Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .


DETAILED ACTION
The instant application having Application No. 17/006,139 is presented for examination by the examiner.



Double Patenting
The nonstatutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper timewise extension of the “right to exclude” granted by a patent and to prevent possible harassment by multiple assignees. A nonstatutory double patenting rejection is appropriate where the conflicting claims are not identical, but at least one examined application claim is not patentably distinct from the reference claim(s) because the examined application claim is either anticipated by, or would have been obvious over, the reference claim(s). See, e.g., In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969).
A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) or 1.321(d) may be used to overcome an actual or provisional rejection based on nonstatutory double patenting provided the reference application or patent either is shown to be commonly owned with the examined application, or claims an invention made as a result of activities undertaken within the scope of a joint research agreement. See MPEP § 717.02 for applications subject to examination under the first inventor to file provisions of the AIA  as explained in MPEP § 2159. See MPEP § 2146 et seq. for applications not subject to examination under the first inventor to file provisions of the AIA . A terminal disclaimer must be signed in compliance with 37 CFR 1.321(b). 
The USPTO Internet website contains terminal disclaimer forms which may be used. Please visit www.uspto.gov/patent/patents-forms. The filing date of the application in which the form is filed determines what form (e.g., PTO/SB/25, PTO/SB/26, PTO/AIA /25, or PTO/AIA /26) should be used. A web-based eTerminal Disclaimer may be filled out completely online using web-SRCeens. An eTerminal Disclaimer that meets all requirements is auto-processed and approved immediately upon submission. For more information about eTerminal Disclaimers, refer to www.uspto.gov/patents/process/file/efs/guidance/eTD-info-I.jsp.
Claim 13 is rejected on the ground of nonstatutory double patenting as being unpatentable over claim 10 of U.S. Patent No. 10,778,429. Although the claim at issue are not identical, they are not patentably distinct from each other because all the limitation of broader genus claims of instant claim 13 are contained in the narrower species claim 10 of ‘429, as enunciated in (ELI LILLY AND COMPANY v BARR LABORATORIES, INC., United States Court of Appeals for the Federal Circuit, ON PETITION FOR REHEARING EN BANC (DECIDED:  May 30, 2001).  “A later patent claim is not patentably distinct from an earlier patent claim if the later claim is obvious over, or anticipated by, the earlier claim.  In re Longi, 759 F.2d at 896, 225 USPQ at 651 (affirming a holding of obviousness-type double patenting because the claims at issue were obvious over claims in four prior art patents); In re Berg, 140 F.3d at 1437, 46 USPQ2d at 1233 (Fed. Cir. 1998) (affirming a holding of obviousness-type double patenting where a patent application claim to a genus is anticipated by a patent claim to a species within that genus). “ ELI LILLY AND COMPANY v BARR LABORATORIES, INC., United States Court of Appeals for the Federal Circuit, ON PETITION FOR REHEARING EN BANC (DECIDED:  May 30, 2001)..



Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains.  Patentability shall not be negated by the manner in which the invention was made.


Claims 1, 2, 7, 8, 10, and 12 are rejected under 35 U.S.C. 103 as being unpatentable over USP Application Publication 2014/0136832 to Klum et al., hereinafter Klum in view of USP Application Publication 2017/0250801 to Chen et al., hereinafter Chen.

