Notice of Pre-AIA  or AIA  Status
The present application, filed on or after January 23, 2019, is being examined under the first inventor to file provisions of the AIA .
 
Detailed action 
Claims 1-4, 6-14 and 16-20 are pending and are being considered.
Claims 1, 11 and 20 have been amended.
Response to 103 
	Argument regarding claims 1, 11 and 20:
Applicants arguments filled on 07/05/2022 have been fully considered and are persuasive but are moot in view of new grounds of rejection. The argument do not apply to the current art being used. 
The applicant on page 9 and 10 of remarks argues that the cited references fails to teach 
1) 	data stored in volatile memory of the mobile device for encrypting 
2)	encrypting the data stored at volatile memory of mobile device using one-time encryption key. 
The examiner acknowledges applicants point of view and notes that the cited reference (i.e. Adam and Phal) teach data stored in a memory of mobile device and temporary key is used for encrypting the data. However, the cited references do not explicitly teach data stored at volatile memory of mobile device and using one-time encryption key for encrypting the data. The examiner relied and newly cited reference to teach the above concept. Therefore, applicants arguments with respect to above limitations are moot in view of new grounds of rejection. 

Examiner notes: The examiner notes that computer readable storage medium recited in claim 20 excludes transitory signals per se, such as radio waves or other freely propagating electromagnetic waves, electromagnetic waves propagating through a waveguide or other transmission media. See para [0095].

CLAIM INTERPRETATION

The following is a quotation of 35 U.S.C. 112(f):
(f) Element in Claim for a Combination. – An element in a claim for a combination may be expressed as a means or step for performing a specified function without the recital of structure, material, or acts in support thereof, and such claim shall be construed to cover the corresponding structure, material, or acts described in the specification and equivalents thereof. 

The following is a quotation of pre-AIA  35 U.S.C. 112, sixth paragraph:
An element in a claim for a combination may be expressed as a means or step for performing a specified function without the recital of structure, material, or acts in support thereof, and such claim shall be construed to cover the corresponding structure, material, or acts described in the specification and equivalents thereof.

The claims in this application are given their broadest reasonable interpretation using the plain meaning of the claim language in light of the specification as it would be understood by one of ordinary skill in the art.  The broadest reasonable interpretation of a claim element (also commonly referred to as a claim limitation) is limited by the description in the specification when 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, is invoked. 

As explained in MPEP § 2181, subsection I, claim limitations that meet the following three-prong test will be interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph:
(A)	the claim limitation uses the term “means” or “step” or a term used as a substitute for “means” that is a generic placeholder (also called a nonce term or a non-structural term having no specific structural meaning) for performing the claimed function; 
(B)	the term “means” or “step” or the generic placeholder is modified by functional language, typically, but not always linked by the transition word “for” (e.g., “means for”) or another linking word or phrase, such as “configured to” or “so that”; and 
(C)	the term “means” or “step” or the generic placeholder is not modified by sufficient structure, material, or acts for performing the claimed function. 

Use of the word “means” (or “step”) in a claim with functional language creates a rebuttable presumption that the claim limitation is to be treated in accordance with 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph. The presumption that the claim limitation is interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, is rebutted when the claim limitation recites sufficient structure, material, or acts to entirely perform the recited function. 

Absence of the word “means” (or “step”) in a claim creates a rebuttable presumption that the claim limitation is not to be treated in accordance with 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph. The presumption that the claim limitation is not interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, is rebutted when the claim limitation recites function without reciting sufficient structure, material or acts to entirely perform the recited function. 
Claim limitations in this application that use the word “means” (or “step”) are being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, except as otherwise indicated in an Office action. Conversely, claim limitations in this application that do not use the word “means” (or “step”) are not being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, except as otherwise indicated in an Office action.

This application includes one or more claim limitations that do not use the word “means,” but are nonetheless being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, because the claim limitation(s) uses a generic placeholder that is coupled with functional language without reciting sufficient structure to perform the recited function and the generic placeholder is not preceded by a structural modifier.  Such claim limitation(s) is/are: an encryption and decryption unit in claim 11

Claim limitation(s) “an encryption and decryption unit” in claim 11 gives their broadest reasonable interpretation of the claim elements with a limited description in the specification. The examiner notes that these elements (i.e. an encryption and decryption unit) lie within a data protection system 600 as sown in Fig 6 and there is a clear link between a computing devices 700 as shown in Fig 7 as the structure and the recited elements because the data protection system 600 is in a computing device 700. Accordingly claims 11 invoke 35 U.S.C. 112 (f) or sixth paragraph, but the corresponding structure is described.


