DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
This initial written action is responding to the communication dated on 12/30/2020.
Claims 1-25 are submitted for examination.
Claims 1-25 are pending.
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  

Priority
This application filed on December 30, 2020 does not claim any priority.

Information Disclosure Statement
The following Information Disclosure Statements in the instant application submitted in compliance with the provisions of 37 CFR 1.97, and thus, have been fully considered:
IDS filed on 30 December 2020.
IDS filed 10 March 2021.
IDS filed on 12 May 2022.

Examiner’s Note
Claim 24 and Claim 25 are computer program product claims.  The paragraphs 125-126 describes the computer program product as “not to be construed as being transitory signals per se, such as radio waves or other freely propagating electromagnetic waves, electromagnetic waves propagating through a waveguide or other transmission media (e.g., light pulses passing through a fiber-optic cable), or electrical signals transmitted through a wire”. Thus Claims 24 and 25 are compliant with 35 U.S.C. 101.

Claim Rejections - 35 USC § 101
35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.


Claims 14-23 are rejected under 35 U.S.C. 101 because the claimed invention is directed to non-statutory subject matter. 
a.	Independent Claim 14 recites, “A system, comprising: a processor; and logic integrated with the processor, executable by the processor, or integrated with and executable by the processor, the logic being configured to ………”. However, the body of the claim lacks definite structure indicative of a physical product. Therefore, the claim as a whole appears to be nothing more than computer software, and software per se does not fall within a statutory category. A review of specification paragraph 65 indicates that “The secure transcoder 320 may be implemented in hardware, software, etc., or any combination thereof”. Thus it is not clear whether transcoder is a hardware or a software. Examiner submits that a processor can be a virtual processor.   Examiner suggest adding a hardware processor and/or memory to the claim elements in order to be patent-eligible under 35 U.S.C. 101.
Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.


The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.


Claim 11 and Claim 25 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA  35 U.S.C. 112, the applicant), regards as the invention.
Independent Claim 11 recites limitations, “..receiving, by the transcoder, the second key, decrypting, by the transcoder, the second encrypted key using the second key to obtain the first encrypted key..”. Claim 25 recites limitations, “…..program instructions to receive, by the transcoder, the second key, program instructions to decrypt, by the transcoder, the second encrypted key using the second key to obtain the first encrypted key..”. It is not clear why a second encrypted key is decrypted using the second key, when the second key is already in plaintext. 


Claim Rejections - 35 USC § 102
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –

(a)(2) the claimed invention was described in a patent issued under section 151, or in an application for patent published or deemed published under section 122(b), in which the patent or application, as the case may be, names another inventor and was effectively filed before the effective filing date of the claimed invention.


Claims 11 and 25 are rejected under 35 U.S.C. 102(a)(2) as being anticipated by Sprunk et al. (US PGPUB. # US 2008/0049942, hereinafter “Sprunk”).

