DETAILED ACTION
This office action is in response to applicant’s RCE amendment filed on 04/14/2022.  Claims 1 and 19-20 have been amended.  Claims 1, 3-4, 6-7, 9-10, 12-13, and 15-20 are pending and are directed towards system, method, and apparatus for Data Processing and Control.
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Response to Arguments
1.	Applicant’s arguments filed 04/14/2022 have been fully considered.
A) Applicant’s arguments, with respect to the amended limitations of claims 1, 19, and 20, that Crawford, Takahashi, Ohmori, Mehr, and Foster fail to teach “an acquiring step, by using the control device, acquiring encrypted data generated by the control device, wherein the encrypted data is generated by encrypting the data provided by the support device using the public key of an old key pair generated by the control device; a step of storing, using the control device, the encrypted data in a non-volatile storage area of the control device and in an external non-volatile storage area connected to the control device; a step of decrypting, using the control device, the encrypted data stored in the non-volatile storage area of the control device or the external non-volatile storage area using the private key of the old key pair to generate a decrypted data when the control device performs a process” and Crawford does not teach “storing the encrypted data in the external memory” and Ohmori does not teach “that flag “0” indicates that the update of the authentication unit 103 has not been completed” (page 14-17 of the present response) have been fully considered but they are moot in view of the new grounds of 35 U.S.C. 103 rejections.
Claim Rejections - 35 USC § 103
2.	In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459 (1966), that are applied for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.
3.        Claims 1, 3-4, 6, and 16-20 are rejected under 35 U.S.C. 103 as being unpatentable over Crawford et al. (WO 2013/147732), hereinafter Crawford, filed on Mar. 26, 2012 in view of Aramaki (US Pub. 2013/0191636) filed Jun. 14, 2012 and Ohmori et al. (US Pub. 2008/0235517), hereinafter Ohmori, filed Mar. 8, 2005.
Regarding claim 1, Crawford teaches a method of processing data that is provided from a support device in a control device configured to control a control subject (para 18, line 1-4 and para 19, line 11-21; communicate data between programmable logic controller (PLC) and external device, where PLC is coupled to one or more sensors), the data processing method comprising: 
a generating step, by using the control device, generating private key and a public key (para 23, line 1-5; encryption processor 108, internal to PLC, generates an encryption key pair including a public key and a private key);  
5an acquiring step, by using the control device, acquiring encrypted data obtained by encrypting the data using the public key of an old key pair generated by the control device (para 23, line 13-16; PLC receives program code which is encrypted using the public encryption key);
a step of storing, using the control device, the encrypted 10data in a non-volatile storage area (para 23, line 16-21; the PLC stores the encrypted code in the memory 110)
Crawford does not teach wherein the encrypted data is generated when the control device encrypts the data provided by the support device using the encryption key
a step of storing, using the control device, the encrypted data in an external non-volatile storage area connected to the control device; 
Aramaki teaches 15wherein the encrypted data is generated when the control device encrypts the data provided by the support device using the encryption key (para 25, line 1-14; controller 12 encrypts data received from a host device 2)
a step of storing, using the control device, the encrypted data in an external non-volatile storage area connected to the control device (Fig. 1 and para 25, line 1-14; storage includes a controller 12 receives data from a host device, encrypts the data, and stores the data after encryption); 
It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Crawford to incorporate the teachings of Aramaki to provide controller encrypts data received from a host device and stores the encrypted data.  Doing so would allow for data stored in an encrypted state can be securely erased by changing an encryption key used upon encryption, as recognized by Aramaki.
Crawford teaches a step of decrypting, using the control device, the encrypted data stored in the non-volatile storage area of the control device or the external non-volatile storage area using the private key of the old key pair to generate a decrypted data when the control device performs a process (para 23, line 1-28; upon receipt of the encrypted code, the PLC decrypts the code using the associated private encryption key); 
a step of storing, using the control device, the decrypted data in a volatile storage area (para 19, line 5-7; memory may be volatile) that is not accessible from an outside; a step of executing, using the control device, a process with reference to the decrypted data stored in the volatile storage area (para 20, line 23-28 and para 23, line 16-21; the PLC stores the decrypted code in the memory 110 for subsequent execution, where memory 110 may be secure or otherwise hardened against unauthorized access or tampering).
