DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Response to Amendments
	This office action responds to the amendments filed on April 29, 2022 for application 16/368,740.  Claims 1-2, 4, and 9-12 were amended, and claims 1-12 remain pending in the application.

Response to Arguments
	The Examiner has fully considered the Applicant’s arguments filed on April 29, 2022, and the Examiner responds as provided below.
	Regarding the Applicant’s response at page 5 of the Remarks that concerns the objection to the claims, the amendments to claims 1 and 10 adequately address the issues and the objections are withdrawn.
	Regarding the Applicant’s response at page 5 of the Remarks that concerns the § 112(b) rejection, the amendments to the claims cures the deficiencies and the § 112(b) rejection is withdrawn.
Regarding the Applicant’s response at pages 6-8 of the Remarks that concerns the § 103 rejection of the pending claims, the Applicant’s arguments in conjunction with the claim amendments are persuasive, and consequently the Examiner conducted a new prior art search. The Applicant’s arguments are now moot with respect to the pending claims because the arguments do not apply to the references currently used in the rejection of the aforementioned claims as detailed below.

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

The following conventions apply to the mapping of the prior art to the claims:
Italicized text – claim language.
Parenthetical plain text – Examiner’s citation and explanation.
Quotation marks – language quoted from a prior art reference.
Underlining – language quoted from a claim.
Brackets – material altered from either a prior art reference or a claim, which includes the Examiner’s explanation that relates a claim limitation to the quoted material of a reference.
Braces – a limitation taught by another reference, but the limitation is presented with the mapping of the instant reference for context.
Numbered footnote – a first phrase to be moved upwards to the primary reference analysis.
Lettered footnote – a second phrase to be moved after the movement of the first phrase from which it was lifted, or more succinctly, move numbered material first, lettered material last.
A.	Claims 1-5 and 10-12 are rejected under 35 U.S.C. 103 as being unpatentable over Kulakowski et al. (US 2008/0288771, “Kulakowski”) in view of Aissi et al. (US 2015/0007262, “Aissi”).
Regarding Claim 1
Kulakowski discloses
A method (abstract) for implementing a cryptographic function (¶ [0023], “The programmable processing steps [that define a cryptographic function] can be defined uniquely for each client, and the programmable processing steps are selected from a number of functions using sequencing data that defines the processing steps;” and “The programmable processing steps [as the cryptographic function] allow for each client to process encrypted data in a different manner and the programmable processing steps are defined by what is called a digital rights management (DRM) Sequencing Key [as a secret key], and as such the system and method introduces a key-able DRM whereby each DRM message can be processed in a unique (or pseudo unique) manner.”) for a secret key (¶ [0078], “The DRM process of encrypting the Master Content Encryption Key 405 for a piece of content is used to protect the content key from hackers [and thus is a secret key] attempting to steal the content.”), the method comprising the implementation, by a data processor (¶¶ [0161]-[0162], “The various illustrative logical blocks, modules, and circuits described in connection with the embodiments disclosed herein can be implemented or performed with a general purpose [data] processor,…”) of an equipment (Fig. 1, ¶ [0029], “The client devices 12 [as an equipment] can similarly be a set top box (STB) (typically used for cable and satellite television systems), a general purpose computer or a special purpose computer including any of the numerous computing devices available which allow for communications over a network, for example, a home computer, a lap top computer, a personal digital assistant or a mobile telephone.”), of steps: 
constructing an individualized sequence of cryptographic macro-instructions (Fig. 2, ¶ [0025], “The DRM process consists of the application [and thereby constructing] of a sequence of functions [as cryptographic macro-instructions] (reversible, cryptographical, and other) executed by the server to protect (encrypt and obfuscate) data and then performed by the client to remove, or undo, the protected processed applied to the data. The DRM process described herein is the sequence of steps [as cryptographic macro-instructions] used to secure data such as applying encryption algorithms with one or more keys, hashing functions, data transformation steps (linear and non-linear), data mapping functions whereby input data is mapped to different output data, data shifting, data substitution, functions including round or rounds key whereby a round of the algorithm gets a new key or a round key is obtained from server data, data shifting, Exclusive OR-ing (XOR), bit reversal, bit transformation, applying one or more rounds of a multiple round encryption algorithm, and other functions in an effort to secure the data;” and ¶ [0023], “The programmable processing steps [that define a cryptographic function] can be defined uniquely [and individualized] for each client”), representing said cryptographic function for said secret key (¶ [0023]), based on: 