Because these claim limitation(s) are being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, they are being interpreted to cover the corresponding structure described in the specification as performing the claimed function, and equivalents thereof.


If applicant does not intend to have this/these limitation(s) interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, applicant may:  (1) amend the claim limitation(s) to avoid it/them being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph (e.g., by reciting sufficient structure to perform the claimed function); or (2) present a sufficient showing that the claim limitation(s) recite(s) sufficient structure to perform the claimed function so as to avoid it/them being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph.


                                               Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The factual inquiries for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.

The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1-3, 10-13 and 20 are rejected under 35 U.S.C. 103 as being unpatentable over Adams et al (hereinafter Adams) (US 20050257043) in view of Pahl et al (hereinafter Pahl) (US 8966267) and further in view of HLAING et al (hereinafter HLAING) (US 20190005229).

Regarding claim 1 Adams teaches a computer-implemented method for protecting a mobile device against unauthorized access to user data stored in the mobile device, the computer-implemented method comprising (Adams on [0012] teaches system and method for protecting mobile device. See on [0057] teaches preventing unauthorized party access for obtaining data stored in memory of mobile device);
encrypting the user data stored in a volatile memory of the mobile device responsive to the mobile device being switched to a locked status (Adams on [0033] teaches when the device is locked, the device automatically encrypts the fields contents. See on [0027 and 0057] data associated with filed is stored in flash memory or RAM of device. See on [0040-0041] teaches Input is received which indicates that the mobile device is to enter into a protected mode (i.e. locked state [0039]). Data associated with fields displayed on a user interface is encrypted and stored in a data store);
and decrypting said user data stored in said volatile memory responsive to said mobile device being switched from said locked status into an unlocked status (Adams on [0029] teaches when a mobile device 100 has become unlocked, the encrypted user field data is decrypted by decryption software module 350. See on [0027 and 0057] data is stored in flash memory or RAM of device.  See on [0040-0041] teaches after the mobile device leaves the protected mode (i.e. unlocked state [0039]), the stored encrypted user interface field data is decrypted).
Adams fails to teach protecting a fresh encryption key used in encrypting the user data stored in the volatile memory of the mobile device, by encoding said fresh encryption key into two parts, namely a local recovery key, stored in a non-volatile memory of said mobile device, and a remote recovery key, sent to a remote server and deleting said remote recovery key and said fresh encryption key from said mobile device, wherein and the local recovery key being accessible without any external system to said mobile device and wherein a combination of the local recovery key and the remote recovery key together form a complete recovery key to decrypt and reassess the encrypted user data, however Pahl from analogous art teaches protecting a fresh encryption key [[used in encrypting the user data stored in the volatile memory of the mobile device]] by encoding said fresh encryption key into two parts, namely a local recovery key, stored in a non-volatile memory of said mobile device, and a remote recovery key, sent to a remote server (Pahl on [Col 76 line 45-53] teaches a private key (i.e. fresh encryption key) may be split into at least two parts where at least one part is stored at the secure session server (i.e. local key stored at secure session server equivalent to mobile device see [Col 6 line 20-22]) and at least one part is stored at a remote key server (i.e. remote recovery key stored at remote server). By way of another example, a private key may be split into at least two parts where at least one part is stored at a first key server and another part is stored at a second key server. See also Fig 4 and text on [Col 77 line 30-40] teaches a first part of private key is stored at the secure session server 420 and a second part is stored at the key server 430. Note the term encoding is interpreted in view of [0044] of instants application as splitting key into two portion);
and deleting said remote recovery key and said fresh encryption key from said mobile device, (Pahl on [Col 76 line 63-67] teaches the whole private key  (i.e. fresh encryption key) may be removed from the key server after splitting the key into multiple parts. See on [Col 79 line 30-35] teaches the key server 1630 may remove the private key part 1650B (i.e. remote recover key));
wherein the local recovery key being accessible without any external system to said mobile device (Pahl Fig 1 block 130 and text on [Col 77 line 20-25, Col 78 line 1-5 and Col 79 line 10-35] teaches private key part 150A (i.e. local recovery key) stored in key server 150 (i.e. mobile device in view of see [Col 6 line 20-22) have access to the private key part 150A without external access since it is stored within the key server 130); 
and wherein a combination of the local recovery key and the remote recovery key together form a complete recovery key to decrypt and reassess the encrypted user data [[stored in the volatile memory of the mobile device]] (Pahl on [Col 76 line 53-60] teaches when a private key operation is needed in the secure session handshake, the secure session server transmits the part of the key that it is storing to the key server and the key server combines the parts to reconstruct the private key (i.e. combining the key part to re-construct private key) and uses the private key accordingly. See also on [Col 77 line 20-25, Col 78 line 1-5 and Col 79 line 10-35] teaches the secure session server 120 transmits the private key part 150B to the key server 130. The key server 130 receives the private key part 150B and reconstructs the private key 150 using the private key part 150A (i.e. private key part 150 A equivalent to local recovery key stored at key server 130) and the private key part 150B. See [Col 5 line 20-25 and col 7 line 40-50] teaches the private key is used to decrypt the premaster secret that has been encrypted with the corresponding public key).
Thus, it would have been obvious to one ordinary skill in the art before the effective filing date to implement the teaching of Phal into the teaching of Adams by protecting encryption key by dividing it into two parts and deleting the encryption key. One would be motivated to do so in order to establish secure session for secure communication between client and server (Phal on [Col 1 line 5-10]).
Although the combination teaches generating temporary key for encrypting data (i.e. Adam [0004-0005]), but fails to explicitly teach wherein the fresh encryption key is a one-time encryption key newly generated for encrypting the user data stored in the volatile memory of the mobile device, however HLAING from analogous art teaches (HLAING on [0141-0147] teaches generating one-time encryption key and encrypting data stored in a RAM (i.e. data stored in volatile memory) using one-time key (OTK));
and wherein the fresh encryption key is a one-time encryption key newly generated for encrypting the user data stored in the volatile memory of the mobile device (HLAING on [0141-0147] teaches generating one-time encryption key and encrypting data stored in a RAM (i.e. data stored in volatile memory) using one-time key (OTK)).
Thus, it would have been obvious to one ordinary skill in the art before the effective filing date to implement the teaching of HLAING into the combined teaching of Adams and Phal by generating one-time encryption key for encrypting data stored in volatile memory. One would be motivated to do so in order to enhance security of data communicated between different device by encrypting the data stored in a volatile memory using one time key generated only when device powers on (HLAING on [0007-0009]).

