DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Information Disclosure Statement
The information disclosure statements (IDS) submitted on 22 September 2020 and 19 May 2021 have been considered by the examiner.
Claim Rejections - 35 USC § 102
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –

(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale, or otherwise available to the public before the effective filing date of the claimed invention.


Claims 1-6 and 10-19 are rejected under 35 U.S.C. 102(a)(1) as being anticipated by Patti et al., USPN 2013/0073854.
With regard to claim 1, Patti discloses a security processor (0029), including a key generator circuit configured to randomly generate a key (0009, 0039), an encryption circuit configured to encrypt user data based on the key (0038), and a security manager circuit configured to receive a first user identification (ID), which uniquely corresponds to a user of a device (0047), and determine whether to allow access to the user data by authenticating the first user ID (0047).
With regard to claim 2, Patti discloses the processor of claim 1, as outlined above, and further discloses the security manager circuit includes an authentication circuit configured to determine whether the user of the device is authorized to access the user data based on the first user ID (0047), and a permission circuit configured to receive a first access ID (permissions listed in the ACL) and determine whether the first access ID has access authority for the user data (0047).
With regard to claim 3, Patti discloses the processor of claim 1, as outlined above, and further discloses the authentication circuit is further configured to generate a key list including an authorized user ID of an authorized user having authority to access the user data (0006), area information about an area of a memory in which the user data is stored (0011, claim 17), and the key used to encrypt the user data (0006), and the authentication circuit is further configured to determine whether the first user ID matches the authorized user ID based on the key list, and determine whether the user of the device is authorized to access the user data (“receive, from a user, an access request from a user requesting access to a requested data object, and send, to the user, a copy of the requested encrypted data object to the user if the ACL associated with the data object indicates that the user has permission to access the data object“,  0006).
With regard to claim 4, Patti discloses the processor of claim 1, as outlined above, and further discloses the authentication circuit is further configured to generate a key ID corresponding to the key (in the meta-data, 0053) and generate the key list by adding the generated key ID to the key list, wherein the generated key ID is stored in the memory together with the user data (0006).
With regard to claim 5, Patti discloses the processor of claim 1, as outlined above, and further discloses the permission circuit is further configured to generate a permission list (0047, 0006) including an authorized access ID having access authority for the user data (read permission), area information about an area of a memory in which the user data is stored (0011, claim 17), and information about whether access to the user data is granted (0047, 0006), and the permission circuit is further configured to determine whether the first access ID matches the authorized access ID based on the permission list (read access, 0047), and determine whether to authorize the first access ID to access the user data (determine if read permission is allowed, 0047).
With regard to claim 6, Patti discloses the processor of claim 1, as outlined above, and further discloses the permission circuit is further configured to output the key when the first access ID matches the authorized access ID (“access controller 330 may provide the requesting user 110 with the encrypted ACL key”, 0047).
With regard to claims 10, 12-17, and 19, Patti discloses the processor of claim 1, as outlined above, and further discloses the security manager circuit is further configured to generate a key list including an authorized user ID of an authorized user authorized to access the user data, area information about an area of a memory in which the user data is stored, and the key used to encrypt the user data (in the meta-data, 0053, 0006), a permission list inlcuding an authorized access ID having access authority for the user data, the area information, and information about whether access to the user data is granted (0047), and a public key list including an access ID and correspondence information about a public key corresponding to the access ID (0049), wherein the security manager circuit is further configured to store the generated key list, the generated permission list, and the generated public key list in a secure memory (0005, Fig. 3).
With regard to claim 11, Patti discloses the processor of claim 1, as outlined above, and further discloses the security manager circuit is further configured to update at least one of the key list, the permission list, and the 4public key list based on a request from the user of the device (0048).
With regard to claim 18, Patti discloses the processor of claim 1, as outlined above, and further discloses the security processor is further configured to encrypt the key using a public key corresponding to the first access ID (“a copy of a symmetric key corresponding to the ACL (ACL key) encrypted with the public encryption key of the user”, 0006), and to output the encrypted key when the first access ID matches the authorized access ID (“receive, from a user, an access request from a user requesting access to a requested data object, and send, to the user, a copy of the requested encrypted data object to the user if the ACL associated with the data object indicates that the user has permission to access the data object“,  0006).
Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claim 7-9 and 21 are rejected under 35 U.S.C. 103 as being unpatentable over Patti in view of Cruzado et al., USPN 2007/0043978.
With regard to claims 7 and 9, Patti discloses the processor of claim 1, as outlined above, and further discloses the authentication circuit is further configured to generate a first key ID corresponding to the key and store the generated first key ID in the memory with the user data (in the meta-data, 0053), and that the ACL key can be encrypted with a public key (“a copy of a symmetric key corresponding to the ACL (ACL key) encrypted with the public encryption key of the user”, 0006, 0074), and further discloses outputting the key when the first access ID matches the authorized access ID (“access controller 330 may provide the requesting user 110 with the encrypted ACL key”, 0047). Patti does not disclose outputting the public key, but rather stores the key as encrypted by the public key in the ACL (0006). Patti does disclose that the key should be sent to the user encrypted with the public key (“and send, to a user, the copy of the ACL key encrypted with the public key of the user”, 0006). Cruzado discloses encrypting data with a public key prior to transmission (0041).The examiner further takes official notice that is well known in the art to encrypt data prior to transmission. It would have been obvious for one of ordinary skill in the art, prior to the instant effective filing date, to encrypt the key of Patti with the public key prior to transmission, as taught by Cruzado and official notice, for the motivation of reduce processing needs at the creation of the ACL by only performing encryption once a key was actually requested.
With regard to claim 8, Patti in view of Cruzado discloses the processor of claim 1, as outlined above, and Patti further discloses the permission circuit is further configured to generate a public key list including the first access ID and correspondence information about the public key corresponding to the first access ID (user profile storage 340, 0045, 0049, Fig. 3). The motivation to combine remains the same as outlined above.
With regard to claim 21, Patti in view of Cruzado discloses the processor of claim 1, as outlined above, and Cruzado further discloses that a debugger can be granted access to secure data and encrypting data transmitted to the debugger (0011). It would have been obvious for one of ordinary skill in the art, prior to the instant effective filing date, to use the data access authorization of Patti to protect the debugged data of Cruzado for the motivation of improved data protection.
References Cited
Hamlin, USPN 7,155,616, discloses a system for providing secure access to encrypted data using a user ID (Fig. 4, column 6 lines 1-14) and discloses protecting such data from unauthorized debuggers (column 2 lines 40-43), but does not mention storing data with a randomly generated key.
Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to JACOB LIPMAN whose telephone number is (571)272-3837. The examiner can normally be reached 5:30AM-6:00PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Kambiz Zand can be reached on 571-272-3811. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/JACOB LIPMAN/Primary Examiner, Art Unit 2434