	Crawford and Aramaki do not teach wherein the method is further comprised: 
a step of encrypting, using the control device, at least one of the decrypted data using a public key of a new key pair to generate at least one of a new encrypted data, wherein the old key pair is used prior to the new key pair, a step of deleting, using the control device, the at least one of the encrypted data respectively corresponding to the at least one of the new encrypted data, and 
Ohmori teaches wherein the method is further comprised: 
a step of encrypting, using the control device, at least one of the decrypted data using a public key of a new key pair to generate at least one of a new encrypted data, wherein the old key pair is used prior to the new key pair, a step of deleting, using the control device, the at least one of the encrypted data respectively corresponding to the at least one of the new encrypted data (para 464, line 1-5 and para 466, line 1-18; contents are rewritten when the updates of public key encryption scheme are performed and encryption scheme Enc1 is changed to encryption scheme Enc2), and
It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Crawford and Aramaki to incorporate the teachings of Ohmori to provide contents are rewritten when the updates of public key encryption scheme are performed and encryption scheme Enc1 is changed to encryption scheme Enc2.  Doing so would prevent use of unauthorized contents obtained by tampering and eavesdropping using encryption technology with changing encryption scheme, as recognized by Ohmori.
Crawford does not teach a step of updating, using the control device, a flag in a data list from "0" to "1”, "0" indicates that the at least one of the new encrypted data has not been generated and the at least one of the encrypted data corresponding to the at least one of the new encrypted data has not been deleted, "1" indicates that the at least one of the new encrypted data has been generated and the at least one of the encrypted data corresponding to the at least one of the new encrypted data has been deleted, 
Aramaki teaches a step of updating, using the control device, a flag in a data list from "0" to "1”, "0" indicates that the at least one of the new encrypted data has not been generated and the at least one of the encrypted data corresponding to the at least one of the new encrypted data has not been deleted, "1" indicates that the at least one of the new encrypted data has been generated and the at least one of the encrypted data corresponding to the at least one of the new encrypted data has been deleted (para 36, line 1-30 and para 53, line 1-19; controller 12 updates key table, where key table includes flag of 0 indicates that the encryption key cannot be used for encrypting a file to write to storage and needs to be changed, and flag of 1 indicates that the encryption key used to encrypt a file to write to storage), 
It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Crawford to incorporate the teachings of Aramaki to provide controller updates key table, where key table includes flag of 0 indicates that the encryption key cannot be used for encrypting a file to write to storage and needs to be changed, and flag of 1 indicates that the encryption key used to encrypt a file to write to storage.  Doing so would allow for data stored in an encrypted state can be securely erased by changing an encryption key used upon encryption, as recognized by Aramaki.
Crawford and Aramaki do not teach wherein, when all of the flag have been updated, the old key pair and the data list are deleted.
Ohmori teaches wherein, when all of the flag have been updated, the old key pair and the data list are deleted (para 202, line 1-8 and para 580, line 1-6; changing a public key encryptions scheme for key list 631 storing a plurality of key information sets 632 and 633, where each key information includes key and identification information and the update unit 306 deletes the private and public key related information).
It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Crawford and Aramaki to incorporate the teachings of Ohmori to provide changing a public key encryptions scheme for key list 631 storing a plurality of key information sets 632 and 633, where each key information includes key and identification information and the update unit 306 deletes the private and public key related information.  Doing so would prevent use of unauthorized contents obtained by tampering and eavesdropping using encryption technology with changing encryption scheme, as recognized by Ohmori.
Regarding claim 3, Crawford, Aramaki, and Ohmori teach method of claim 1.
Crawford teaches wherein the encrypted data is generated when the support device encrypts the data using the public key (para 14, line 3-5 and para 23, line 13-16; program code which is encrypted by a workstation computer using a public encryption key), and 
wherein the acquiring step includes acquiring the encrypted data transferred by the support device (para 14, line 3-5 and para 23, line 13-16; PLC receives program code which is encrypted by a workstation computer using a public encryption key).
Regarding claim 4, Crawford, Aramaki, and Ohmori teach method of claim 1.
Crawford teaches wherein, when at least one of conditions including transfer of the data from the external device, reception of an instruction from the external device, and activation of the control device is established, the control device performs the generating step (para 31, line 1-5 and para 35, line 1-4; receiving a request via communications interface 104 to generate the encryption key, comprising a public key and a private key of a key pair, and generating the encryption key responsive to the request).
Regarding claim 6, Crawford, Aramaki, and Ohmori teach method of claim 3.
