
detect an indication that the hardware security module should be removed from the hardware security module fleet; and
erase one or more cryptographic keys from the hardware security module by setting bits associated with the one or more cryptographic keys to be erased to a predetermined value, wherein the one or more cryptographic keys to be erased includes the client application public key.
13.	A non-transitory computer-readable storage medium storing executable instructions that, as a result of execution by one or more processors of a computer system, cause the computer system to at least:
obtain, at a hardware security module, an indication for the hardware security module to join a hardware security module fleet;
check key material on the hardware security module for one or more unexpected cryptographic keys;
remove, in response to detecting the indication for the hardware security module to join the hardware security module fleet and finding the one or more unexpected cryptographic keys, the one or more unexpected cryptographic keys;
obtain, from a requestor, a request to establish a cryptographically protected communication session, the request including a digital certificate;
verify, using at least a part of a plurality of public keys, the digital certificate;
establish the cryptographically protected communication session with the requestor, the cryptographically protected communication session involving a shared secret between the requestor and the hardware security module;
obtain encrypted data via the cryptographically protected communication session; and
decrypt, using a fleet transfer key, the encrypted data, the fleet transfer key being obtained based at least in part on the shared secret,
wherein the hardware security module includes synchronized key material, and wherein the synchronized key material remains on the hardware security module while the hardware security module joins the hardware security module fleet.
14.	The non-transitory computer-readable storage medium of claim 13, wherein:
the plurality of public keys comprises a service provider public key and a manufacturer public key;
the key material being checked excludes the service provider public key and the manufacturer public key; and 
the instructions to verify the digital certificate include instructions that, as a result of execution by the one or more processors, cause the computer system to establish a first chain of trust to a service certificate authority based at least in part on the service provider public key and establish a second chain of trust to a manufacturer certificate authority based at least in part on the manufacturer public key.
15.	The non-transitory computer-readable storage medium of claim 13, wherein the data includes a client application public key usable to establish an additional cryptographically protected communication session with a client.
16.	The non-transitory computer-readable storage medium of claim 13, wherein the data includes a network address associated with a particular hardware security module provided with access to the fleet transfer key.
17.	(Canceled)
18.	The non-transitory computer-readable storage medium of claim 13, the data includes information regarding one or more communication sessions between the client and a virtual HSM of the hardware security module fleet.
19.	The non-transitory computer-readable storage medium of claim 13, wherein the requestor comprises a second hardware security module.
20.	The non-transitory computer-readable storage medium of claim 15, wherein instructions include further instructions that, as a result of execution by the one or more processors, further cause the computer system to:
detect an indication that the hardware security module should be removed from the hardware security module fleet; and
erase one or more cryptographic keys from the hardware security module by setting bits associated with the one or more cryptographic keys to be erased to a predetermined value, wherein the one or more cryptographic keys to be erased includes the client application public key.
21.	(Canceled)
22.	The computer-implemented method of claim 2, wherein:
the plurality of public keys is included on the hardware security module; and
the service provider public key and the manufacturer public key remain on the hardware service module during removal of the unexpected key material.
Allowable Subject Matter
Claims 1-8, 10-16 and 18-20 and 22 are allowed.
Examiner’s Statement of Reasons for Allowance
The following is an examiner’s statement of reasons for allowance.
Independent Claim 1 is allowable based on the AFCP 2.0 amendment dated on June 22, 2022 and the examiner’s amendment dated on July 08, 2022.
Specifically, the independent Claim 1 now recites limitations as follows:
“A computer-implemented method performed by a hardware security module joining a hardware security module fleet, the computer-implemented method comprising:
obtaining an indication for the hardware security module to join the hardware security module fleet;
removing, in response to detecting the indication for the hardware security module to join the hardware security module, unexpected key material from
obtaining, from a requestor, a request to establish a cryptographically protected communication session, the request including a digital certificate;
verifying, using at least a part of a plurality of public keys, the digital certificate;
establishing the cryptographically protected communication session with the requestor, the cryptographically protected communication session involving a shared secret between the requestor and the hardware security module;
obtaining encrypted data via the cryptographically protected communication session; and
decrypting, using a fleet transfer key, the encrypted data, the fleet transfer key being obtained based at least in part on the shared secret,
		wherein the hardware security module includes synchronized key material, and wherein the synchronized key material remains on the hardware security module while the hardware security module joins the hardware security module fleet”.

