Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Continued Examination Under 37 CFR 1.114
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection.  Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114.  Applicant's submission filed on 06/13/2022 has been entered.
Response to Arguments
Applicant's response with amendments filed 06/13/2022 have been received and entered.
Applicant has amended claims 1, 6-9, 11-18, and 20-22. Amended claims have been examined on the merits.
Applicant’s arguments, see Applicant Arguments page 8, with respect to the rejection(s) under 35 U.S.C. 112(b) have been fully considered and are not persuasive. Therefore, the rejection has been maintained. 
	In response to Applicant's argument that " The claims require a memory storing programmed instructions and one or more processors configured to be capable of executing those stored instructions” and “the question of whether any instructions are actively being executed is beside the point”, Examiner acknowledged Applicant’s perspective but respectfully disagreed for the following reasons. Examiner still maintains that that capability of execution of instructions does not clearly convey execution of instructions. Applicant is advised to amend the claims to recite “processors configured to execute the stored programmed instructions”.
Applicant’s arguments, see Applicant Arguments pages 11-16, with respect to the rejection(s) of the independent claims 1, 8, 14 and 18 under 35 U.S.C. 103 have been fully considered and are persuasive. Therefore, the rejection has been withdrawn. However, upon further consideration, a new ground(s) of rejection is made in view of GAO et al. (CN 106470248), hereinafter GAO.
Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.


The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.


Claims 8-13 and 18-22 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA  35 U.S.C. 112, the applicant), regards as the invention. Specifically, claim 8 (and 18) recite the limitation "one or more processors configured to be capable of executing the stored programmed instructions to", and applicants do not point out clearly if the computing system/apparatus is in fact programmed to perform the steps. Therefore, this limitation with these ambiguous terms is indefinite with the present application. The examiner will interpret this limitation with the regarding claims as best understood for applying appropriate art for rejection purposes. Appropriate correction is required.
Claim Rejections - 35 USC § 102
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –

(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale, or otherwise available to the public before the effective filing date of the claimed invention.


Claims 8 and 18 are rejected under 35 U.S.C. 102(a)(1) as being anticipated by Rudzitis et al. (US20190342079), hereinafter Rudzitis.
	Regarding Claim 8, Rudzitis teaches
	A system comprising one or more network traffic management modules, networking modules, or server modules, memory comprising programmed instructions stored thereon, and one or more processors configured to be capable of executing the stored programmed instructions to: receive an initial request to perform a first cryptographic operation using a key stored in security hardware circuitry, the initial request identifying the key using a persistent attribute of the key; in response to servicing the initial request, use the persistent attribute of the key to query the security hardware circuitry by a thread of execution to receive a volatile attribute of handle for the key from the security hardware circuitry, wherein the volatile handle for the key changes during a lifetime of the key; store the volatile handle for the key in association with the thread of execution external to the security hardware circuitry to enable subsequent requests by the thread of execution to perform cryptographic operations on the security hardware circuitry without querying the security hardware circuitry for the volatile handle for the key; receive a subsequent request to perform a second cryptographic operation using the key stored in the security hardware circuitry, the subsequent request identifying the key using the persistent attribute of the key; and service the subsequent request by using the thread of execution and the security hardware circuitry, and identifying the key using the stored volatile handle for the key associated with the thread of execution without querying the security hardware circuitry for the volatile handle for the key (Para [0059] … In an embodiment where a system includes computerized devices, …, at least one central processing unit (“CPU” or “processor”), at least one input device …, at least one storage device such as disk drives, optical storage devices, and solid-state storage devices such as random access memory (“RAM”) or read-only memory (“ROM”), as well as removable media devices, memory cards, flash cards, etc., and various combinations thereof). 
Examiner notes that the phrase “one or more processor…. Instructions to” in the preamble has not been given patentable weight because it is preceded by the phrase “configured to be capable of”, and is merely descriptive of a processor with executable capable performing a function. Therefore, such limitations fail to distinguish the claimed invention over prior art.  
Regarding Claim 18,
Claim 18 is rejected for similar reasons as in claim 8.