Regarding claim 11 Adams teaches a user data protection system for protecting a mobile device against unauthorized access to user data stored in said mobile device, said user data protection system comprising a processor (Adams on [0012] teaches system and method for protecting mobile device. See on [0057] teaches preventing unauthorized party access for obtaining data stored in memory of mobile device. See on [0043] teaches mobile device include a processor);
an encryption unit adapted for encrypting said user data stored in a volatile memory of the mobile device responsive to the mobile device being switched to a locked status (Adams on [0033] teaches when the device is locked, the device automatically encrypts the fields contents. See on [0027 and 0057] data associated with filed is stored in flash memory or RAM of device. See on [0040-0041] teaches Input is received which indicates that the mobile device is to enter into a protected mode (i.e. locked state [0039]). Data associated with fields displayed on a user interface is encrypted and stored in a data store);
and a decryption unit adapted for decrypting the user data stored in the volatile memory responsive to said mobile device being switched from said locked status into an unlocked status (Adams on [0033] teaches when the device is locked, the device automatically encrypts the fields contents. See on [0027 and 0057] data associated with filed is stored in flash memory or RAM of device. See on [0040-0041] teaches Input is received which indicates that the mobile device is to enter into a protected mode (i.e. locked state [0039]). Data associated with fields displayed on a user interface is encrypted and stored in a data store).
Adams fails to teach protecting a fresh encryption key by encoding said fresh encryption key into two parts, namely a local recovery key, stored in a non-volatile memory of said mobile device, and a remote recovery key, sent to a remote server and deleting said remote recovery key and said fresh encryption key from said mobile device, wherein and the local recovery key being accessible without any external system to said mobile device and wherein a combination of the local recovery key and the remote recovery key together form a complete recovery key to decrypt and reassess the encrypted user data, however Pahl from analogous art teaches protecting a fresh encryption key [[used in encrypting the user data stored in the volatile memory of the mobile device,]] by encoding said fresh encryption key into two parts, namely a local recovery key, stored in a non-volatile memory of said mobile device, and a remote recovery key, sent to a remote server (Pahl on [Col 76 line 45-53] teaches a private key (i.e. fresh encryption key) may be split into at least two parts where at least one part is stored at the secure session server (i.e. local key stored at secure session server equivalent to mobile device see [Col 6 line 20-22]) and at least one part is stored at a remote key server (i.e. remote recovery key stored at remote server). By way of another example, a private key may be split into at least two parts where at least one part is stored at a first key server and another part is stored at a second key server. See also Fig 4 and text on [Col 77 line 30-40] teaches a first part of private key is stored at the secure session server 420 and a second part is stored at the key server 430);
and deleting said remote recovery key and said fresh encryption key from said mobile device, (Pahl on [Col 76 line 63-67] teaches the whole private key  (i.e. fresh encryption key) may be removed from the key server after splitting the key into multiple parts. See on [Col 79 line 30-35] teaches the key server 1630 may remove the private key part 1650B (i.e. remote recover key));
wherein and the local recovery key being accessible without any external system to said mobile device (Pahl Fig 1 block 130 and text on [Col 77 line 20-25, Col 78 line 1-5 and Col 79 line 10-35] teaches private key part 150A (i.e. local recovery key) stored in key server 150 (i.e. mobile device in view of see [Col 6 line 20-22) have access to the private key part 150A without external access since it is stored within the key server 130); 
and wherein a combination of the local recovery key and the remote recovery key together form a complete recovery key to decrypt and reassess the encrypted user data [[stored in the volatile memory of the mobile device]] (Pahl on [Col 76 line 53-60] teaches when a private key operation is needed in the secure session handshake, the secure session server transmits the part of the key that it is storing to the key server and the key server combines the parts to reconstruct the private key (i.e. combining the key part to re-construct private key) and uses the private key accordingly. See also on [Col 77 line 20-25, Col 78 line 1-5 and Col 79 line 10-35] teaches the secure session server 120 transmits the private key part 150B to the key server 130. The key server 130 receives the private key part 150B and reconstructs the private key 150 using the private key part 150A (i.e. private key part 150 A equivalent to local recovery key stored at key server 130) and the private key part 150B. See [Col 5 line 20-25 and col 7 line 40-50] teaches the private key is used to decrypt the premaster secret that has been encrypted with the corresponding public key).
Thus, it would have been obvious to one ordinary skill in the art before the effective filing date to implement the teaching of Phal into the teaching of Adams by protecting encryption key by dividing it into two parts and deleting the encryption key. One would be motivated to do so in order to establish secure session for secure communication between client and server (Phal on [Col 1 line 5-10]).
Although the combination teaches generating temporary key for encrypting data (i.e. Adam [0004-0005]), but fails to explicitly teach wherein the fresh encryption key is a one-time encryption key newly generated for encrypting the user data stored in the volatile memory of the mobile device, however HLAING from analogous art teaches (HLAING on [0141-0147] teaches generating one-time encryption key and encrypting data stored in a RAM (i.e. data stored in volatile memory) using one-time key (OTK));
and wherein the fresh encryption key is a one-time encryption key newly generated for encrypting the user data stored in the volatile memory of the mobile device (HLAING on [0141-0147] teaches generating one-time encryption key and encrypting data stored in a RAM (i.e. data stored in volatile memory) using one-time key (OTK)).
Thus, it would have been obvious to one ordinary skill in the art before the effective filing date to implement the teaching of HLAING into the combined teaching of Adams and Phal by generating one-time encryption key for encrypting data stored in volatile memory. One would be motivated to do so in order to enhance security of data communicated between different device by encrypting the data stored in a volatile memory using one time key generated only when device powers on (HLAING on [0007-0009]).