Referring to Claims 11 and 25:
Regarding Claim 11, Sprunk teaches,
A computer-implemented method, comprising: 
receiving, by a transcoder, a second encrypted key, (¶19, “the term "PKI data" refers to… symmetric cryptographic keys, private keys”, Fig. 5(132), Fig. 2, ¶40, “The inner vault 42 then encrypts the private key using an end-to-end encryption key, e.g., using HSM-based RSA encryption of a random advanced encryption standard (AES) key generated only for one set of PKI data and then subsequent AES encryption of the private key”, Fig. 2, ¶41, “the outer vault 44 encrypts the end-to-end-encrypted private key with PKIS-specific encryption, resulting in two layers of encryption for the private key”, Fig. 2, ¶42, “The PKIS-encrypted private key then is transferred from the PKI loader 14 to the PKI server 16”, ¶78, “a step 132 of transferring the PKI data from the PKI loader 14 to the PKI server 16”, i.e. double encrypted private key is received. Examiner submits that as per disclosure paragraph 65 the secure transcoder is implemented as hardware, software, etc. or any combination thereof. Thus examiner has interpreted the PKI server and/or its component, software etc. as transcoder)
wherein the second encrypted key is a key that has been encrypted in a first key to create a first encrypted key that is then encrypted in a second key to create the second encrypted key, (Fig. 2, ¶40, “The inner vault 42 then encrypts the private key using an end-to-end encryption key, e.g., using HSM-based RSA encryption of a random advanced encryption standard (AES) key generated only for one set of PKI data and then subsequent AES encryption of the private key”, Fig. 2, ¶41, “the outer vault 44 encrypts the end-to-end-encrypted private key with PKIS-specific encryption, resulting in two layers of encryption for the private key”, i.e. second encrypted key is encrypted with a first key and the encrypted key is encrypted again with a second key to form a double encrypted private key).
receiving, by the transcoder, the second key, (¶19, “the term "PKI data" refers to… symmetric cryptographic keys, private keys”, ¶25, “PKI server (PKIS)-specific encryption can be used in addition to the end-to-end encryption, e.g., for PKI data being delivered from the PKI data generator 12 to the PKI loader 14. Such encryption is referred to herein as PKIS-specific encryption”, ¶34, “The database 36 is replenished periodically with newly-created PKI data from the PKI data generator 12, ¶28, “The PKI server 16 typically removes the PKIS-specific encryption layer (i.e., decrypts the PKIS-specific encryption layer with a PKIS-specific database key) from a set of PKI data retrieved from its database”, i.e. Examiner submits that a second key is received from the PKI data generator and stored in the database. The key is used to decrypt outer layer of the double encrypted private key, Examiner submits that as per disclosure paragraph 65 the secure transcoder is implemented as hardware, software, etc. or any combination thereof. Thus examiner has interpreted the PKI server and/or its component, software etc. as transcoder) 
decrypting, by the transcoder, the second encrypted key using the second key to obtain the first encrypted key, (Fig. 3(78), ¶44, “the PKI server 16 performs PKIS decryption of the PKIS-encrypted private key stored therein, resulting in an end-to-end-encrypted private key”, Fig. 5(132), ¶78, “a step 134 of the PKI server 16 decrypting the outer encryption layer of the encrypted PKI data”, i.e. second encrypted data is decrypted with the second key, Examiner submits that as per disclosure paragraph 65 the secure transcoder is implemented as hardware, software, etc. or any combination thereof. Thus examiner has interpreted the PKI server and/or its component, software etc. as transcoder)
encrypting, by the transcoder, the first encrypted key using a third key to create a third encrypted key; (Fig. 3, ¶45, “The PKI server 16 then encrypts the end-to-end-encrypted private key with a PKIS session key, resulting in a PKIS session key-encrypted private key. Such encryption is shown generally as PKIS session key encryption 82”, Fig. 5(136), ¶78, “a step 136 of the PKI server 16 encrypting a different outer layer on the encrypted PKI data are performed”, i.e. first encrypted key is encrypted by a session (third) key, Examiner submits that as per disclosure paragraph 65 the secure transcoder is implemented as hardware, software, etc. or any combination thereof. Thus examiner has interpreted the PKI server and/or its component, software etc. as transcoder)  and 
sending, by the transcoder, the third encrypted key to a destination node. (Fig. 3, “PKI server 16 transfers the double-encrypted private key to the PKI station 18”, ¶45, “Fig. 5(128), ¶80, “The method 120 also includes a step 128 of transferring the PKIS session key-encrypted PKI data to the PKI station 18”, i.e. the double-encrypted private key (third encrypted data) is transmitted to the PKI station (destination node), Examiner submits that as per disclosure paragraph 65 the secure transcoder is implemented as hardware, software, etc. or any combination thereof. Thus examiner has interpreted the PKI server and/or its component, software etc. as transcoder).

Regarding Claim 25, it is a computer program product Claim of above method Claim 11 and therefore Claim 25 is rejected with the same rationale as applied against Claim 11 above.
Sprunk further teaches, a computer readable medium in paragraph 85.

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1-2, 14-15 and 24 are rejected under 35 U.S.C. 103 as being unpatentable over Yuting et al. (US PGPUB. # US 2021/0067495, hereinafter “Yuting”), and further in view of Sprunk et al. (US PGPUB. # US 2008/0049942, hereinafter “Sprunk”).