The cited reference Brand et al. (US PGPUB. # US 2013/0132717) discloses, the first time the user side software application requires encryption or unique user identification, it established that there is no digital user certificate (17) currently installed on the mobile phone (5). At this point, the application automatically connects to an online server of the certificate authority (11) ("CA") and attempts to request a digital user certificate (17) from the server (11). The user side application (13) firstly validates that the server it is communicating with is indeed that of the CA (11), and not a rogue server. This is done by validating a CA certificate signature (21) sent to the mobile phone (5) by the CA (11), against a CA certificate (23) that comes distributed as part of the user side software application (13) or encryption module. It should, however, be apparent that validation of the CA could be inherent if the user side software application is capable of decrypting communication from the CA that has been encrypted with a CA private key. If the user side software application is capable of decrypting the CA encrypted CA communication by using the CA public key it follows that the CA is who it purports to be. (¶39).  The server side software application utilizes a server side encryption module provided by the certificate authority and is configured to request and receive the user certificate from the mobile handset, to validate it as originating from the certificate authority using the server side encryption module, to uniquely identify the mobile handset from the identifier in the user certificate, and to transmit a digital server certificate issued to it by the certificate authority to the mobile handset where it is received by the user side software application and validated as originating from the certificate authority using the user side encryption module. (¶14). If both the handset (5) and application server (9) have been issued with digital certificates, the certificates (17, 45) may be used to authenticate communication channels between them, to identify the handset and/or application server and also to encrypt communication between them. Each time the mobile handset (5) connects to an application server (9), it will start a certificate exchange process, whereby its certificate (17) is sent to the server (9), and the server's certificate (45) is sent to the handset (5). Both parties will then validate the content of the received certificates (17, 45), and the digital signature, to make sure that the details in the certificates (17, 45) was not tampered with. This validation is done by using a CA digital certificate (51) that is part of both the user side application (13) and server side application (15) or their respective encryption modules. Knowledge of the CA public key (29) may, however, be sufficient to enable validation of the respective certificates to be conducted. It should be appreciated that the CA digital certificate (51) will include the CA public key (29) and that the user and server side applications will therefore use the CA public key (29) to decrypt the signed certificates (17, 45). If the certificates are not capable of being decrypted with the CA public key (29), it will be apparent that they were not signed with the CA private key (27), and are accordingly not authentic. i.e. Mobile device (client) certificate is obtained by the server for an encrypted protected communication. (¶45). The invention further provides a method for authenticating a communications channel between a mobile handset associated with a user and an application server, for uniquely identifying the mobile handset, and for encrypting communications between the mobile handset and the application server over the communication channel. (¶23). Upon successful validation of the user certificate by the server side software application and of the server certificate by the user side software application, the user side software application and the server side software application are further configured to share encryption keys utilizing their respective certificates, more specifically public and private key pairs associated with the respective certificates, to provide encryption, the encryption keys being useful for further data encryption between the mobile handset and the application server. (¶15). The handset (5) and server (9) can now share encryption keys (25) by means of which further encrypting of their communications may be done. The shared encryption keys (25) are typically symmetrical encryption keys. It should be appreciated that, after the certificate exchange, the handset (5) will be in possession of the application server public key (47) and the application server (9) will be in possession of the handset public key (33). The encryption keys may therefore be encrypted by the handset using the server public key (47), and by the server using the handset public key (33), thus ensuring that only the receiving parties will be able to decrypt the communications using their respective private keys (31, 49). (¶46). The certificate (17) is signed with a private key (27) associated with the CA (11), a corresponding public key (29) of the CA (11) being known to both the user side and server side software applications or encryption modules, as the case may be, enabling them to decrypt the signature and verify that it was signed by the CA private key (27) and is accordingly authentic. (¶40). 