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1, 4, 8, 9, 14 and 18 are rejected under 35 U.S.C. 103 as being unpatentable over Rudzitis et al. (US20190342079), hereinafter Rudzitis in view of GAO et al. (CN 106470248), hereinafter GAO in view of Akinyele et al. (US 9209974), hereinafter Akinyele.
	Regarding Claim 1, Rudzitis teaches
	A secure communications method implemented in cooperation with a network traffic management system comprising one or more network traffic management modules, networking modules, or server modules, the method comprising: receiving an initial request to perform a first cryptographic operation using a key stored in security hardware circuitry ([Abstract] A network-based service for the management of cryptographic key, such as a key management service ("KMS"), provides a web service application programming interface ("API"). Cryptographic keys managed by the service may be stored in a one or more network-connected cryptographic devices such as network-connected hardware security modules ("HSM"). The key management service maintains metadata associated with the cryptographic keys. When a request is received by the key management service, the key management service uses an identifier provided with the request to identify metadata associated with a cryptographic key used to fulfill the request),
	the initial request identifying the key using a persistent attribute of the key (Para [0023] FIG. 2 illustrates an example of a system 200 that includes a key management server that manages keys stored in an HSM, in an embodiment. …  In an embodiment the request includes a key identifier. … );
	the subsequent request identifying the key using the persistent attribute of the key (Para [0023] FIG. 2 illustrates an example of a system 200 that includes a key management server that manages keys stored in an HSM, in an embodiment. …  In an embodiment the request includes a key identifier. … ); and
	servicing the subsequent request by using the thread of execution and the security hardware circuitry, and identifying the key using the stored volatile handle for the key associated with the thread of execution without querying the security hardware circuitry for the volatile handle for the key (Para [0036] “In an embodiment, the metadata includes credentials used to access the cryptographic device on which the cryptographic key is stored. In an embodiment, the metadata includes a handle, token, or associated identifier that identifies the cryptographic key to the cryptographic device”.   Para [0045] In an embodiment, at block 708, the HSM returns a key identifier to the key management server for use in referencing the cryptographic key. In an embodiment, at block 710, the key management server generates a label for the cryptographic key, and at block 712, the key identifier and the label are stored as metadata in a data store accessible to the key management server. In an embodiment, at block 714, the key label is returned to the requester. In an embodiment, the requester, or other entity, may perform cryptographic operations using the cryptographic key by identifying the cryptographic key with the label to the key management service).
	Rudzitis does not explicitly teach in response to servicing the initial request, using the persistent attribute of the key to query the security hardware circuitry by a thread of execution to receive a volatile handle for the key from the security hardware circuitry, wherein the volatile handle for the key changes during a lifetime of the key; receiving a subsequent request to perform a second cryptographic operation using the key stored in the security hardware circuitry.
	In the same field of endeavor, GAO teaches
	in response to servicing the initial request, using the persistent attribute of the key to query the security hardware circuitry by a thread of execution to receive a volatile handle for the key from the security hardware circuitry, wherein the volatile handle for the key changes during a lifetime of the key (Para [0024] Specifically, OpenDNSSEC server to the DNS zone for managing the creation, on one hand, key life cycle management process is performed to realize the key life cycle management of the DNS zone managed by the OpenDNSSEC server. An exemplary, first key life cycle management module E communicates with the hardware security module (Hardware Security Module (HSM) via a first interface (pkcs # 11), requesting DNS zone managed by the HSM to generate corresponding key data, the key data for the corresponding resource record of the DNS zone information and cryptographic signature. the key data includes key data of the key identifier [i.e. persistent attribute] and key life cycle parameter key identifier [i.e. volatile handle] and key life cycle parameter [i.e. lifetime of the key], OpenDNSSEC server of key lifecycle management module E obtains the DNS zone through the first interface from the HSM (pkcs # 11) corresponding to the key life cycle management process to manage the life cycle of the corresponding key data is performed. when the key data of a DNS zone expires, key life cycle management module E will delete the key data of the key identifier and key life cycle parameter corresponding to the DNS zone, at the same time, instructs the HSM to delete key data corresponding to the DNS zone via a first interface (pkcs # 11));
	receiving a subsequent request to perform a second cryptographic operation using the key stored in the security hardware circuitry (Para [0024] “An exemplary, first key life cycle management module E communicates with the hardware security module (Hardware Security Module (HSM) via a first interface (pkcs # 11), requesting DNS zone managed by the HSM to generate corresponding key data, the key data for the corresponding resource record of the DNS zone information and cryptographic signature. the key data includes key data of the key identifier and key life cycle parameter key identifier and key life cycle parameter, OpenDNSSEC server of key lifecycle management module E obtains the DNS zone through the first interface from the HSM (pkcs # 11) corresponding to the key life cycle management process to manage the life cycle of the corresponding key data is performed”).