Referring to Claims 1, 14 and 24:
Regarding Claim 1, Yuting teaches,
A computer-implemented method, comprising: 
receiving, by a transcoder, second encrypted data, (Fig. 10(136), ¶78, “The double-encrypted data (second encrypted) is then transmitted to UE B at a step 136”, i.e. double encrypted data is received. Examiner submits that as per disclosure paragraph 65 the secure transcoder is implemented as hardware, software, etc. or any combination thereof. Thus examiner has interpreted the UE device and/or its component, software etc. as transcoder)
wherein the second encrypted data is data that has been encrypted in a first key to create first encrypted data that is then encrypted in a second key to create the second encrypted data; (Fig. 10(132, 134), ¶78,” At first step 132, UE A can encrypt the data to UE D by UE D's public key”, “the single-encrypted data can next be encrypted again at a step 134 using the public key of the relay UE B”, i.e. double encrypted data is first encrypted with UE D’s public key (first key) and then encrypted with UE E’s public key (second key))
encrypting, by the transcoder, the first encrypted data using a third key to create third encrypted data; (Fig. 10(140), “UE B then encrypts the data (which is now again only encrypted by the public key of UE D) using the public key of UE C at a step 140”, i.e. UE C’s public key is considered as third key and first encrypted data is encrypted with UE C’s public key, Examiner submits that as per disclosure paragraph 65 the secure transcoder is implemented as hardware, software, etc. or any combination thereof. Thus examiner has interpreted the UE device and/or its component, software etc. as transcoder) and 
Yuting does not teach explicitly,
receiving, by the transcoder, the second key; 
decrypting, by the transcoder, the second encrypted data using the second key to obtain the first encrypted data; 
sending, by the transcoder, the third encrypted data to a destination node.
However, Sprunk teaches,
receiving, by the transcoder, the second key; (¶19, “the term "PKI data" refers to… symmetric cryptographic keys, private keys”, ¶25, “PKI server (PKIS)-specific encryption can be used in addition to the end-to-end encryption, e.g., for PKI data being delivered from the PKI data generator 12 to the PKI loader 14. Such encryption is referred to herein as PKIS-specific encryption”, ¶34, “The database 36 is replenished periodically with newly-created PKI data from the PKI data generator 12, ¶28, “The PKI server 16 typically removes the PKIS-specific encryption layer (i.e., decrypts the PKIS-specific encryption layer with a PKIS-specific database key) from a set of PKI data retrieved from its database”, i.e. Examiner submits that a second key is received from the PKI data generator and stored in the database. The key is used to decrypt outer layer of the double encrypted private key. As per disclosure paragraph 65 the secure transcoder is implemented as hardware, software, etc. or any combination thereof. Thus examiner has interpreted the PKI server and/or its component, software etc. as transcoder).
decrypting, by the transcoder, the second encrypted data using the second key to obtain the first encrypted data; (Fig. 3(78), ¶44, “the PKI server 16 performs PKIS decryption of the PKIS-encrypted private key stored therein, resulting in an end-to-end-encrypted private key”, Fig. 5(132), ¶78, “a step 134 of the PKI server 16 decrypting the outer encryption layer of the encrypted PKI data”, i.e. second encrypted data is decrypted with the second key, Examiner submits that as per disclosure paragraph 65 the secure transcoder is implemented as hardware, software, etc. or any combination thereof. Thus examiner has interpreted the PKI server and/or its component, software etc. as transcoder),  
sending, by the transcoder, the third encrypted data to a destination node. (Fig. 3, “PKI server 16 transfers the double-encrypted private key to the PKI station 18”, ¶45, “Fig. 5(128), ¶80, “The method 120 also includes a step 128 of transferring the PKIS session key-encrypted PKI data to the PKI station 18”, i.e. the double-encrypted private key (third encrypted data) is transmitted to the PKI station (destination node), Examiner submits that as per disclosure paragraph 65 the secure transcoder is implemented as hardware, software, etc. or any combination thereof. Thus examiner has interpreted the PKI server and/or its component, software etc. as transcoder).
As per KSR vs Teleflex, combining prior art elements according to known methods (device, product) to yield predictable results may be used to create a prima facie case of obviousness.
It would have been obvious to one of ordinary skill in the art before the effective filing date to have combined the teachings of Sprunk with the invention of Yuting.
Yuting teaches, receiving a double layer encrypted data encrypted with a first key and a second key. Sprunk teaches, receiving a second key and decrypting the second layer of double encrypted data. Therefore, it would have been obvious to have receiving a second key and decrypting the second layer of double encrypted data of Sprunk with  receiving a double layer encrypted data encrypted with a first key and a second key of Yuting to encrypt the decrypted first layer encrypted data with a different encryption key to provide secure device to device communication and avoid any intermediary device accessing confidential data. KSR Int’l v. Teleflex Inc., 127 S. Ct. 1727, 1740-41, 82 USPQ2d 1385, 1396 (2007). 

Regarding Claim 14, it is a system Claim of above method Claim 1 and therefore Claim 14 is rejected with the same rationale as applied against Claim 1 above.
Yuting discloses a processor in Fig. 11 (202), ¶85.
 
Regarding Claim 24, it is a computer program product Claim of above method Claim 1 and therefore Claim 24 is rejected with the same rationale as applied against Claim 1 above.
Yuting discloses a program product in para. 20.

Referring to Claims 2 and 15:
Regarding Claim 2, rejection of Claim 1 is included and for the same motivation Yuting does not teach explicitly,
The computer-implemented method of claim 1, wherein the second key is received from a source node.
However, Sprunk teaches,
The computer-implemented method of claim 1, wherein the second key is received from a source node. (¶19, “the term "PKI data" refers to… symmetric cryptographic keys, private keys”, ¶25, “PKI server (PKIS)-specific encryption can be used in addition to the end-to-end encryption, e.g., for PKI data being delivered from the PKI data generator 12 to the PKI loader 14. Such encryption is referred to herein as PKIS-specific encryption”, ¶34, “The database 36 is replenished periodically with newly-created PKI data from the PKI data generator 12, i.e. second key is received from the source node).
Regarding Claim 15, rejection of Claim 14 is included and Claim 15 is rejected with the same rationale as applied against Claim 2 above.