Crawford teaches wherein, when at least one of conditions including transfer of the data from the external device, reception of an instruction from the external device, and activation of the control device is established, the control device performs the generating step (para 31, line 1-5 and para 35, line 1-4; receiving a request via communications interface 104 to generate the encryption key, comprising a public key and a private key of a key pair, and generating the encryption key responsive to the request).
Regarding claim 16, Crawford, Aramaki, and Ohmori teach method of claim 1.
Crawford teaches wherein the control device generates the private key and the public key using a value that varies depending on an environment in the control device when the private key and the public key are generated (para 19, line 29-31 and para 20, line 17-21; by factoring in the PLC-unique attribute 106 value, which may be derived from a unique set of environmental characteristics sensed by sensors coupled with PLC, asymmetrical encryption keys are created by processor 108 of PLC).
Regarding claim 17, Crawford, Aramaki, and Ohmori teach method of claim 1.
Crawford teaches wherein the control device stores hash values for the data in association with the encrypted data corresponding to the data (para 20, line 21-28 and para 21, line 1-4; PLC stores encryption keys, where encryption may refer to a hash value, in memory 110).
Regarding claim 18, Crawford, Aramaki, and Ohmori teach method of claim 1.
Crawford teaches wherein the data is source code of a program with which the control device controls the control subject (para 13, line 1-5 and para 19, line 11-13; a third party provides software to the PLC where PLC is coupled to one or more sensors).
Regarding claim 19, Crawford teaches a control system including a control device configured to control a control subject and a support device configured to provide data to the control device (para 18, line 1-4 and para 19, line 11-21; communicate data between programmable logic controller (PLC) and external device, where PLC is coupled to one or more sensors); 
wherein the control device comprises a processor configured to (para 23, line 1-5; encryption processor 108, internal to programmable logic controller (PLC))
generate a private key and a public key (para 23, line 1-5; encryption processor 108, internal to PLC, generates an encryption key pair including a public key and a private key); 
5acquire encrypted data generated by the control device by encrypting the data using the public key of an old key pair generated by the control device (para 23, line 13-16; PLC receives program code which is encrypted using the public encryption key);
store the encrypted 10data in a non-volatile storage area of the control device (para 23, line 16-21; the PLC stores the encrypted code in the memory 110)
Crawford does not teach wherein the encrypted data is generated when the control device encrypts the data provided by the support device using the encryption key
store the encrypted data in an external non-volatile storage area connected to the control device; 
Aramaki teaches 15wherein the encrypted data is generated when the control device encrypts the data provided by the support device using the encryption key (para 25, line 1-14; controller 12 encrypts data received from a host device 2)
store the encrypted data in an external non-volatile storage area connected to the control device (Fig. 1 and para 25, line 1-14; storage includes a controller 12 receives data from a host device, encrypts the data, and stores the data after encryption); 
It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Crawford to incorporate the teachings of Aramaki to provide controller encrypts data received from a host device and stores the encrypted data.  Doing so would allow for data stored in an encrypted state can be securely erased by changing an encryption key used upon encryption, as recognized by Aramaki.
Crawford teaches decrypt the encrypted data stored in the non-volatile storage area of the control device or the external non-volatile storage area using the private key of the old key pair to generate a decrypted data when the control device performs a process (para 23, line 1-28; upon receipt of the encrypted code, the PLC decrypts the code using the associated private encryption key); 
store the decrypted data in a volatile storage area (para 19, line 5-7; memory may be volatile) that is not accessible from an outside; perform a process with reference to the decrypted data stored in the volatile storage area (para 20, line 23-28 and para 23, line 16-21; the PLC stores the decrypted code in the memory 110 for subsequent execution, where memory 110 may be secure or otherwise hardened against unauthorized access or tampering).
	Crawford and Aramaki do not teach wherein the method is further comprised: 
encrypt at least one of the decrypted data using a public key of a new key pair to generate at least one of a new encrypted data, wherein the old key pair is used prior to the new key pair, delete the at least one of the encrypted data respectively corresponding to the at least one of the new encrypted data, and 
Ohmori teaches wherein the method is further comprised: 
encrypt at least one of the decrypted data using a public key of a new key pair to generate at least one of a new encrypted data, wherein the old key pair is used prior to the new key pair, delete the at least one of the encrypted data respectively corresponding to the at least one of the new encrypted data (para 464, line 1-5 and para 466, line 1-18; contents are rewritten when the updates of public key encryption scheme are performed and encryption scheme Enc1 is changed to encryption scheme Enc2), and
It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Crawford and Aramaki to incorporate the teachings of Ohmori to provide contents are rewritten when the updates of public key encryption scheme are performed and encryption scheme Enc1 is changed to encryption scheme Enc2.  Doing so would prevent use of unauthorized contents obtained by tampering and eavesdropping using encryption technology with changing encryption scheme, as recognized by Ohmori.