	It would have been prima facie obvious to one of ordinary skill int he art before the effective filing date of the claimed invention to have modified the method taught by Rudzitis to incorporate teachings of GAO such that the method of Rudzitis provides in response to servicing the initial request, using the persistent attribute of the key to query the security hardware circuitry by a thread of execution to receive a volatile handle for the key from the security hardware circuitry, wherein the volatile handle for the key changes during a lifetime of the key; receiving a subsequent request to perform a second cryptographic operation using the key stored in the security hardware circuitry.  One would have been motivated to make such combination in order so that the key data includes key data of the key identifier and key life cycle parameter key identifier and key life cycle parameter (GAO, Para [0024]).
	The combination of Rudzitis and GAO does not explicitly teach storing the volatile handle for the key in association with the thread of execution external to the security hardware circuitry to enable subsequent requests by the thread of execution to perform cryptographic operations on the security hardware circuitry without querying the security hardware circuitry for the volatile handle for the key.
	In the same field of endeavor, Akinyele teaches
	storing the volatile handle for the key in association with the thread of execution external to the security hardware circuitry to enable subsequent requests by the thread of execution to perform cryptographic operations on the security hardware circuitry without querying the security hardware circuitry for the volatile handle for the key (Col. 4, lines 29-49, In one example embodiment, a method for selecting a decryption key for decrypting a functional encryption ciphertext comprises electronically storing one or more decryption key metadata parameters for a plurality of candidate decryption keys for a functional encryption ciphertext; storing a functional encryption ciphertext, wherein either: an access control function is embedded with the ciphertext during encryption and an attribute set is embedded with a decryption key; or the attribute set is embedded with the ciphertext during encryption and the access control function is embedded with the decryption key; … searching the set of candidate keys to identify a key matching the extracted functional input; and selecting one of the identified candidate keys matching the scheme type and the extracted functional input as a decryption key for the functional encryption ciphertext.  Col. 19, lines 20-23, As used herein, “software” processes may include, for example, software and/or hardware entities that perform work over time, such as tasks, threads, and intelligent agents).
	It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the method taught by the combination of Rudzitis and GAO to incorporate teachings of Akinyele such that the method of the combination of Rudzitis and GAO includes storing the volatile handle for the key in association with the thread of execution external to the security hardware circuitry to enable subsequent requests by the thread of execution to perform cryptographic operations on the security hardware circuitry without querying the security hardware circuitry for the volatile handle for the key. One would have been motivated to make such combination in order to provide electronically storing one or more decryption key metadata parameters for a plurality of candidate decryption keys for a functional encryption ciphertext, ..., searching the meta data para meters to identify a set of candidate keys matching the scheme type of the ciphertext (Akinyele, [Abstract]).
	Regarding Claim 4, the combination of Rudzitis, Gao, and Akinyele teaches all the limitations of claim 1 above,
	wherein the persistent attribute of the key is a name of the key and the volatile handle for the key is a key handle assigned by the security hardware circuitry for the thread of execution accessing the security hardware circuitry using a given session (Rudzitis, Para [0028] … In an embodiment, the key management service 308 queries a database 310 in order to retrieve metadata 312 associated with the provided key identifier. In an embodiment, the metadata includes a key handle which, as a result of being provided to an HSM identified in the metadata 312, identifies a particular key on the HSM).
Regarding Claims 8, and 18,
Claims 8, and 18 are rejected for similar reasons as in claim 1.