As per claim 1, Klum teaches generating a determination to allow a first hardware security module to obtain access to a first subset of cryptographic information of a set of cryptographic information (0042) stored by a fleet of hardware security modules of which the first hardware security module is a member (0058-Aspect #16), where hardware security modules of the fleet of hardware security modules have access to a fleet key [0036 and 0039]; 
causing the first hardware security module to transmit a request for information [report information needed to retrieve; 0043 and 0053] associated with the first subset of cryptographic information (0054); and 
causing the first hardware security module to generate the first subset of cryptographic information [original data] based at least in part on the information [lists where the fragments are; 0043] and 
a second subset of cryptographic information [minimum number of fragments needed to reassemble original data] of the set of cryptographic information (0054), where the first hardware security module is able to access the second subset of cryptographic information (0054).
Klum does not teach the cryptographic key are stored across the fleet or requesting parity information associated with the keys to generate the first cryptographic key.
Chen teaches the cryptographic key are stored across the fleet (0017) and requesting parity information associated with the keys to generate the first cryptographic key (0061).  Chen uses parity information in case pieces, of the data that makeup the key, are lost.  Klum is not specific on which type of data is backed up on the servers.  The system of Klum could have obviously backed up keys and being able to recover lost data is very beneficial.  The claim is obvious because one of ordinary skill in the art can combine known methods which do not produce unpredictable results.   The type of data backed up does not in any way yield unpredictable results.  

As per claim 2, the combined system of Klum and Chen teaches the parity information is retained on a network-based data storage service that does not have access to the fleet key [Klum encrypts the fragments before sending to the storage servers which are not taught to have the ability to decrypt the fragments because they must send them back to the server 14 for decryption and reassembly; 0054]; and 
the parity information is encrypted with the fleet key [all data fragments are encrypted before sending to the storage servers.  Therefore, the parity information of Chen would simply be encrypted when combined with the encryption key; 0039].

As per claim 7, Klum teaches determine that a first cryptographic information of a set of cryptographic information [files need recovery] maintained by the system is unavailable (0054), where the set of cryptographic information is maintained by a fleet of hardware security modules of which the system is a member (0042);
 transmit a request for information [report information needed to retrieve; 0043 and 0053] associated with the first cryptographic information from a hardware security module of the fleet of hardware security modules (0054); 
obtain information by at least decrypting encrypted information with a fleet key associated with the fleet of hardware security modules [encrypted fragments returned to server 14 from storage servers indicated in the report; 0039 and 0054]; and 
regenerate the first cryptographic information based at least in part on the information [reassemble fragments; 0054].
Klum does not teach the cryptographic key are maintained across the fleet or requesting parity information associated with the keys to generate the first cryptographic key.
Chen teaches the cryptographic key are stored across the fleet (0017) and requesting parity information associated with the keys to generate the first cryptographic key (0061).  Chen uses parity information in case pieces, of the data that makeup the key, are lost.  Klum is not specific on which type of data is backed up on the servers.  The system of Klum could have obviously backed up keys and being able to recover lost data is very beneficial.  The claim is obvious because one of ordinary skill in the art can combine known methods which do not produce unpredictable results.   The type of data backed up does not in any way yield unpredictable results.  

As per claim 8, the combined system of Klum and Chen teaches to transmit the parity information to a second hardware security module [receiving device 22 can be a server; 0034; with anti-tampering, Aspect #16]  within the fleet of hardware security modules to allow the second hardware security module to regenerate at least one cryptographic key based at least in part on the parity information [system allows user to send backup data fragments to another user at the receiving device and passes the necessary decryption key; 0031 and Aspects #11 and #17].

As per claim 10, the combined system of Klum and Chen teaches generate the parity information representing the set of cryptographic keys [Chen: 0058]; encrypt the parity information with the copy of the fleet key to generate the encrypted parity information [all fragments are encrypted by Klum; 0039]; and provide the encrypted parity information to the storage service [Klum: 0039 and 0040].

As per claim 12, the combined system of Klum and Chen teaches to cause the system to provide a second hardware security module [receiving device 22 can be a server; 0034; with anti-tampering, Aspect #16] with the fleet key and the first cryptographic key [system allows user to send backup data fragments to another user at the receiving device and passes the necessary decryption key; 0031 and Aspects #11 and #17.  Receiving device 22 needs the fleet key used by 14 to in order to decrypt the encrypted fragment which when reassembled is the cryptographic key shared by the user].

Claim(s) 3 and 9 is/are rejected under 35 U.S.C. 103 as being unpatentable over Klum and Chen as applied to claims 1 and 7 above, and further in view of NPL entitled Simple Regenerating Codes: Network Coding for Cloud Storage, hereinafter SRC, published 2012.