Regarding claim 2 and 12 the combination of Adams, Pahl and HLAING teaches all the limitations of claim 1 and 11 respectively, Adams further teaches also comprising switching said mobile device into said locked status after a power-on of said mobile device, or after a time period of inactivity, or after receiving a lock signal (Adams on [0032] teaches the device could have entered the lock mode for many different reasons, such as the mobile device automatically entering the lock mode after a certain period of user inactivity, or the mobile device enters the lock mode because of user input).
Regarding claim 3 and 13 the combination of Adams, Pahl and HLAING teaches all the limitations of claim 1 and 11 respectively, Adams further teaches also comprising using the fresh encryption key every time said encrypting said user data stored in said volatile memory is performed (Adams on [0033] teaches when the device is locked, the device automatically encrypts the fields contents. See on [0027 and 0057] data associated with filed is stored in flash memory or RAM of device. See on [0040-0041] teaches Input is received which indicates that the mobile device is to enter into a protected mode (i.e. locked state [0039]). Data associated with fields displayed on a user interface is encrypted and stored in a data store. See [claim 5] teaches wherein a private key (i.e. fresh encryption key) is used to encrypt the user interface field data during said encrypting step).

Regarding claim 20 Adams teaches a computer program product for protecting a mobile device against unauthorized access to user data stored in said mobile device, said computer program product comprising a computer readable storage medium having program instructions embodied therewith, said program instructions being executable by one or more computing systems or controllers to cause said one or more computing systems to (Adams on [0064 and Claim20] teaches Computer software program or programs stored on one or more computer readable media executed by computer. See on [0057] teaches preventing unauthorized party access for obtaining data stored in memory of mobile device);
encrypt said user data stored in a volatile memory of said mobile device responsive to said mobile device is switched to a locked status (Adams on [0033] teaches when the device is locked, the device automatically encrypts the fields contents. See on [0027 and 0057] data associated with filed is stored in flash memory or RAM of device. See on [0040-0041] teaches Input is received which indicates that the mobile device is to enter into a protected mode (i.e. locked state [0039]). Data associated with fields displayed on a user interface is encrypted and stored in a data store);
 and decrypting said user data stored in said volatile memory responsive to said mobile device being switched from said locked status into an unlocked status (Adams on [0033] teaches when the device is locked, the device automatically encrypts the fields contents. See on [0027 and 0057] data associated with filed is stored in flash memory or RAM of device. See on [0040-0041] teaches Input is received which indicates that the mobile device is to enter into a protected mode (i.e. locked state [0039]). Data associated with fields displayed on a user interface is encrypted and stored in a data store).
Adams fails to teach protecting a fresh encryption key by encoding said fresh encryption key into two parts, namely a local recovery key, stored in a non-volatile memory of said mobile device, and a remote recovery key, sent to a remote server and deleting said remote recovery key and said fresh encryption key from said mobile device, wherein and the local recovery key being accessible without any external system to said mobile device and wherein a combination of the local recovery key and the remote recovery key together form a complete recovery key to decrypt and reassess the encrypted user data, however Pahl from analogous art teaches protecting a fresh encryption key [[used in encrypting the user data stored in the volatile memory of the mobile device]] by encoding said fresh encryption key into two parts, namely a local recovery key, stored in a non-volatile memory of said mobile device, and a remote recovery key, sent to a remote server (Pahl on [Col 76 line 45-53] teaches a