	Rudzitis teaches
	A system comprising one or more network traffic management modules, networking modules, or server modules, memory comprising programmed instructions stored thereon, and one or more processors configured to be capable of executing the stored programmed instructions to (Para [0059] … In an embodiment where a system includes computerized devices, …, at least one central processing unit (“CPU” or “processor”), at least one input device …, at least one storage device such as disk drives, optical storage devices, and solid-state storage devices such as random access memory (“RAM”) or read-only memory (“ROM”), as well as removable media devices, memory cards, flash cards, etc., and various combinations thereof).
Regarding Claim 9,
Claim 9 is rejected for similar reasons as in claim 4.
Regarding Claim 14,
Claim 14 is rejected for similar reasons as in claim 1.
Claims 2, 3, 6, 10, 12, 16, 19, and 21 are rejected under 35 U.S.C. 103 as being unpatentable over Rudzitis et al. (US20190342079), hereinafter Rudzitis in view of GAO et al. (CN 106470248), hereinafter GAO in view of Akinyele et al. (US 9209974), hereinafter Akinyele in view of Dayka et al. (US 20170093818), hereinafter Dayka.	
	Regarding Claim 2, the combination of Rudzitis, Gao, and Akinyele teaches all the limitations of claim 1 above,
	The combination of Rudzitis, Gao, and Akinyele does not explicitly teach wherein the security hardware circuitry is a hardware security module.
	In the same field of endeavor, Dayka teaches
	wherein the security hardware circuitry is a hardware security module (Para [0045] The present method may be implemented as a hardware security module that may comprise a central processing unit (CPU) and a pre-processing unit dedicated to cryptography service provider (CSP), comprising the encryption module 125, the decryption module 160, the authentication module 130, the verification module 155, and an instance of the CSP storage 135, 165).
	It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the method taught by the combination of Rudzitis, Gao, and Akinyele to incorporate teachings of Dayka such that the method of the combination of Rudzitis, Gao, and Akinyele includes wherein the security hardware circuitry is a hardware security module. One would have been motivated to make such combination in order to provide multi-level security (MLS) for cryptography service provider (CSP). (Dayka, para [0066]).
	Regarding Claim 3, the combination of Rudzitis, Gao, and Akinyele teaches all the limitations of claim 1 above,
	wherein communication with the security hardware circuitry is performed using a Public Key Cryptography Standard (Dayka, Para [0018] An example of a CSP API, may be Public Key Cryptography Standards (PKCS) #11, which is one of the industry-accepted standards of cryptography service that is provided by RSA.RTM. Laboratories of RSA Security LLC. (RSA is a registered trademark of EMC Corporation, Hopkinton, Mass., USA.) PKCS #11 specifies an application programming interface (API) to devices, which hold cryptographic information and run cryptographic functions. Another example of a CSP API may be Secure IBM Enterprise Public Key Cryptography Standards (PKCS) #11 (EP11), which will be discussed in greater detail herein. (IBM.RTM. is a registered trademarks of International Business Machines Corporation, Armonk, N.Y., USA.)).
	The motivation/rationale to combine the references is similar to claim 2 above.
	Regarding Claim 6, the combination of Rudzitis, Gao, and Akinyele teaches all the limitations of claim 1 above,
	The method of claim 1, further comprising: detecting that the volatile handle for the key is invalid (Dayka, Para [0058] The CSP storage 190 represents exemplary attributes of the key/type evolution in implementing MLS-capable CSP. The example illustrates how the validity of each key/type transformation may be verified locally by each MLS operation, how to combine attributes pursuant to merging service requested, key-specific attributes, and MLS restrictions embedded into the backend:  Para [0024] “In an embodiment, the metadata includes a key handle which, as a result of being provided to an HSM identified in the metadata 212, identifies a particular key on the HSM”);
	in response to detecting that the volatile handle for the key is invalid (Dayka, Para [0059] One instance MLS restrictions for the encryption module 125E comprises key properties for encryption KE, system rule for encryption RE, and data properties for encryption DE. The key properties for encryption KE are represented as "CKA_ENCRYPT=TRUE" indicating that an encryption key is enabled to encrypt and that by applying the encryption key, the plaintext data is transformed into ciphertext. The system rule for encryption RE is represented as "CKA_KEY TYPE=D1-D2" indicating that Type 1 data (D1) may be transformed into Type 2 data (D2) by the encryption key. The data properties for encryption DE is represented as "INPUT_TYPE=D1, OUTPUT_TYPE=D2" indicating that the encryption module takes plaintext tagged as Type 1/D 1 as input and generates ciphertext tagged as Type 2/D2 that is corresponding to the input D1. Where an encryption-incapable keys, as represented by "CKA_ENCRYPT=FALSE," or type-transformation rules other than from D1 to D2, the encryption module does not proceed with encryption but returns to the source application, reporting error),
	The motivation/rationale to combine the references is similar to claim 2 above.