As per claim 3, Klum and Chen are silent in explicitly teaching determining a second hardware security module to add to the fleet of hardware security modules; and adding the second hardware security module to the fleet of hardware security modules by at least causing the first hardware security module to provide the set of cryptographic keys to the second hardware security module.  SRC teaches determining a second hardware security module to add to the fleet of hardware security modules; and adding the second hardware security module to the fleet of hardware security modules by at least causing the first hardware security module to provide the set of cryptographic keys to the second hardware security module as a new member node member joins the group and it receives the necessary fragments and parity bits to reconstruct lost fragments (Section II, Fig. 3 repair example).  The parity bits, taught by Chen and SRC, enable this functionality.  Not only can data lost to errors be recovered but the system can restore fragments that were on a lost member of the fleet.  The claim is obvious because one of ordinary skill in the art can combine known methods which do not produce unpredictable results.   One of ordinary skill in the art would have been motivated before the effective filing date to incorporate parity codes to allow new hardware storage devices to be added to the fleet in case one fails.
As per claim 9, the combined system of Klum, Chen, and SRC teaches the parity information further comprises a set of erasure codes [the parity codes of SRC are erasure codes, see section II).

Claim 4 is rejected under 35 U.S.C. 103 as being unpatentable over Klum and Chen as applied to claim 1 above, and further in view of USP Application Publication 2010/0083039 to Chew.

As per claim 4, Klum and Chen are silent in explicitly teaching the parity information is generated using a Reed Solomon encoding of the set of cryptographic keys.  Chen teaches the parity information is generated using a Reed Solomon encoding of the set of cryptographic keys (0024).  Chen is analogous art that splits data across drives (i.e. RAID).  Klum teaches storing fragments on the cloud is akin to RAID (0009).  Chen teaches another known parity technique.   It would have been obvious to one of ordinary skill in the art before the effective filing date to substitute the ECC scheme from the combined system of Klum and Chen with Reed-Solomon encoding with predictable results.  

Claims 5 and 11 are rejected under 35 U.S.C. 103 as being unpatentable over Klum and Chen as applied to claims 1 and 7 above, and further in view of USP Application 2016/0087946 to Yang et al., hereinafter Yang.

As per claims 5 and 11, Klum and Chen are silent in explicitly teaching the request for parity information further includes a digital signature generated based at least in part on the fleet key.  Klum already teaches the use of asymmetric encryption (0052).  Yang teaches the request for information further includes a digital signature generated based at least in part on the fleet key, 0029, as the backup server certifies requests for the keys stored therein.  This certificate process is performed by having a certificate attached with the request.  User certificates are signed with a digital signature to prove their authenticity.  The backup servers of would be more secure if they were able to verify a request came from the user that owns the backed-up data.  The use of certificate increases the security of the system.  The claim is obvious because one of ordinary skill in the art can combine known methods which do not produce unpredictable results.  

Claim 6 is rejected under 35 U.S.C. 103 as being unpatentable over Klum, Yang, and Chen as applied to claim 1 above, and further in view of Chew.

As per claim 6, Klum, Yang, and Chen are silent in explicitly teaching the parity information is generated using a Reed Solomon encoding of the set of cryptographic keys.  Chen teaches the parity information is generated using a Reed Solomon encoding of the set of cryptographic keys (0024).  Chen is analogous art that splits data across drives (i.e. RAID).  Klum teaches storing fragments on the cloud is akin to RAID (0009).  Chen teaches another known parity technique.   It would have been obvious to one of ordinary skill in the art before the effective filing date to substitute the ECC scheme from the combined system of Klum, Yang, and Chen with Reed-Solomon encoding with predictable results.  