private key (i.e. fresh encryption key) may be split into at least two parts where at least one part is stored at the secure session server (i.e. local key stored at secure session server equivalent to mobile device see [Col 6 line 20-22]) and at least one part is stored at a remote key server (i.e. remote recovery key stored at remote server). By way of another example, a private key may be split into at least two parts where at least one part is stored at a first key server and another part is stored at a second key server. See also Fig 4 and text on [Col 77 line 30-40] teaches a first part of private key is stored at the secure session server 420 and a second part is stored at the key server 430);
and deleting said remote recovery key and said fresh encryption key from said mobile device, (Pahl on [Col 76 line 63-67] teaches the whole private key  (i.e. fresh encryption key) may be removed from the key server after splitting the key into multiple parts. See on [Col 79 line 30-35] teaches the key server 1630 may remove the private key part 1650B (i.e. remote recover key));
wherein and the local recovery key being accessible without any external system to said mobile device (Pahl Fig 1 block 130 and text on [Col 77 line 20-25, Col 78 line 1-5 and Col 79 line 10-35] teaches private key part 150A (i.e. local recovery key) stored in key server 150 (i.e. mobile device in view of see [Col 6 line 20-22) have access to the private key part 150A without external access since it is stored within the key server 130); 
and wherein a combination of the local recovery key and the remote recovery key together form a complete recovery key to decrypt and reassess the encrypted user data [[stored in the volatile memory of the mobile device]] (Pahl on [Col 76 line 53-60] teaches when a private key operation is needed in the secure session handshake, the secure session server transmits the part of the key that it is storing to the key server and the key server combines the parts to reconstruct the private key (i.e. combining the key part to re-construct private key) and uses the private key accordingly. See also on [Col 77 line 20-25, Col 78 line 1-5 and Col 79 line 10-35] teaches the secure session server 120 transmits the private key part 150B to the key server 130. The key server 130 receives the private key part 150B and reconstructs the private key 150 using the private key part 150A (i.e. private key part 150 A equivalent to local recovery key stored at key server 130) and the private key part 150B. See [Col 5 line 20-25 and col 7 line 40-50] teaches the private key is used to decrypt the premaster secret that has been encrypted with the corresponding public key).
Thus, it would have been obvious to one ordinary skill in the art before the effective filing date to implement the teaching of Pahl into the teaching of Adams by protecting encryption key by dividing it into two parts and deleting the encryption key. One would be motivated to do so in order to establish secure session for secure communication between client and server (Pahl on [Col 1 line 5-10]).
Although the combination teaches generating temporary key for encrypting data (i.e. Adam [0004-0005]), but fails to explicitly teach wherein the fresh encryption key is a one-time encryption key newly generated for encrypting the user data stored in the volatile memory of the mobile device, however HLAING from analogous art teaches (HLAING on [0141-0147] teaches generating one-time encryption key and encrypting data stored in a RAM (i.e. data stored in volatile memory) using one-time key (OTK));
and wherein the fresh encryption key is a one-time encryption key newly generated for encrypting the user data stored in the volatile memory of the mobile device (HLAING on [0141-0147] teaches generating one-time encryption key and encrypting data stored in a RAM (i.e. data stored in volatile memory) using one-time key (OTK)).
Thus, it would have been obvious to one ordinary skill in the art before the effective filing date to implement the teaching of HLAING into the combined teaching of Adams and Phal by generating one-time encryption key for encrypting data stored in volatile memory. One would be motivated to do so in order to enhance security of data communicated between different device by encrypting the data stored in a volatile