Regarding Claim 10,
Claim 10 is rejected for similar reasons as in claim 2.
	Regarding Claim 6, the combination of Rudzitis, Gao, and Akinyele teaches all the limitations of claim 1 above,
	Regarding Claims 12, 16 and 21,
Claims 12, 16 and 21 are rejected for similar reasons as in claim 6.
	Regarding Claim 19,
Claim 19 is rejected for similar reasons as in claim 3.
Claims 5, 11, 15, and 20 are rejected under 35 U.S.C. 103 as being unpatentable over Rudzitis et al. (US20190342079), hereinafter Rudzitis in view of GAO et al. (CN 106470248), hereinafter GAO in view of Akinyele et al. (US 9209974), hereinafter Akinyele in view of O'Loughlin et al. (US 20120102334), hereinafter O'Loughlin.
	Regarding Claim 5, the combination of Rudzitis, Gao, and Akinyele teaches all the limitations of claim 1 above,
	in response to the first thread receiving the volatile handle for the key, performing a plurality of queries of the security hardware circuitry for the remaining plurality of threads of execution to obtain a respective volatile handle for the key for each thread of the remaining plurality of threads of execution (Rudzitis, Para [0024] In an embodiment, the request including the key identifier is received at a key management service 208 hosted by the key management server 202. … In an embodiment, the key management service 208 queries a database 210 in order to retrieve metadata 212 associated with the provided key identifier. In an embodiment, the metadata includes a key handle which, as a result of being provided to an HSM identified in the metadata 212, identifies a particular key on the HSM); and
	storing the respective volatile handles for the key for the remaining plurality of threads of execution in a data structure external to the security hardware circuitry (Rudzitis, Para [0016] FIG. 1 illustrates an example of a system 100 that manages cryptographic keys that are stored in a hardware security module, in an embodiment. In an embodiment, a key management service 102 is a managed service that allows customers to create, delete, rotate, and use cryptographic keys on behalf of the customer.  … Para [0018] … In an embodiment, the key management service 102 identifies the cryptographic key associated with the information, and connects to a database 108 to retrieve a set of metadata 110 associated with the identified cryptographic key. In an embodiment, the database 108 may be a relational database, data store, data structure, key-value store, or memory that contains the metadata. The database 108 may be a memory in the computer system that hosts the key management service 102 or storage device external to the computer system that hosts the key management service 102 that is accessible via a computer network or external connection).
	The combination of Rudzitis, Gao, and Akinyele does not explicitly teach the method of claim 1, wherein the thread of execution is a first thread of a plurality of threads of execution.
	In the same field of endeavor, O'Loughlin teaches
	The method of claim 1, wherein the thread of execution is a first thread of a plurality of threads of execution (Para [0097] As noted above, the controller 22 monitors a list of jobs for each appliance 18. This creates a multithreaded design which allows each appliance 18 to be serviced independently of the others. In addition, jobs on each appliance 18 may also be performed concurrently and independently of the others. … A time synchronization utility is also provided to synchronize time on each appliance 18 with the controller 22 to ensure that the system time and the HSM time on the controller 22 and appliances 18 are specified in UTC and are the same).