Claims 3-5, 8, 16-18 and 21 are rejected under 35 U.S.C. 103 as being unpatentable over Yuting et al. (US PGPUB. # US 2021/0067495, hereinafter “Yuting”), and further in view of Sprunk et al. (US PGPUB. # US 2008/0049942, hereinafter “Sprunk”), and further in view of Rameez et al. (US PGPUB. # US 2021/0167955, hereinafter “Rameez”).

Referring to Claims 3 and 16:
Regarding Claim 3 rejection of Claim 1 is included and for the combination of Yuting and Sprunk does not teach explicitly.
The computer-implemented method of claim 1, wherein the second encrypted data is received based at least in part on data requests from the transcoder to storage.
However, Rameez teaches,
The computer-implemented method of claim 1, wherein the second encrypted data is received based at least in part on data requests from the transcoder to storage. (Fig. 1B (154), ¶43, “At step 154, the encryption system uploads the dual-encrypted data to a storage system. This may include sending the data over a network.”, i.e. second encrypted data is received based on request from the transcoder to storage).
As per KSR vs Teleflex, combining prior art elements according to known methods (device, product) to yield predictable results may be used to create a prima facie case of obviousness.
It would have been obvious to one of ordinary skill in the art before the effective filing date to have combined the teachings of Rameez with the invention of Yuting in view of Sprunk.
Yuting in view of Sprunk teaches, receiving a double layer encrypted data encrypted with a first key and a second key and receiving a second key and decrypting the second layer of double encrypted data. Rameez teaches, sending double encrypted data to a storage device. Therefore, it would have been obvious to have sending double encrypted data to a storage device of Rameez into the teachings of Yuting in view of Sprunk to store data securely for requester to access the data from the storage. KSR Int’l v. Teleflex Inc., 127 S. Ct. 1727, 1740-41, 82 USPQ2d 1385, 1396 (2007). 

Regarding Claim 16, rejection of Claim 14 is included and Claim 16 is rejected with the same rationale as applied against Claim 3 above.

Referring to Claims 4 and 17:
Regarding Claim 4 rejection of Claim 2 is included and for the combination of Yuting and Sprunk does not teach explicitly.
The computer-implemented method of claim 2, wherein the second encrypted data is received based at least in part on data requests from the transcoder to the source node.
However, Rameez teaches,
The computer-implemented method of claim 2, wherein the second encrypted data is received based at least in part on data requests from the transcoder to the source node. (¶38, “the upload link corresponds to a website. Using a form on that website, the owner may upload the encrypted data”, Fig. 1B(151), , At step 151, the encryption system receives the encrypted data uploaded at step 142. “, i.e. second encrypted data is received based on a request from transcoder to the source node).
As per KSR vs Teleflex, combining prior art elements according to known methods (device, product) to yield predictable results may be used to create a prima facie case of obviousness.
It would have been obvious to one of ordinary skill in the art before the effective filing date to have combined the teachings of Rameez with the invention of Yuting in view of Sprunk.
Yuting in view of Sprunk teaches, receiving a double layer encrypted data encrypted with a first key and a second key and receiving a second key and decrypting the second layer of double encrypted data. Rameez teaches, sending double encrypted data to a storage device. Therefore, it would have been obvious to have sending double encrypted data to a storage device of Rameez into the teachings of Yuting in view of Sprunk to store data securely for requester to access the data from the storage. KSR Int’l v. Teleflex Inc., 127 S. Ct. 1727, 1740-41, 82 USPQ2d 1385, 1396 (2007). 

Regarding Claim 17, rejection of Claim 15 is included and Claim 17 is rejected with the same rationale as applied against Claim 4 above.

Referring to Claims 5 and 18:
Regarding Claim 5 rejection of Claim 1 is included and combination of Yuting and Sprunk does not teach explicitly.
The computer-implemented method of claim 1, sending, by the transcoder, the third key to the destination node, wherein the destination node is configured to decrypt the third encrypted data using the third key to obtain the first encrypted data, wherein the destination node is configured to decrypt the first encrypted data using the first key to obtain the data.
However, Rameez teaches,
The computer-implemented method of claim 1, sending, by the transcoder, the third key to the destination node, (Fig. 2A (243, 251), ¶79, “the encryption system sends the download link to the authorization system”, ¶80, “the authorization system receives the download link, and sends the download link and the third decryption key to the user”, i.e. third key is sent to the destination node)  wherein the destination node is configured to decrypt the third encrypted data using the third key to obtain the first encrypted data, wherein the destination node is configured to decrypt the first encrypted data using the first key to obtain the data. (Fig. 2B (302, 303), ¶99, “At step 302 the user decrypts the dual-re-encrypted data using the third decryption key received at step 261”, ¶100, “At step 303, the user decrypts the encrypted data using the first key”). 
As per KSR vs Teleflex, combining prior art elements according to known methods (device, product) to yield predictable results may be used to create a prima facie case of obviousness.
It would have been obvious to one of ordinary skill in the art before the effective filing date to have combined the teachings of Rameez with the invention of Yuting in view of Sprunk.
Yuting in view of Sprunk teaches, receiving a double layer encrypted data encrypted with a first key and a second key and receiving a second key and decrypting the second layer of double encrypted data. Rameez teaches, sending double encrypted data to a storage device. Therefore, it would have been obvious to have sending double encrypted data to a storage device of Rameez into the teachings of Yuting in view of Sprunk to store data securely for requester to access the data from the storage. KSR Int’l v. Teleflex Inc., 127 S. Ct. 1727, 1740-41, 82 USPQ2d 1385, 1396 (2007). 