Claims 4 and 14 are rejected under 35 U.S.C. 103 as being unpatentable over Adams et al (hereinafter Adams) (US 20050257043) in view of Pahl et al (hereinafter Pahl) (US 8966267), in view of HLAING et al (hereinafter HLAING) (US 20190005229) and further in view of Bowman et al (hereinafter Bowman) (US 20180248693).
Regarding claim 4 and 14 the combination of Adams, Pahl and HLAING teaches all the limitations of claim 3 and 13 respectively, the combination of Adams, Pahl and HLAING fails to explicitly teach protecting said fresh encryption key by encrypting said fresh encryption key by a static encryption key, wherein said static encryption key is a public key of a public/private key pair, however Bowman from analogous art teaches protecting said fresh encryption key by encrypting said fresh encryption key by a static encryption key, wherein said static encryption key is a public key of a public/private key pair (Bowman on [0021, 0028, 0031 and 0035] teaches encrypting first and second portion of recovery key (i.e. fresh encryption key) using public key).
Thus, it would have been obvious to one ordinary skill in the art before the effective filing date to implement the teaching of Bowman into the combined teaching of Adams, Pahl and HLAING by encrypting fresh key with public key. One would be motivated to do so in order to protect recovery key used for protecting sensitive data (Bowman on [0009-0010]).