	It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the method taught by the combination of Rudzitis, Gao, and Akinyele to incorporate teachings of O'Loughlin such that the method of the combination of Rudzitis, Gao, and Akinyele includes wherein the initial request is assigned to be executed by a first thread of a plurality of threads of execution. One would have been motivated to make such combination in order to provide multithreaded design which allows each appliance to be serviced independently of the others. In addition, jobs on each appliance may also be performed concurrently and independently of the others. (O'Loughlin, para [0097)).
	Regarding Claims 11, 15 and 20,
Claims 11, 15 and 20 are rejected for similar reasons as in claim 5.	
Claims 7, 13, 17, and 22 are rejected under 35 U.S.C. 103 as being unpatentable over Rudzitis et al. (US20190342079), hereinafter Rudzitis in view of GAO et al. (CN 106470248), hereinafter GAO in view of Akinyele et al. (US 9209974), hereinafter Akinyele in view of Norum et al. (US 20200059373), hereinafter Norum.
	Regarding Claim 7, the combination of Rudzitis, Gao, and Akinyele teaches all the limitations of claim 1 above,
	[wherein] using the new session, querying the security hardware circuitry to receive a new volatile handle for the key (Rudzitis, Para [0024] In an embodiment, the request including the key identifier is received at a key management service 208 hosted by the key management server 202. … In an embodiment, the key management service 208 queries a database 210 in order to retrieve metadata 212 associated with the provided key identifier. In an embodiment, the metadata includes a key handle which, as a result of being provided to an HSM identified in the metadata 212, identifies a particular key on the HSM); and
	storing the new volatile handle for the key in a data structure external to the security hardware circuitry (Rudzitis, Para [0016] FIG. 1 illustrates an example of a system 100 that manages cryptographic keys that are stored in a hardware security module, in an embodiment. In an embodiment, a key management service 102 is a managed service that allows customers to create, delete, rotate, and use cryptographic keys on behalf of the customer.  …  Para [0018] … In an embodiment, the key management service 102 identifies the cryptographic key associated with the information, and connects to a database 108 to retrieve a set of metadata 110 associated with the identified cryptographic key. In an embodiment, the database 108 may be a relational database, data store, data structure, key-value store, or memory that contains the metadata. The database 108 may be a memory in the computer system that hosts the key management service 102 or storage device external to the computer system that hosts the key management service 102 that is accessible via a computer network or external connection).
	The combination of Rudzitis, Gao, and Akinyele does not explicitly teach detecting that a session associated with the key is no longer valid; establishing a new session with the security hardware circuitry.
	In the same field of endeavor, Norum teaches
	The method of claim 1, further comprising: detecting that a session associated with the key is no longer valid (Para [0092] The system may receive 1108 a request to establish a cryptographically protected communication session. The request may be made by an HSM in the fleet of a virtual HSM. As part of the request to establish the session, the system may receive a digital certificate that is signed, either directly or indirectly (e.g., verifiable via a chain of trust) by a service certificate authority and a manufacturer certificate authority.  … Para [0093] The system may determine whether a digital certificate is valid by determining whether one or more digital signatures found on the certificate is authentic, whether the digital certificate is signed by a required signatory, and/or whether a chain of trust from the certificate to a trusted certificate authority is unbroken. Additionally, certificates that have expired, been revoked, been blacklisted, or known to be compromised may also be determined to be invalid).
	It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the method taught by the combination of Rudzitis, Gao, and Akinyele to incorporate teachings of Dayka such that the method of the combination of Rudzitis, Gao, and Akinyele includes detecting that a session associated with the key is no longer valid; establishing a new session with the security hardware circuitry. One would have been motivated to make such combination in order to provide establishing a cryptographically protected communication session (Norum, para [0094]).
 Regarding Claims 13, 17 and 22,
Claims 13, 17 and 22 are rejected for similar reasons as in claim 7.
Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to HAMID TALAMINAEI whose telephone number is (571)270-3283. The examiner can normally be reached Flexible, M-F 7:30 -5:30.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Shewaye Gelagay can be reached on (571) 272-4219. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.




/HAMID TALAMINAEI/
Examiner, Art Unit 2436                                                                                                                                                                                         
/FATOUMATA TRAORE/Primary Examiner, Art Unit 2436