Claims 13-18 and 20 are rejected under 35 U.S.C. 103 as being unpatentable over Klum in view of SRC.
As per claim 13, Klum teaches the subset of cryptographic information belonging to a collection of subsets of cryptographic information stored by a fleet of hardware security modules (0042 and 0058, Aspect #16), a first hardware security module [14] of the fleet of hardware security modules having access to a copy of a fleet key [0036 and 0039]; 
retrieve the subset of cryptographic information from the fleet of hardware security modules (0054); and 
regenerate the subset of cryptographic information by at least combining the subset of cryptographic information (0054).
Klum is silent in explicitly teaching determining that a hardware security module has lost access to a subset of cryptographic information and combining the cryptographic information with error correcting code information.  
SRC teaches determining that a hardware security module has lost access to a subset of cryptographic information (section II) and combining the cryptographic information with error correcting code information (section II. D. & III. B) where the lost data fragments are recovered using data block on other node in conjunction with parity information stored along with the data block.  SRC uses parity information in case pieces, of the data that makeup the key, are lost.  Klum is not specific on which type of data is backed up on the servers.  The system of Klum could have obviously backed up keys and being able to recover lost data is very beneficial.  The claim is obvious because one of ordinary skill in the art can combine known methods which do not produce unpredictable results.   The type of data backed up does not produce any unpredictable results.  

As per claim 14, the combined system of Klum and SRC teaches identify a second hardware security module that belongs to the fleet of hardware security modules (0054; receiving location for retrieval); and cause the second hardware security module to generate the error correcting code information based at least in part on the cryptographic information [Klum: section II. D].

As per claim 15, Klum teaches the subset of cryptographic information is encrypted with the fleet key (0039).

As per claim 16, the combined system of Klum and SRC teaches the error correcting code information allows recovery of a plurality of subsets of cryptographic information of the collection of subsets of cryptographic information stored by the fleet of hardware security modules [Klum: section II; multiples errors can be recovered from]; and the error correcting code information is stored by a plurality of storage devices [Klum: II. B – the nodes store parity codes].

As per claim 17, the combined system of Klum and SRC teaches determining that the hardware security module has failed by at least: retrieving the collection of subsets of cryptographic information (Klum: 0054 and SRC: section II. D); 
determining expected error correcting code information for the collection of subsets of cryptographic information [SRC: chunks xi, yi+1, and si+2 are lost; section II. D] and comparing the error correcting code information to the expected error correcting code information [SRC: This is due to the fact that each chunk that is lost shares an index with 2 more chunks stored in 2 distinct nodes. By contacting these 2 remaining nodes, we can repair the lost chunk by a simple XOR operation; section II. D].  Rationale to combine the parity codes with Klum is the same as recited in claim 13.  This claim uses the codes for the intended purpose of repairing lost fragments.

As per claim 18, the combined system of Klum and SRC teaches receive a block of cryptographic information (Klum: 0040), the block of cryptographic information encrypted with the fleet key (0039); 
identify a collection of subsets from the block of cryptographic information (SRC: section II, B); 
generate an error correcting code subset for the collection of subsets, the error correcting code subset allowing recovery of at least one missing subset of the collection of subsets (SRC: section II, B (3)); 
distribute the collection of subsets to the fleet of hardware security modules (Klum: 0042); and
 cause the error correcting code subset to be retained (SRC: section II, B; included with the data at the nodes). 

As per claim 20, the combined system of Klum and SRC teaches cause the computer system to encrypt the error correcting code subset with the fleet key  [all fragments are encrypted by Klum which would include the parity codes that reside in the fragments on the storage nodes; 0039].

Allowable Subject Matter
Claim 19 is objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims.



Conclusion
	The prior art made of record and not relied upon is considered pertinent to applicant's disclosure is listed on the enclosed PTO-892 form.

Any inquiry concerning this communication or earlier communications from the examiner should be directed to MICHAEL R. VAUGHAN whose telephone number is (571)270-7316.  The examiner can normally be reached on Monday - Friday, 9:30am - 5:30pm, EST. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Lynn Feild can be reached on (571) 272-2092.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/MICHAEL R VAUGHAN/
Primary Examiner, Art Unit 2431