a generic list of cryptographic macro-instructions (Fig. 4, ¶ [0073], “FIG. 4 below shows an example of some Functions [as a generic list of cryptographic macro-instructions] and how they are stored in the memory of the server 10 and the client 12. For example, at the memory address for Function 1, there might be a Shift Instruction sequence (310) [as a cryptographic macro-instruction] for performing some type of bit shifting. Function 2 can be an XOR (312) [as a cryptographic macro-instruction] function that performs an exclusive-OR function.”) executable by a given virtual machine (Fig. 5, ¶¶ [0079]-[0081], “Each individual client performing the processing steps [as the cryptographic function] as shown in FIG. 5 can use … [and thereby be executable by a given] separate virtual machine or encrypted state machine processing methods or instruction sets.”); and 
1 … {file} of data defining the choice and order of the macro-instructions in the list that compose the sequence (Fig. 5, ¶¶ [0077]-[0079], “The functional designators F1, F2, F3 and so on are used to indicate a series of functional steps being applied to the data. In actual fact the functions F1, F2, F3, to Fn [or data defining … macro-instructions in the list that compose the sequence] will be functions determined [and thereby chosen] by the DRM Sequence Key and because the actual sequence [and order] of functions can be defined by the DRM Sequence Key the sequence of processing steps is programmable.”); 
executing, by said virtual machine, said individualized sequence of cryptographic macro-instructions (¶ [0098], “FIG. 11 is a simplified block diagram of a client specific Virtual Machine or Sequence Data being uniquely encrypted for a particular client. The VM data key 1240 will be used by the client to decrypt the virtual machine or sequencer data flow [or individualized sequence of cryptographic macro-instructions] or both;” and ¶ [0081], “Each individual client performing [and thereby executing] the processing steps [as the individualized sequence of cryptographic macro-instructions] as shown in FIG. 5 can use separate or common keys and even separate virtual machine or encrypted state machine processing methods or instruction sets.”).  
Kulakowski doesn’t disclose
	1 an individual file…
Aissi, however, discloses
	1 an individual file {of data defining … macro-instructions}… (¶ [0025], “In embodiments of the invention, a root of trust is implemented in software [comprising an individual file, i.e., “software” is conventionally stored in files] that has heavy tamper resistance;” and “In yet some embodiments, the root of trust may be a combination of functional code [i.e., the cryptographic macro-instructions as disclosed by Kulakowski] and root key, as described above.”)
	Regarding the combination of Kulakowski and Aissi, it would have been obvious for one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the cryptographic system of Kulakowski to have included the file feature of Aissi. One of ordinary skill in the art would have been motivated to incorporate the file feature of Aissi because Kulakowski teaches “The Sequence Data 160 can be provided by a unicast message sequence between a server and a specific client, or the Sequence Data1 160 can be downloaded by the client from a server,” see Kulakowski ¶ [0060], which is silent to the use of an “individual file,” and Aissi teaches implementing “functional code” within “software,” namely a file.  See Aissi ¶ [0025].  In other words, it would be obvious to one skilled in the art to store the code of the macro-instructions in a software “file” to be downloaded from a server to a client.
Regarding Claim 2
Kulakowski in view of Aissi (“Kulakowski-Aissi”) discloses the method according to claim 1, and Kulakowski further discloses
wherein said {individual file (Aissi ¶ [0025])} defines said individualized sequence of cryptographic macro-instructions as a sequence of elements of said generic list (Fig. 4, ¶ [0073]) of cryptographic macro-instructions (Fig. 5, ¶¶ [0077]-[0079], “The functional designators F1, F2, F3 [as elements within the illustrated sequence of cryptographic macro-instructions] and so on are used to indicate a series of functional steps being applied to the data.”).
Regarding the combination of Kulakowski and Aissi, the rationale to combine is the same as provided for claim 1 due to the overlapping subject matter of claims 1 and 2. 
Regarding Claim 3
Kulakowski-Aissi discloses the method according to claim 2, and Kulakowski further discloses
wherein said data describing said sequence successively identify each of the macro-instructions of said sequence in said generic list of cryptographic macro-instructions (Fig. 5, “In FIG. 5 the steps are labeled as functional steps F1, F2, F3, . . . Fn. The functional designators F1, F2, F3 and so [successively identify each of the macro-instructions] on are used to indicate a series of functional steps being applied to the data. In actual fact the functions F1, F2, F3, to Fn will be functions determined by the DRM Sequence Key and because the actual sequence of functions can be defined by the DRM Sequence Key the sequence of processing steps is programmable [where the successive[] identif[ication] is implemented].”).  
Regarding Claim 4
Kulakowski-Aissi discloses the method according to claim 1, and Kulakowski further discloses 