Regarding Claim 18, rejection of Claim 14 is included and Claim 18 is rejected with the same rationale as applied against Claim 5 above.

Referring to Claims 8 and 21:

Regarding Claim 8 rejection of Claim 3 is included and for the same motivation combination of Yuting and Sprunk does not teach explicitly
The computer-implemented method of claim 3, wherein the transcoder is located on the storage.
However, Rameez teaches,
. The computer-implemented method of claim 3, wherein the transcoder is located on the storage. (Fig. 3, ¶112, “the encryption system 30 provides an interface for storage and access, the storage system 40 need not be in communication with any other components”, i.e. Examiner submits that encryption system is located on the storage system).

Regarding Claim 21, rejection of Claim 16 is included and Claim 21 is rejected with the same rationale as applied against Claim 8 above.

Claims 6 and 19 are rejected under 35 U.S.C. 103 as being unpatentable over Yuting et al. (US PGPUB. # US 2021/0067495, hereinafter “Yuting”), and further in view of Sprunk et al. (US PGPUB. # US 2008/0049942, hereinafter “Sprunk”), and further in view of Sherkin et al. (US PGPUB. # US 2019/0014126, hereinafter “Sherkin”), and further in view of Rameez et al. (US PGPUB. # US 2021/0167955, hereinafter “Rameez”).