Claims 6 and 16 are rejected under 35 U.S.C. 103 as being unpatentable over Adams et al (hereinafter Adams) (US 20050257043) in view of Pahl et al (hereinafter Pahl) (US 8966267), in view of HLAING et al (hereinafter HLAING) (US 20190005229) in view of Bowman et al (hereinafter Bowman) (US 20180248693) and further in view of Ebrahimi et al (hereinafter Ebrahimi) (US 20190182042).
Regarding claim 6 and 16 the combination of Adams, Pahl, HLAING and Bowman teaches all the limitations of claim 4 and 14 respectively, the combination fails to explicitly teach encrypting said private key of said public/private key pair using a high-entropy key derived by a high-entropy user input, however Ebrahimi from analogous art teaches encrypting said private key of said public/private key pair using a high-entropy key derived by a high-entropy user input (Ebrahimi on [0125] teaches encrypting the private key (i.e. of public/private key pair [0091]) with the dynamic password (i.e. high-entropy key derived by a high-entropy user input). In particular, embodiments provide the means to encrypt the user's private key with the dynamic key);
and storing said resulting encrypted private part of said public/private key pair on a non- volatile memory of said mobile device (Ebrahimi on [0127] teaches transmitting the encrypted private key and storing it in storage).
Thus, it would have been obvious to one ordinary skill in the art before the effective filing date to implement the teaching of Ebrahimi into the combined teaching of Adams, Pahl, HLAING and Bowman by encrypting and storing private key pair. One would be motivated to do so in order to protect the private key used for protecting sensitive data (Ebrahimi on [0004]).

Claims 7-9 and 17-19 are rejected under 35 U.S.C. 103 as being unpatentable over Adams et al (hereinafter Adams) (US 20050257043) in view of Pahl et al (hereinafter Pahl) (US 8966267), in view of HLAING et al (hereinafter HLAING) (US 20190005229) and further in view of Ebrahimi et al (hereinafter Ebrahimi) (US 20190182042).

Regarding claim 7 and 17 the combination of Adams, Pahl and HLAING teaches all the limitations of claim 1 and 11 respectively, the combination fails to explicitly teach wherein said switching said mobile device from a locked status into said unlocked status comprises receiving a personal identification number, and using said personal identification number for performing an authentication protocol with said remote server, however Neil from analogous art teaches wherein said switching said mobile device from a locked status into said unlocked status comprises receiving a personal identification number, and using said personal identification number for performing an authentication protocol with a remote server (Ebrahimi on [0054-0058] teaches receiving one or more identify factor as input from user device such as PIN, wherein identity factor is verifiable by the server).
Thus, it would have been obvious to one ordinary skill in the art before the effective filing date to implement the teaching of Ebrahimi into the combined teaching of Adams Pahl by receiving PIN for performing authentication between server and client device. One would be motivated to do so in order protect sensitive data from unauthorized access (Ebrahimi on [0004]).

Regarding claim 8 and 18 the combination of Adams, Pahl, HLAING and Ebrahimi teaches all the limitations of claim 7 and 17 respectively, Pahl further teaches wherein a success of an authentication protocol with said remote server comprises receiving a remote recovery key from said remote server, and using a remote recovery key and said local recovery key to recover a fresh encryption key (Pahl on [Col 76 line 53-60] teaches when a private key operation is needed in the secure session handshake, the secure session server transmits the part of the key that it is storing to the key server and the key server combines the parts to reconstruct the private key (i.e. combining the key part to re-construct private key) and uses the private key accordingly. See also on [Col 77 line 20-25, Col 78 line 1-5 and Col 79 line 10-35] teaches the secure session server 120 transmits the private key part 150B to the key server 130. The key server 130 receives the private key part 150B and reconstructs the private key 150 using the private key part 150A (i.e. private key part 150 A equivalent to local recovery key stored at key server 130) and the private key part 150B. See [Col 5 line 20-25 and col 7 line 40-50] teaches the private key is used to decrypt the premaster secret that has been encrypted with the corresponding public key).
Thus, it would have been obvious to one ordinary skill in the art before the effective filing date to implement the teaching of Pahl into the teaching of Adams by protecting encryption key by dividing it into two parts and deleting the encryption key. One would be motivated to do so in order to establish secure session for secure communication between client and server ( Pahl on [Col 1 line 5-10]).