The reference by Laurence Hamid (USPGPUB. # US 2013/0219164, hereinafter “Hamid”) discloses,  the operational network 920 can exchange management messages 954 with the HSM server 946. This can allow the operational network 920 to alter the security settings and capabilities associated with each HSM module 952. For a first example, when a new user 902 is added to the organization, the organizational network 920 can assign a new HSM module 952 to that new user 902 (or, in alternative embodiments, can assign a portion of an already-extant HSM module 952 to that new user 902). For a second example, when a user 902 is assigned new duties, the operational network 920 can assign new security settings and capabilities associated to the HSM module 952 (or portion thereof) associated with that user 902. For a third example, when a user 902 is separated from the organization, the organizational network 920 can remove the security settings and capabilities associated to the HSM module 952 (or portion thereof) associated with that user 902, or can delete that HSM module 952. (Fig. 9, ¶67). FIG. 5 illustrates an exemplary embodiment of the present disclosure, including an exemplary method 500 for providing cloud-based HSMs. The exemplary method, e.g., at 510, can provide shared resources over a multi-user network to multiple users, e.g., a cloud. These may include disk arrays, processor arrays, servers, memories, etc., configured to provision one or move virtual private networks and/or one or more virtual terminals. The exemplary method, e.g., at 515, can connect multiple HSMs to the shared resources. Each HSM may have one or more users associated with it, and each HSM may be associated with an organization (which may have multiple HSMs associated with it). The exemplary method, e.g., at 520, can provide management tools to the associated users, and/or administrative users within the same organization as the associated users. This way, regardless of whether the HSMs are connected to the cloud on the organization side or the shared resource (e.g., cloud) side, the end user (or admin user of the end user organization) can be given exclusive control of the HSMs, while the cloud provider can optionally be excluded from the HSMs and being able to configure the HSMs. When a user wants to access data (e.g., encrypted data) from the cloud, a secure connection can be established between a user device, and the cloud hosted HSM, e.g., at 525. The HSM can include keys used to decrypt the user's data, and can act as the sole facilitator of accessing that data, e.g., at 530. (Fig. 5(525, 530), ¶38). Another exemplary embodiment of the present disclosure includes a method for providing hardware security modules over a multi-user network. The exemplary method can include providing shared resources over a multi-user network to multiple users, connecting multiple hardware security modules to the shared resources, wherein each hardware security module is associated with at least one user, establishing a secure connection between the at least one user and an associated hardware security module, and providing encrypted data to the at least one user, wherein the data can only be decrypted with keys stored on the associated hardware security module. (¶6). 
The reference by Robert Ziegler (WIPO PUB. # WO 2006/039364) discloses, the HSM interface 110 smart and magnetic card reader 115 may provide a secure and verifiable erasure feature to insure no residual keying material exists after keys have been inj ected or keying material has been discarded. This may be implemented as a procedure that requires erasure of the material be performed and verified to substantive level. The card reader and writer 115 may support both EMV for smart card support, debit cards, credit cards, and ATM cards. (¶28). 
Srivastav et al. (US PGPUB. # US 2017/0222981) discloses, a system including a controller and a pool of computing resources to run virtual machines are configured to automatically provision each virtual machine with unique cryptographic constructs. The controller receives a request to instantiate a virtual machine based on an image/template. The controller determines an authentication credential for a registration authority that the virtual machine will use. The controller determines the computing resources to run the virtual machine, and instructs the computing resources to boot the virtual machine. The controller passes the authentication credential to the virtual machine. After receiving the authentication credential, the virtual machine authenticates the registration authority and sends a request for the cryptographic constructs. The virtual machine securely receives the cryptographic constructs from the registration authority, enabling the virtual machine to securely communicate with other computing entities. (Abstract).