wherein the {individual file (Aissi ¶ [0025])} is individually associated with the secret key (¶ [0023], “The programmable processing steps [as cryptographic macro-instructions] allow for each client [that receives the individual file as disclosed by Aissi ¶ [0025]] to process encrypted data in a different manner and the programmable processing steps are defined by what is called a digital rights management (DRM) Sequencing Key [as the secret key], and as such the system and method introduces a key-able DRM whereby each DRM message can be processed in a unique (or pseudo unique) manner. DRM Sequence Key is data used to define the sequence of processing steps…”).
Regarding the combination of Kulakowski and Aissi, the rationale to combine is the same as provided for claim 1 due to the overlapping subject matter of claims 1 and 4.
Regarding Claim 5
Kulakowski-Aissi discloses the method according to claim 4, and Kulakowski further discloses 
wherein the {individual file (Aissi ¶ [0025])} is a function of the secret key (¶ [0023], i.e., the individual file possessess the cryptographic macro-instructs, and the cryptographic macro-instructions are produced from DRM sequence key, and therefore the individual file is a function of the secret key).  
Regarding the combination of Kulakowski and Aissi, the rationale to combine is the same as provided for claim 1 due to the overlapping subject matter of claims 1 and 5.
Regarding Independent Claims 10, 11, and 12
With respect to independent claims 10, 11, and 12, a corresponding reasoning as given earlier for independent claim 1 applies, mutatis mutandis, to the subject matter of claims 10, 11, and 12. Therefore, claims 10, 11, and 12 are rejected, for similar reasons, under the grounds set forth for claim 1.
B.	Claims 6-9 are rejected under 35 U.S.C. 103 as being unpatentable over Kulakowski in view of Aissi, and further in view of Desai et al. (US 2015/0199213, “Desai”).
Regarding Claim 6
Kulakowski-Aissi discloses the method according to claim 1, and Kulakowski further discloses 
comprising prior to said constructing (Fig. 2, ¶ [0025]), 
1 …. {application} capable of implementing said virtual machine and 2including said generic list of cryptographic macro-instructions executable by the virtual machine ((¶ [0081], “Each individual client [possessing the application as disclosed by Aissi [0038]] performing the processing steps [comprising said generic list of cryptographic macro-instructions] as shown in FIG. 5 can use [and thereby implement] separate or common keys and even separate virtual machine or encrypted state machine processing methods or instruction sets;” and ¶ [0027], “Some or all of the control to define the sequence performed is defined [and thereby executed] in the virtual machine instruction set,…”), and of said {individual file (Aissi ¶ [0025]), i.e., the individual file downloaded that possesses the macro-instructions are executed by the VM}.
Aissi further discloses
obtaining a …a application (Fig. 1, ¶ [0038], “In some embodiments, the user 104 may download [and thereby obtain] the wallet mobile application 102A that is integrated with the application module 102B to the mobile device 102 from the wallet provider cloud server 106.”).  
Kulakowski-Aissi doesn’t disclose
	a …generic {application}…
Desai, however, discloses
	a …generic {application}… (¶ [0076], “Although not specifically shown, the mobile device 602 may also interact with an application store for the selection and downloading of [generic] applications.”)
Regarding the combination of Kulakowski and Aissi, it would have been obvious for one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the cryptography system of Kulakowski to have included the application feature of Aissi. One of ordinary skill in the art would have been motivated to incorporate the application feature of Aissi because Aissi states the problem of “[t]he authenticity, integrity and confidentiality in any application module running on a client device needs to be ensured,” and that “[t]hese security properties cannot be ensured by relying on the application module itself, the client device's operating system (kernel and platform), or the client′ device's firmware/hardware,” see Aissi ¶ [0002], and Aissi provides a solution involving a “root of trust” that involves “heavy tamper resistance.”  See Aissi ¶ [0025]. 
Regarding the combination of Kulakowski-Aissi and Desai, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Kulakowski-Aissi to arrive at the claimed invention.  KSR establishes that a rationale for obviousness is proven by showing a “simple substitution of one known element for another to obtain predictable results.” See MPEP § 2143(I)(B).
To substantiate the conclusion of obviousness under this KSR rationale, the Examiner finds pursuant to MPEP § 2143(I)(B):
1) the prior art contained a method that differed from the claimed device by the substitution of some feature, and more specifically, Aissi discloses a specific application (a “wallet mobile application”) that differs from the claimed invention that possesses a generic application, where the generic application substitutes for the specific application of Aissi;
2) the substituted component of the generic application was known in the art, as demonstrated by Desai; and
3) one of ordinary skill in the art could have substituted one known element (the generic application of Desai) for another (the specific application of Aissi) and the results would have been predictable to one of ordinary skill in the art.