Regarding claim 9 and 19 the combination of Adams, Pahl and HLAING teaches all the limitations of claim 1 and 11 respectively, Pahl further teaches including performing an authentication protocol with said remote server, wherein a failure on the authentication protocol with the remote server comprises (Pahl on [Col 44 line 15-25] teaches authentication with server whether its successful or failed).
Thus, it would have been obvious to one ordinary skill in the art before the effective filing date to implement the teaching of Pahl into the teaching of Adams by verifying authentication protocol with server. One would be motivated to do so in order to establish secure session for secure communication between client and server ( Pahl on [Col 1 line 5-10]).
The combination fail to explicitly teach prompting for inserting a high-entropy user input, using said high-entropy user input to recover a high-entropy key, using said high-entropy key to decrypt said private key of said public/private key pair and using said private key of said public/private key pair to decrypt said fresh encryption key which was encrypted using said static encryption key, however Ebrahimi from analogous art teaches prompting for inserting a high-entropy user input (Ebrahimi on [0076-0077] teaches receiving identity factor as an input by the user);
using said high-entropy user input to recover a high-entropy key (Ebrahimi on [0077] teaches receiving identity factor as an input for recovering dynamic password (i.e. high-entropy key interpreted in view of para [0048] of instant application));
using said high-entropy key to decrypt said private key of said public/private key pair (Ebrahimi on [0150] teaches decrypting private key using dynamic password);
and using said private key of said public/private key pair to decrypt said fresh encryption key which was encrypted using said static encryption key (Ebrahimi on [0299] teaches  the third party might decrypt the encrypted items using the private key of the third party to perform a verification operation. See on [0067-0068] teaches data items are encrypted using DATAKEY, wherein the data item may be private key).
Thus, it would have been obvious to one ordinary skill in the art before the effective filing date to implement the teaching of Ebrahimi into the combined teaching of Adams, Pahl  and HLAING by recovering key based on user input and decrypting private key using the recovered key. One would be motivated to do so in order to protect recovery key used for protecting sensitive data (Ebrahimi on [0004]).

Claim 10 is/are rejected under 35 U.S.C. 103 as being unpatentable over Adams et al (hereinafter Adams) (US 20050257043) in view of Pahl et al (hereinafter Pahl) (US 8966267), in view of HLAING et al (hereinafter HLAING) (US 20190005229) and further in view of Hartway (US 20180365453).

Regarding claim 10 the combination of Adams, Pahl and HLAING teaches all the limitations of claim 1, Adams further teaches wherein said mobile device comprises a display (Adams on [0026] teaches mobile device comprises a display and icon representing the state of device).
Although the combination of Adams and Pahl teaches switching mobile device into locked/unlocked state, but fails to explicitly teach blocking keypad inputs apart from accepting a personal identification number or, if no network connection is available, accepting a high-entropy value, however Hartway from analogous art teaches and wherein said switching said mobile device into a locked status comprises blocking keypad inputs apart from accepting a personal identification number or, if no network connection is available, accepting a high-entropy value (Hartway on [0056] teaches If the locked electronic device 112 is in a locked state, a login screen 600 (FIG. 6) may appear on a display of the locked electronic device to input unlocking code (i.e. PIN) to unlock device as shown in Fig 6 (i.e. keypad or touch pad activated to only enter unlocking code to unlock the device)).
Thus, it would have been obvious to one ordinary skill in the art before the effective filing date to implement the teaching of Hartway into the combined teaching of Adams, Pahl and HLAING by blocking the keypad access when device in in locked state. One would be motivated to do so in order to prevent unauthorizes access of the device when it is in a locked state (Hartway on [0006]).

Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 

Any inquiry concerning this communication or earlier communications from the examiner should be directed to MOEEN KHAN whose telephone number is (571)272-3522.  The examiner can normally be reached on 7AM-5PM EST M-TH Alternate Fridays.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Shewaye Gelagay can be reached on (571)272-4219.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/MOHAMMAD W REZA/Primary Examiner, Art Unit 2436                                                                                                                                                                                                        




/MOEEN KHAN/Examiner, Art Unit 2436