Yerra et al. (US PGPUB. # US 2014/0095865) disclose, techniques are described to authenticate the identity of a proxy in a client-proxy-server configuration. The configuration may have a client-side and a server-side SSL session. In the server-side session, if the proxy has access to the private keys of the client, the proxy may select a client certificate from a collection of client certificates and send the selected certificate to the server to satisfy a client authentication request of the server. If the proxy does not have access to the private keys, the proxy may instead send an emulated client certificate to the server. Further, the client certificate received from the client may be embedded within the emulated client certificate so as to allow the server to directly authenticate the client, in addition to the proxy. An emulated client certificate chain may be formed instead of an emulated client certificate. Similar techniques may be applied to the client-side session. (Abstract).
Seaborn et al. (US PGPUB. # US 2015/0134953) disclose, a HSM service controller receives an administrative request to enable a cloud-based application to have access to a cloud-based HSM service. The HSM service controller segments a cloud-based HSM into a plurality of VHSMs. The HSM service controller allocates to the cloud-based application, a source VHSM from among the plurality of VHSMs. The source VHSM includes an initial set of credentials, roles and/or metadata. The HSM service controller stores a handle for the source VHSM in association with a handle for the cloud-based application. The HSM service controller routes cryptography requests between the cloud-based application and the VHSM based on the handle for the source VHSM and the handle for the cloud-based application. The HSM service controller receives one or more management requests from the cloud-based application and executes cloud administrator functions responsive to the management request. (Abstract).
Zeev Lieber (US PGPUB. # US 2012/0210124) disclose, a current version certificate is stored that includes a corresponding current version identifier. A current instance certificate is received from the certificate authority, wherein the current instance certificate includes the current version identifier of the current version certificate and a current instance public key corresponding to the current instance private key. The current instance certificate is sent to a local station, during a registration with the local station. A request for video content is generated and sent to the local station. First encrypted data is received from the local station, wherein the first encrypted data includes a content key that is encrypted via the current instance public key. Second encrypted data is received from the local station, wherein the second encrypted data includes the video content that is encrypted via the content key. (Abstract).
Chen et al. (US PGPUB. # US 2010/0161998) discloses, operatively associating a signing key with a software component of a computing platform. The computing platform includes a trusted device and on start-up first loads a set of software components with each component being measured prior to loading and a corresponding integrity metric recorded in registers of the trusted device. The system stores a key-related item in secure persistent storage, the key-related item being either the signing key or authorisation data for its use. The trusted device is arranged to enable a component of the software-component set to obtain the key-related item, this enabling only occurring when the current register values correspond to values only present prior to loading of components additional to those of the software-component set. Certificate evidence is provided indicating that the signing key is operatively associated with a component of the software-component set.  (Abstract).
However, each of the cited references or reference from the updated search, at least, fails to teach or suggest the limitations regarding “……………decrypting, using a fleet transfer key, the encrypted data, the fleet transfer key being obtained based at least in part on the shared secret,
		wherein the hardware security module includes synchronized key material, and wherein the synchronized key material remains on the hardware security module while the hardware security module joins the hardware security module fleet…”, in combination with the rest of the limitations recited in the independent claim(s).

None of the previous cited prior art references or reference(s) from the updated search yield any specific references that would reasonably, either singularly or in combination with previous cited reference, result a reasonable and proper rejection for each of the cited feature limitations of the independent claim 1 under 35 U.S.C. 102 or 35 U.S.C. 103 with proper motivation.
Claims 5 is a system claim of above method claim 1 and Claim 13 is a non-transitory computer-readable storage medium claim of above method claim 1, and therefore, they are also allowed.
Claims 2-4 and 22 depend on the allowed claim 1, and therefore, they are also allowed.
Claims 6-8 and 10-12 depend on the allowed claim 5, and therefore, they are also allowed.
Claims 14-16 and 18-20 depend on the allowed claim 13, and therefore, they are also allowed.
Any comments considered necessary by applicant must be submitted no later than the payment of the issue fee and to avoid processing delays, should preferably accompany the issue fee.  Such submissions should be clearly labeled "Comments on Statement of Reasons for Allowance".

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to DARSHAN I DHRUV whose telephone number is (571)272-4316. The examiner can normally be reached M-F 9:00 AM-5:00 PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Yin-Chen Shaw can be reached on 571-272-8878. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/DARSHAN I DHRUV/Primary Examiner, Art Unit 2498