Referring to Claims 6 and 19:
Regarding Claim 6, rejection of Claim 1 is included and Yuting does not teach explicitly,
The computer-implemented method of claim 1, wherein the data includes a plurality of data chunks, wherein each data chunk is encrypted in a fourth key, wherein the fourth key is encrypted in the first key to create a first encrypted fourth key which is then encrypted in the second key to create a second encrypted fourth key; 
receiving, by the transcoder, the second encrypted fourth key; 
decrypting, by the transcoder, the second encrypted fourth key using the second key to obtain the first encrypted fourth key; 
encrypting, by the transcoder, the first encrypted fourth key using the third key to create a third encrypted fourth key; 
sending, by the transcoder, the third key to the destination node; and 
sending, by the transcoder, the third encrypted fourth key to the destination node.
However, Sprunk teaches,
The computer-implemented method of claim 1, [wherein the data includes a plurality of data chunks, wherein each data chunk is encrypted in a fourth key], wherein the fourth key is encrypted in the first key to create a first encrypted fourth key which is then encrypted in the second key to create a second encrypted fourth key; (Fig. 2, ¶40, “The inner vault 42 then encrypts the private key using an end-to-end encryption key, e.g., using HSM-based RSA encryption of a random advanced encryption standard (AES) key generated only for one set of PKI data and then subsequent AES encryption of the private key”, Fig. 2, ¶41, “the outer vault 44 encrypts the end-to-end-encrypted private key with PKIS-specific encryption, resulting in two layers of encryption for the private key”, i.e. second encrypted fourth key is encrypted with a first key and the encrypted key is encrypted again with a second key to form a double encrypted private key)
receiving, by the transcoder, the second encrypted fourth key; (¶19, “the term "PKI data" refers to… symmetric cryptographic keys, private keys”, Fig. 5(132), Fig. 2, ¶40, “The inner vault 42 then encrypts the private key using an end-to-end encryption key, e.g., using HSM-based RSA encryption of a random advanced encryption standard (AES) key generated only for one set of PKI data and then subsequent AES encryption of the private key”, Fig. 2, ¶41, “the outer vault 44 encrypts the end-to-end-encrypted private key with PKIS-specific encryption, resulting in two layers of encryption for the private key”, Fig. 2, ¶42, “The PKIS-encrypted private key then is transferred from the PKI loader 14 to the PKI server 16”, ¶78, “a step 132 of transferring the PKI data from the PKI loader 14 to the PKI server 16”, i.e. double encrypted private key is received)
decrypting, by the transcoder, the second encrypted fourth key using the second key to obtain the first encrypted fourth key; (Fig. 3(78), ¶44, “the PKI server 16 performs PKIS decryption of the PKIS-encrypted private key stored therein, resulting in an end-to-end-encrypted private key”, Fig. 5(132), ¶78, “a step 134 of the PKI server 16 decrypting the outer encryption layer of the encrypted PKI data”, i.e. second encrypted data is decrypted with the second key)
encrypting, by the transcoder, the first encrypted fourth key using the third key to create a third encrypted fourth key; (Fig. 3, ¶45, “The PKI server 16 then encrypts the end-to-end-encrypted private key with a PKIS session key, resulting in a PKIS session key-encrypted private key. Such encryption is shown generally as PKIS session key encryption 82”, Fig. 5(136), ¶78, “a step 136 of the PKI server 16 encrypting a different outer layer on the encrypted PKI data are performed”, i.e. first encrypted key is encrypted by a session (third) key)  
and 
sending, by the transcoder, the third encrypted fourth key to the destination node. (Fig. 3, “PKI server 16 transfers the double-encrypted private key to the PKI station 18”, ¶45, “Fig. 5(128), ¶80, “The method 120 also includes a step 128 of transferring the PKIS session key-encrypted PKI data to the PKI station 18”, i.e. the double-encrypted private key (third encrypted fourth key) is transmitted to the PKI station (destination node)).
Combination of Yuting and Sprunk does not teach explicitly,
The computer-implemented method of claim 1, wherein the data includes a plurality of data chunks, wherein each data chunk is encrypted in a fourth key, [wherein the fourth key is encrypted in the first key to create a first encrypted fourth key which is then encrypted in the second key to create a second encrypted fourth key];
sending, by the transcoder, the third key to the destination node;
However, Sherkin teaches,
The computer-implemented method of claim 1, wherein the data includes a plurality of data chunks, wherein each data chunk is encrypted in a fourth key, (Fig. 2 (204, 206), ¶30-¶31, i.e. each header is considered as plurality of data chunks, which are encrypted twice) [wherein the fourth key is encrypted in the first key to create a first encrypted fourth key which is then encrypted in the second key to create a second encrypted fourth key];
As per KSR vs Teleflex, combining prior art elements according to known methods (device, product) to yield predictable results may be used to create a prima facie case of obviousness.
It would have been obvious to one of ordinary skill in the art before the effective filing date to have combined the teachings of Sherkin with the invention of Yuting in view of Sprunk.
Yuting in view of Sprunk teaches, receiving a key and a double encrypted key and decrypting the second layer of double encrypted key with a key. Sherkin teaches, double encrypting multiple data chunk. Therefore, it would have been obvious to have double encrypting multiple data chunk of Sherkin with  invention of Yuting in view of Sprunk to double encrypt data chunk to communicate data confidentially with multiple users. KSR Int’l v. Teleflex Inc., 127 S. Ct. 1727, 1740-41, 82 USPQ2d 1385, 1396 (2007). 
Combination of Yuting, Sprunk and Sherkin does not teach explicitly,
sending, by the transcoder, the third key to the destination node;
However, Rameez teaches,
sending, by the transcoder, the third key to the destination node; (Fig. 2A (243, 251), ¶79, “the encryption system sends the download link to the authorization system”, ¶80, “the authorization system receives the download link, and sends the download link and the third decryption key to the user”, i.e. third key is sent to the destination node).
As per KSR vs Teleflex, combining prior art elements according to known methods (device, product) to yield predictable results may be used to create a prima facie case of obviousness.
It would have been obvious to one of ordinary skill in the art before the effective filing date to have combined the teachings of Rameez with the invention of Yuting in view of Sprunk and Sherkin.
Yuting in view of Sprunk and Sherkin teaches, receiving a key and a double encrypted key and decrypting the second layer of double encrypted key with a key and double encrypting multiple data chunk. Rameez teaches, sending a third key to a destination node. Therefore, it would have been obvious to sending a third key to a destination node of Rameez with  invention of Yuting in view of Sprunk and Sherkin to decrypt double encrypted data by the destination node as a result of secure communication. KSR Int’l v. Teleflex Inc., 127 S. Ct. 1727, 1740-41, 82 USPQ2d 1385, 1396 (2007). 

Regarding Claim 19, rejection of Claim 14 is included and Claim 19 is rejected with the same rationale as applied against Claim 6 above.


Claims 7 and 20 are rejected under 35 U.S.C. 103 as being unpatentable over Yuting et al. (US PGPUB. # US 2021/0067495, hereinafter “Yuting”), and further in view of Sprunk et al. (US PGPUB. # US 2008/0049942, hereinafter “Sprunk”), and further in view of Kapp et al. (US PAT. # US 11,005,828, hereinafter “Kapp”).