Crawford does not teach update a flag in a data list from "0" to "1”, "0" indicates that the at least one of the new encrypted data has not been generated and the at least one of the encrypted data corresponding to the at least one of the new encrypted data has not been deleted, "1" indicates that the at least one of the new encrypted data has been generated and the at least one of the encrypted data corresponding to the at least one of the new encrypted data has been deleted, 
Aramaki teaches update a flag in a data list from "0" to "1”, "0" indicates that the at least one of the new encrypted data has not been generated and the at least one of the encrypted data corresponding to the at least one of the new encrypted data has not been deleted, "1" indicates that the at least one of the new encrypted data has been generated and the at least one of the encrypted data corresponding to the at least one of the new encrypted data has been deleted (para 36, line 1-30 and para 53, line 1-19; controller 12 updates key table, where key table includes flag of 0 indicates that the encryption key cannot be used for encrypting a file to write to storage and needs to be changed, and flag of 1 indicates that the encryption key used to encrypt a file to write to storage), 
It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Crawford to incorporate the teachings of Aramaki to provide controller updates key table, where key table includes flag of 0 indicates that the encryption key cannot be used for encrypting a file to write to storage and needs to be changed, and flag of 1 indicates that the encryption key used to encrypt a file to write to storage.  Doing so would allow for data stored in an encrypted state can be securely erased by changing an encryption key used upon encryption, as recognized by Aramaki.
Crawford and Aramaki do not teach wherein, when all of the flag have been updated, the old key pair and the data list are deleted.
Ohmori teaches wherein, when all of the flag have been updated, the old key pair and the data list are deleted (para 202, line 1-8 and para 580, line 1-6; changing a public key encryptions scheme for key list 631 storing a plurality of key information sets 632 and 633, where each key information includes key and identification information and the update unit 306 deletes the private and public key related information).
It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Crawford and Aramaki to incorporate the teachings of Ohmori to provide changing a public key encryptions scheme for key list 631 storing a plurality of key information sets 632 and 633, where each key information includes key and identification information and the update unit 306 deletes the private and public key related information.  Doing so would prevent use of unauthorized contents obtained by tampering and eavesdropping using encryption technology with changing encryption scheme, as recognized by Ohmori.
Regarding claim 20, Crawford teaches a control device configured to control a control subject using data that is provided from a support device, comprising a processor configured to (para 18, line 1-4 and para 19, line 11-21 and para 23, line 1-5; communicate data between programmable logic controller (PLC) with processor 108 and external device, where PLC is coupled to one or more sensors):
generate a private key and a public key (para 23, line 1-5; encryption processor 108, internal to PLC, generates an encryption key pair including a public key and a private key); 
5acquire encrypted data generated by the control device by encrypting the data using the public key of an old key pair generated by the control device (para 23, line 13-16; PLC receives program code which is encrypted using the public encryption key);
store the encrypted 10data in a non-volatile storage area of the control device (para 23, line 16-21; the PLC stores the encrypted code in the memory 110)
Crawford does not teach wherein the encrypted data is generated when the control device encrypts the data provided by the support device using the encryption key
store the encrypted data in an external non-volatile storage area connected to the control device; 
Aramaki teaches 15wherein the encrypted data is generated when the control device encrypts the data provided by the support device using the encryption key (para 25, line 1-14; controller 12 encrypts data received from a host device 2)
store the encrypted data in an external non-volatile storage area connected to the control device (Fig. 1 and para 25, line 1-14; storage includes a controller 12 receives data from a host device, encrypts the data, and stores the data after encryption); 
It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Crawford to incorporate the teachings of Aramaki to provide controller encrypts data received from a host device and stores the encrypted data.  Doing so would allow for data stored in an encrypted state can be securely erased by changing an encryption key used upon encryption, as recognized by Aramaki.