Regarding Claim 7
Kulakowski in view of Aissi, and further in view of Desai (“Kulakowski-Aissi-Desai”) discloses the method according to claim 6, and Aissi further discloses 
wherein obtaining said individual file (¶ [0025]) comprises the subsequent loading of the file by said application (Fig. 7, ¶ [0104], “In step 708, the code is executed from root of trust [i.e., the “root of trust” or individual file]. In some embodiments, the root of trust 406B may be loaded as part of the initialization routine of the application module 102B.”; and ¶ [0114], “In step 708H, the tamper resistant system 406 is loaded. In one embodiment, the tamper resistant system 406 is loaded as part of executing the root of trust load routine [i.e., the “root of trust” or individual file].”).  
Regarding the combination of Kulakowski and Aissi, the rationale to combine is the same as provided for claim 6 due to the overlapping subject matter of claims 6 and 7.
Regarding Claim 8
Kulakowski-Aissi-Desai discloses the method according to claim 7, and Kulakowski further discloses 
wherein the {generic (Desai ¶ [0076])} application is loaded by the {equipment (Fig. 1, ¶ [0029])} from a first application platform server (Fig. 1, ¶ [0038], “In some embodiments, the user 104 [possessing the equipment] may download the wallet mobile application 102A that is integrated with the application module 102B to the mobile device 102 [as the equipment] from the wallet provider cloud server 106 [as a first application platform server].”), and 
the individual file (¶ [0025]) is loaded by the application from a second server holding the secret key (Fig. 1, ¶ [0043], “The authentication cloud server 108 [as a second server] may be a remote server computer that can provide backend service to the application module 102B to build a dynamic root of trust [that comprises the secret key] and trust chain. The authentication cloud server 108 can inject [and thereby download] and update the dynamic root of trust in the application module 102B [as the application] on the mobile device 102.”).  
Regarding the combination of Kulakowski and Aissi, the rationale to combine is the same as provided for claim 6 due to the overlapping subject matter of claims 6 and 8.
Regarding the combination of Kulakowski-Aissi and Desai, the rationale to combine is the same as provided for claim 6 due to the overlapping subject matter of claims 6 and 8.
Regarding Claim 9
Kulakowski-Aissi discloses the method according to claim 8, and Kulakowski further discloses
1 …, 
the generation by the second server of the individual file from the secret key (Fig. 5, ¶¶ [0077]-[0079], i.e., the “functions F1 411” through “functions F4 414” are generated by the “server 10” from the “DRM sequence key” that acts as the secret key and corresponds to the “root of trust” as disclosed by Aissi, where the “server 10” of Kulakowski corresponds to the “authentication cloud server 108” of Aissi that acts as the second server), and 
2 ….  
Aissi further discloses
1 wherein the loading of the individual file (Fig. 1, ¶ [0043]) comprises beforehand the sending of a request to the second server (Fig. 4, ¶ [0108], “In step 708C, a request to the authentication cloud server 108 [as the second server] is sent for updates to the root of trust 406B. In one embodiment, the SDK update service module 402A [as part of “mobile device”/equipment and application] may send the request to the authentication cloud server 108 [as the second server].”)
2 the reception of the individual file by the equipment (Fig. 7, ¶ [0110], “In step 708E, if an update to the root of trust exists, the mobile device 102 may pull [and thereby receive] the updated root of trust [as “software” and an individual file] from the authentication cloud server 108.”).
Regarding the combination of Kulakowski and Aissi, the rationale to combine is the same as provided for claim 6 due to the overlapping subject matter of claims 6 and 8.

Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to D'ARCY WINSTON STRAUB whose telephone number is (303)297-4405. The examiner can normally be reached Monday-Friday 9:00-5:00 Mountain Time.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, ASHOKKUMAR B PATEL can be reached on (571)272-3972. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.



/D'Arcy Winston Straub/Examiner, Art Unit 2491                                                                                                                                                                                                        


/ASHOKKUMAR B PATEL/Supervisory Patent Examiner, Art Unit 2491