Referring to Claims 7 and 20:
Regarding Claim 7 rejection of Claim 2 is included and combination of Yuting and Sprunk does not teach explicitly.
The computer-implemented method of claim 2, wherein the transcoder is located on the source node.
However, Knapp teaches,
The computer-implemented method of claim 2, wherein the transcoder is located on the source node. (Fig. 1, CL(5), LN(1-5), “the location of the security server 108 can vary from that as shown in the example network 100. For example, the security server 108 can be located within the same secure network as the sending computer 102”, i.e. transcoder is located on the source node).
As per KSR vs Teleflex, combining prior art elements according to known methods (device, product) to yield predictable results may be used to create a prima facie case of obviousness.
It would have been obvious to one of ordinary skill in the art before the effective filing date to have combined the teachings of Knapp with the invention of Yuting in view of Sprunk.
Yuting in view of Sprunk teaches, receiving a double layer encrypted data encrypted with a first key and a second key and receiving a second key and decrypting the second layer of double encrypted data. Knapp teaches, locating security server on a source node. Therefore, it would have been obvious to have locating security server on a source node of Knapp into the teachings of Yuting in view of Sprunk to provide flexibility on the location of security server. KSR Int’l v. Teleflex Inc., 127 S. Ct. 1727, 1740-41, 82 USPQ2d 1385, 1396 (2007). 

Regarding Claim 20, rejection of Claim 15 is included and Claim 20 is rejected with the same rationale as applied against Claim 7 above.

Claims 9 and 22 are rejected under 35 U.S.C. 103 as being unpatentable over Yuting et al. (US PGPUB. # US 2021/0067495, hereinafter “Yuting”), and further in view of Sprunk et al. (US PGPUB. # US 2008/0049942, hereinafter “Sprunk”), and further in view of Rameez et al. (US PGPUB. # US 2021/0167955, hereinafter “Rameez”), and further in view of Kapp et al. (US PAT. # US 11,005,828, hereinafter “Kapp”).

Referring to Claims 9 and 22:

Regarding Claim 9 rejection of Claim 3 is included and combination of Yuting, Sprunk and Rameez does not teach explicitly
The computer-implemented method of claim 3, wherein the transcoder is located on a storage network coupled to the source node and the storage.
However, Knapp teaches,
The computer-implemented method of claim 3, wherein the transcoder is located on a storage network coupled to the source node and the storage. (Fig. 1, CL(5), LN(6-8),  “the security server 108 can be located within the same secure network as the third-party data store 104”, i.e. security server is located on a storage network).
As per KSR vs Teleflex, combining prior art elements according to known methods (device, product) to yield predictable results may be used to create a prima facie case of obviousness.
It would have been obvious to one of ordinary skill in the art before the effective filing date to have combined the teachings of Knapp with the invention of Yuting in view of Sprunk and Rameez.
Yuting in view of Sprunk and Rameez teaches, receiving a double layer encrypted data encrypted with a first key and a second key and receiving a second key and decrypting the second layer of double encrypted data and sending double encrypted data to a storage device. Knapp teaches, locating security server on a storage device network. Therefore, it would have been obvious to have locating security server on a storage device network of Knapp into the teachings of Yuting in view of Sprunk and Rameez to provide flexibility on the location of security server. KSR Int’l v. Teleflex Inc., 127 S. Ct. 1727, 1740-41, 82 USPQ2d 1385, 1396 (2007). 

Regarding Claim 22, rejection of Claim 16 is included and Claim 22 is rejected with the same rationale as applied against Claim 9 above.

Claims 10 and 23 are rejected under 35 U.S.C. 103 as being unpatentable over Yuting et al. (US PGPUB. # US 2021/0067495, hereinafter “Yuting”), and further in view of Sprunk et al. (US PGPUB. # US 2008/0049942, hereinafter “Sprunk”), and further in view of Ellison et al. (US PGPUB. # US 2004/0109569, hereinafter “Ellison”).

Referring to Claims 10 and 23:
Regarding Claim 10 rejection of Claim 1 is included and combination of Yuting, and Sprunk does not teach explicitly
The computer-implemented method of claim 1, comprising: replacing, by the transcoder, the third key with a dummy key for ending data sharing between the source node and the destination node.
However, Ellison teaches,
The computer-implemented method of claim 1, comprising: replacing, by the transcoder, the third key with a dummy key for ending data sharing between the source node and the destination node.(Fig. 3, ¶23, “the content producer may, at his or her option, check for revoked symmetric content keys and substitute a dummy key (e.g., zero) for revoked entries in the public key media key block”, i.e. key is replaced with a dummy key).
As per KSR vs Teleflex, combining prior art elements according to known methods (device, product) to yield predictable results may be used to create a prima facie case of obviousness.
It would have been obvious to one of ordinary skill in the art before the effective filing date to have combined the teachings of Ellison with the invention of Yuting in view of Sprunk.
Yuting in view of Sprunk teaches, receiving a double layer encrypted data encrypted with a first key and a second key and receiving a second key and decrypting the second layer of double encrypted data. Ellison teaches, replacing a key with a dummy key. Therefore, it would have been obvious to have replacing a key with a dummy key of Ellson into the teachings of Yuting in view of Sprunk to stop encryption/decryption of a compromised key. KSR Int’l v. Teleflex Inc., 127 S. Ct. 1727, 1740-41, 82 USPQ2d 1385, 1396 (2007). 