Crawford teaches decrypt the encrypted data stored in the non-volatile storage area of the control device or the external non-volatile storage area using the private key of the old key pair to generate a decrypted data when the control device performs a process (para 23, line 1-28; upon receipt of the encrypted code, the PLC decrypts the code using the associated private encryption key); 
store the decrypted data in a volatile storage area (para 19, line 5-7; memory may be volatile) that is not accessible from an outside; perform a process with reference to the decrypted data stored in the volatile storage area (para 20, line 23-28 and para 23, line 16-21; the PLC stores the decrypted code in the memory 110 for subsequent execution, where memory 110 may be secure or otherwise hardened against unauthorized access or tampering).
	Crawford and Aramaki do not teach wherein the method is further comprised: 
encrypt at least one of the decrypted data using a public key of a new key pair to generate at least one of a new encrypted data, wherein the old key pair is used prior to the new key pair, delete the at least one of the encrypted data respectively corresponding to the at least one of the new encrypted data, and 
Ohmori teaches wherein the method is further comprised: 
encrypt at least one of the decrypted data using a public key of a new key pair to generate at least one of a new encrypted data, wherein the old key pair is used prior to the new key pair, delete the at least one of the encrypted data respectively corresponding to the at least one of the new encrypted data (para 464, line 1-5 and para 466, line 1-18; contents are rewritten when the updates of public key encryption scheme are performed and encryption scheme Enc1 is changed to encryption scheme Enc2), and
It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Crawford and Aramaki to incorporate the teachings of Ohmori to provide contents are rewritten when the updates of public key encryption scheme are performed and encryption scheme Enc1 is changed to encryption scheme Enc2.  Doing so would prevent use of unauthorized contents obtained by tampering and eavesdropping using encryption technology with changing encryption scheme, as recognized by Ohmori.
Crawford does not teach update a flag in a data list from "0" to "1”, "0" indicates that the at least one of the new encrypted data has not been generated and the at least one of the encrypted data corresponding to the at least one of the new encrypted data has not been deleted, "1" indicates that the at least one of the new encrypted data has been generated and the at least one of the encrypted data corresponding to the at least one of the new encrypted data has been deleted, 
Aramaki teaches update a flag in a data list from "0" to "1”, "0" indicates that the at least one of the new encrypted data has not been generated and the at least one of the encrypted data corresponding to the at least one of the new encrypted data has not been deleted, "1" indicates that the at least one of the new encrypted data has been generated and the at least one of the encrypted data corresponding to the at least one of the new encrypted data has been deleted (para 36, line 1-30 and para 53, line 1-19; controller 12 updates key table, where key table includes flag of 0 indicates that the encryption key cannot be used for encrypting a file to write to storage and needs to be changed, and flag of 1 indicates that the encryption key used to encrypt a file to write to storage), 
It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Crawford to incorporate the teachings of Aramaki to provide controller updates key table, where key table includes flag of 0 indicates that the encryption key cannot be used for encrypting a file to write to storage and needs to be changed, and flag of 1 indicates that the encryption key used to encrypt a file to write to storage.  Doing so would allow for data stored in an encrypted state can be securely erased by changing an encryption key used upon encryption, as recognized by Aramaki.
Crawford and Aramaki do not teach wherein, when all of the flag have been updated, the old key pair and the data list are deleted.
Ohmori teaches wherein, when all of the flag have been updated, the old key pair and the data list are deleted (para 202, line 1-8 and para 580, line 1-6; changing a public key encryptions scheme for key list 631 storing a plurality of key information sets 632 and 633, where each key information includes key and identification information and the update unit 306 deletes the private and public key related information).
It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Crawford and Aramaki to incorporate the teachings of Ohmori to provide changing a public key encryptions scheme for key list 631 storing a plurality of key information sets 632 and 633, where each key information includes key and identification information and the update unit 306 deletes the private and public key related information.  Doing so would prevent use of unauthorized contents obtained by tampering and eavesdropping using encryption technology with changing encryption scheme, as recognized by Ohmori.
4.        Claims 7, 9-10, and 12-13 are rejected under 35 U.S.C. 103 as being unpatentable over Crawford in view of Aramaki, Ohmori, and Mehr (US Patent 10,523,434), filed on Mar. 4, 2016.
Regarding claim 7, Crawford, Aramaki, and Ohmori teach method of claim 1.
Crawford teaches the control device (para 18, line 1-4; programmable logic controller 100 communicate data with an external device)
Crawford, Aramaki, and Ohmori do not teach 10a step of newly generating, using the key management service, the new key pair including a private key and the public key when the old key pair including the public key and the private key are already stored; 
a step of decrypting, using the key management service, the encrypted data obtained by encryption using the public key of the old key pair using the private key of the old key pair;  
15a step of encrypting, using the key management service, the data obtained by decryption using the private key of the old key pair using the public key of the new key pair; 
a step of storing, using the key management service, the encrypted data obtained by encryption using the public key of the new key pair; and 
a step of deleting, using the key management service, the old key pair.
Mehr teaches a step of newly generating, using the key management service, the new key pair including a private key and the public key when the old key pair including the public key and the private key are already stored (col. 4, line 4-6 and line 23-28; cryptographic keys used to encrypt and decrypt are stored on the data storage system and as a result of key-rotation operations, the key management service generates a new public-private key pair); 
a step of decrypting, using the key management service, the encrypted data obtained by encryption using the public key of the old key pair using the private key of the old key pair (col. 4, line 23-28; the key management service provides, to the key-rotation process, the original private key for decryption of the data);  
15a step of encrypting, using the key management service, the data obtained by decryption using the private key of the old key pair using the public key of the new key pair (col. 4, line 23-28; the key management service provides, to the key-rotation process, the new public key for encryption of the data); 
a step of storing, using the key management service, the encrypted data obtained by encryption using the public key of the new key pair (col. 3, line 48-54; the key-rotation operations modify the encrypted data stored on the data storage system in accordance with the changes to the cryptographic key); and 
a step of deleting, using the key management service, the old key pair (col. 5, line 32-43; once the requested operation is complete, cryptographic keys are deleted).
It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Crawford, Aramaki, and Ohmori to incorporate the teachings of Mehr to provide for cryptographic key rotation and subsequent deletion of old keys.  Doing so would allow for a secure storage where stored information are encrypted using a cryptographic key, as recognized by Mehr.
Regarding claim 9, Crawford, Aramaki, and Ohmori teach method of claim 3.
Crawford teaches the control device (para 18, line 1-4; programmable logic controller 100 communicate data with an external device)
Crawford, Aramaki, and Ohmori do not teach 10a step of newly generating, using the key management service, the new key pair including a private key and the public key when the old key pair including the public key and the private key are already stored; 
a step of decrypting, using the key management service, the encrypted data obtained by encryption using the public key of the old key pair using the private key of the old key pair;  
15a step of encrypting, using the key management service, the data obtained by decryption using the private key of the old key pair using the public key of the new key pair; 
a step of storing, using the key management service, the encrypted data obtained by encryption using the public key of the new key pair; and 
a step of deleting, using the key management service, the old key pair.
Mehr teaches a step of newly generating, using the key management service, the new key pair including a private key and the public key when the old key pair including the public key and the private key are already stored (col. 4, line 4-6 and line 23-28; cryptographic keys used to encrypt and decrypt are stored on the data storage system and as a result of key-rotation operations, the key management service generates a new public-private key pair); 
a step of decrypting, using the key management service, the encrypted data obtained by encryption using the public key of the old key pair using the private key of the old key pair (col. 4, line 23-28; the key management service provides, to the key-rotation process, the original private key for decryption of the data);  
15a step of encrypting, using the key management service, the data obtained by decryption using the private key of the old key pair using the public key of the new key pair (col. 4, line 23-28; the key management service provides, to the key-rotation process, the new public key for encryption of the data); 
a step of storing, using the key management service, the encrypted data obtained by encryption using the public key of the new key pair (col. 3, line 48-54; the key-rotation operations modify the encrypted data stored on the data storage system in accordance with the changes to the cryptographic key); and 
a step of deleting, using the key management service, the old key pair (col. 5, line 32-43; once the requested operation is complete, cryptographic keys are deleted).
It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Crawford, Aramaki, and Ohmori to incorporate the teachings of Mehr to provide for cryptographic key rotation and subsequent deletion of old keys.  Doing so would allow for a secure storage where stored information are encrypted using a cryptographic key, as recognized by Mehr.
Regarding claim 10, Crawford, Aramaki, and Ohmori teach method of claim 4.
Crawford teaches the control device (para 18, line 1-4; programmable logic controller 100 communicate data with an external device)
Crawford, Aramaki, and Ohmori do not teach 10a step of newly generating, using the key management service, the new key pair including a private key and the public key when the old key pair including the public key and the private key are already stored; 
a step of decrypting, using the key management service, the encrypted data obtained by encryption using the public key of the old key pair using the private key of the old key pair;  
15a step of encrypting, using the key management service, the data obtained by decryption using the private key of the old key pair using the public key of the new key pair; 
a step of storing, using the key management service, the encrypted data obtained by encryption using the public key of the new key pair; and 
a step of deleting, using the key management service, the old key pair.
Mehr teaches a step of newly generating, using the key management service, the new key pair including a private key and the public key when the old key pair including the public key and the private key are already stored (col. 4, line 4-6 and line 23-28; cryptographic keys used to encrypt and decrypt are stored on the data storage system and as a result of key-rotation operations, the key management service generates a new public-private key pair); 
a step of decrypting, using the key management service, the encrypted data obtained by encryption using the public key of the old key pair using the private key of the old key pair (col. 4, line 23-28; the key management service provides, to the key-rotation process, the original private key for decryption of the data);  
15a step of encrypting, using the key management service, the data obtained by decryption using the private key of the old key pair using the public key of the new key pair (col. 4, line 23-28; the key management service provides, to the key-rotation process, the new public key for encryption of the data); 
a step of storing, using the key management service, the encrypted data obtained by encryption using the public key of the new key pair (col. 3, line 48-54; the key-rotation operations modify the encrypted data stored on the data storage system in accordance with the changes to the cryptographic key); and 
a step of deleting, using the key management service, the old key pair (col. 5, line 32-43; once the requested operation is complete, cryptographic keys are deleted).
It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Crawford, Aramaki, and Ohmori to incorporate the teachings of Mehr to provide for cryptographic key rotation and subsequent deletion of old keys.  Doing so would allow for a secure storage where stored information are encrypted using a cryptographic key, as recognized by Mehr.
Regarding claim 12, Crawford, Aramaki, and Ohmori teach method of claim 6.
Crawford teaches the control device (para 18, line 1-4; programmable logic controller 100 communicate data with an external device)
Crawford, Aramaki, and Ohmori do not teach 10a step of newly generating, using the key management service, the new key pair including a private key and the public key when the old key pair including the public key and the private key are already stored; 
a step of decrypting, using the key management service, the encrypted data obtained by encryption using the public key of the old key pair using the private key of the old key pair;  
15a step of encrypting, using the key management service, the data obtained by decryption using the private key of the old key pair using the public key of the new key pair; 
a step of storing, using the key management service, the encrypted data obtained by encryption using the public key of the new key pair; and 
a step of deleting, using the key management service, the old key pair.
Mehr teaches a step of newly generating, using the key management service, the new key pair including a private key and the public key when the old key pair including the public key and the private key are already stored (col. 4, line 4-6 and line 23-28; cryptographic keys used to encrypt and decrypt are stored on the data storage system and as a result of key-rotation operations, the key management service generates a new public-private key pair); 
a step of decrypting, using the key management service, the encrypted data obtained by encryption using the public key of the old key pair using the private key of the old key pair (col. 4, line 23-28; the key management service provides, to the key-rotation process, the original private key for decryption of the data);  
15a step of encrypting, using the key management service, the data obtained by decryption using the private key of the old key pair using the public key of the new key pair (col. 4, line 23-28; the key management service provides, to the key-rotation process, the new public key for encryption of the data); 
a step of storing, using the key management service, the encrypted data obtained by encryption using the public key of the new key pair (col. 3, line 48-54; the key-rotation operations modify the encrypted data stored on the data storage system in accordance with the changes to the cryptographic key); and 
a step of deleting, using the key management service, the old key pair (col. 5, line 32-43; once the requested operation is complete, cryptographic keys are deleted).
It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Crawford, Aramaki, and Ohmori to incorporate the teachings of Mehr to provide for cryptographic key rotation and subsequent deletion of old keys.  Doing so would allow for a secure storage where stored information are encrypted using a cryptographic key, as recognized by Mehr.
Regarding claim 13, Crawford, Aramaki, and Ohmori teach method of claim 1.
Crawford teaches the control device (para 18, line 1-4; programmable logic controller 100 communicate data with an external device)
Crawford, Aramaki, and Ohmori do not teach 10a step of newly generating, using the key management service, the new key pair including a private key and the public key when the old key pair including the public key and the private key are already stored; 
a step of decrypting, using the key management service, the encrypted data obtained by encryption using the public key of the old key pair using the private key of the old key pair;  
15a step of encrypting, using the key management service, the data obtained by decryption using the private key of the old key pair using the public key of the new key pair; 
a step of storing, using the key management service, the encrypted data obtained by encryption using the public key of the new key pair; and 
a step of deleting, using the key management service, the old key pair.
Mehr teaches a step of newly generating, using the key management service, the new key pair including a private key and the public key when the old key pair including the public key and the private key are already stored (col. 4, line 4-6 and line 23-28; cryptographic keys used to encrypt and decrypt are stored on the data storage system and as a result of key-rotation operations, the key management service generates a new public-private key pair); 
a step of decrypting, using the key management service, the encrypted data obtained by encryption using the public key of the old key pair using the private key of the old key pair (col. 4, line 23-28; the key management service provides, to the key-rotation process, the original private key for decryption of the data);  
15a step of encrypting, using the key management service, the data obtained by decryption using the private key of the old key pair using the public key of the new key pair (col. 4, line 23-28; the key management service provides, to the key-rotation process, the new public key for encryption of the data); 
a step of storing, using the key management service, the encrypted data obtained by encryption using the public key of the new key pair (col. 3, line 48-54; the key-rotation operations modify the encrypted data stored on the data storage system in accordance with the changes to the cryptographic key); and 
a step of deleting, using the key management service, the old key pair when all of the plurality of encrypted data items obtained by encryption using the public key of the old key pair are 30encrypted using the public key of the new key pair (col. 5, line 32-43 and col. 9, line 25-30; once the requested operation is complete, the data storage system holds data that is encrypted with the new cryptographic key and the old cryptographic key may be deleted).
It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Crawford, Aramaki, and Ohmori to incorporate the teachings of Mehr to provide for cryptographic key rotation and subsequent deletion of old keys.  Doing so would allow for a secure storage where stored information are encrypted using a cryptographic key, as recognized by Mehr.
5.        Claim 15 is rejected under 35 U.S.C. 103 as being unpatentable over Crawford in view of Aramaki, Ohmori, Mehr, and Foster et al. (US Pub. 2003/0200454), hereinafter Foster, filed on Apr. 18, 2002.
              Regarding claim 15, Crawford, Aramaki, Ohmori, and Mehr teach method of claim 13.
              Crawford, Aramaki, Ohmori, and Mehr do not teach 20a step of deleting, using the control device, the list when all of the plurality of encrypted data items obtained by encryption using the public key of the old key pair are encrypted using the public key of the new key pair and thus all of the items are deleted.
              Foster teaches 
20a step of deleting, using the control device, the list when all of the plurality of encrypted data items obtained by encryption using the public key of the old key pair are encrypted using the public key of the new key pair and thus all of the items are deleted (para 87, line 1-7 and para 88, line 1-7; the access table is then again modified so that the new location is defined for encryption and decryption with the new key set 1165, and all references to the old key set are deleted 1170).
              It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Crawford, Aramaki, Ohmori, and Mehr to incorporate the teachings of Foster to provide the access table is then again modified so that the new location is defined for encryption and decryption with the new key set, and all references to the old key set are deleted.  Doing so would allow for maintaining and updating secure operation of the integrated system via data access control function, as recognized by Foster.
Conclusion
6.	The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. The following are relevant prior arts: Brunswig et al. (US Pub. 2006/0070083) discloses input parameters for DELETE method are a list of keys (INKEYS) encoded within the associated key structure to describe the aspect rows to be deleted; Hayashi et al. (US Pub. 2014/0208117) discloses a notification showing that a re-encryption key should be updated, and calculates re-encryption key data on the basis of the re-encryption key stored and the random number generated; Makela et al. (US Pub. 2005/0226420) discloses data transmission relating to the use and updating of encryption keys, where index list of encryption keys S_N to be deleted is only sent when terminal equipment A-D starts the updating delivery of encryption keys.
7.	Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. 
8.	Any inquiry concerning this communication or earlier communications from the examiner should be directed to NHAN H NGUYEN whose telephone number is (571)272-6443.  The examiner can normally be reached on Monday-Friday 8:30am - 4:00pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Saleh Najjar can be reached on 571-272-4006.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.






/NHAN HUU NGUYEN/Examiner, Art Unit 2492


/SALEH NAJJAR/Supervisory Patent Examiner, Art Unit 2492