Regarding Claim 23, rejection of Claim 14 is included and Claim 23 is rejected with the same rationale as applied against Claim 10 above.


Claims 12-13 are rejected under 35 U.S.C. 103 as being unpatentable over Sprunk et al. (US PGPUB. # US 2008/0049942, hereinafter “Sprunk”), and further in view of Rameez et al. (US PGPUB. # US 2021/0167955, hereinafter “Rameez”).

Regarding Claim 12 rejection of Claim 11 is included and, Sprunk does not teach explicitly,
The computer-implemented method of claim 11, sending, by the transcoder, the third key to a destination node, wherein the destination node is configured to decrypt the third encrypted key using the third key to obtain the first encrypted key, wherein the destination node is configured to decrypt the first encrypted key using the first key to obtain the key.
However, Rameez teaches,
The computer-implemented method of claim 11, sending, by the transcoder, the third key to a destination node, (Fig. 2A (243, 251), ¶79, “the encryption system sends the download link to the authorization system”, ¶80, “the authorization system receives the download link, and sends the download link and the third decryption key to the user”, i.e. third key is sent to the destination node)  wherein the destination node is configured to decrypt the third encrypted key using the third key to obtain the first encrypted key, wherein the destination node is configured to decrypt the first encrypted key using the first key to obtain the key. (Fig. 2B (302, 303), ¶99, “At step 302 the user decrypts the dual-re-encrypted data using the third decryption key received at step 261”, ¶100, “At step 303, the user decrypts the encrypted data using the first key”). 
As per KSR vs Teleflex, combining prior art elements according to known methods (device, product) to yield predictable results may be used to create a prima facie case of obviousness.
It would have been obvious to one of ordinary skill in the art before the effective filing date to have combined the teachings of Rameez with the invention of Sprunk.
Sprunk teaches, receiving a double layer encrypted data encrypted with a first key and a second key and receiving a second key and decrypting the second layer of double encrypted data and encrypting with different key to store double encrypted data. Rameez teaches, retrieving double encrypted data along with the encryption keys to decrypt the data. Therefore, it would have been obvious to have retrieving double encrypted data along with the encryption keys to decrypt the data of Rameez with receiving a double layer encrypted data encrypted with a first key and a second key and receiving a second key and decrypting the second layer of double encrypted data and encrypting with different key to store double encrypted data of Sprunk to store data securely for requester to access the data from the storage. KSR Int’l v. Teleflex Inc., 127 S. Ct. 1727, 1740-41, 82 USPQ2d 1385, 1396 (2007). 

Regarding Claim 12 rejection of Claim 11 is included and, for the same motivation Sprunk does not teach explicitly,
The computer-implemented method of claim 12, wherein the destination node uses the key to decrypt data from the source node.
However, Rameez teaches,
The computer-implemented method of claim 12, wherein the destination node uses the key to decrypt data from the source node. (Fig. 2b, ¶100, “At step 303, the user decrypts the encrypted data using the first key obtained directly or indirectly from the owner. This results in the original data”).

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.  Refer to PTO-892, Notice of References Cited for a listing of analogous art.
Justin Donohoe (US PGPUB. # US 2019/0207769) discloses, a database security platform for providing secure access to private data in an encrypted storage area. A disclosed system includes a database application configured to receive queries from application users requiring access to encrypted private data; a middle security layer callable from the database application to facilitate predefined access to the encrypted private data; a root security layer configured to receive a decryption request from the middle security layer, perform decryption on specified encrypted private data, and return decrypted data to the middleware layer; a hashing system that generates a hash of the middle security layer and root security layer to ensure integrity of the middle security layer and root security layer; and an auditing detection system that detects malicious auditing of parameters.
Monica et al. (US PGPUB. # US 2020/0266997) discloses, secure storage and retrieval of information, such as private keys, useable to control access to a blockchain, include, in at least one aspect, a method including: identifying for an action an associated private-keys group out of different private-keys groups, each having an associated cryptographic group key; decrypting, at a first computer, a first level of encryption of a private key associated with the action using the associated cryptographic group key; decrypting, at a second computer distinct from the first computer, a second level of encryption of the private key associated with the action using a hardware-based cryptographic key used by the second computer; using, at the second computer, the private key associated with the action in a process of digitally signing data to authorize the action; and sending the digitally signed data to a third computer to effect the action. 
Bild et al. (US PGPUB. # US 2019/0306124) discloses, a first computing entity receiving a request for first data from an affiliated source device by a user device. When a re-encryption key of the user device is not based on a key pair of the first computing entity the method further includes decrypting the first encrypted data using a private key of the first computing entity and encrypting the recovered first data with a public key of a second computing entity to produce second encrypted data. The method further includes encrypting the second encrypted data with the re-encryption key of the user device to produce double encrypted data. The method further includes sending the double encrypted data to the user device, where the user device is capable of decrypting the double encrypted data to recover the first data using a private key of the user device based on a key pair of the second computing entity.
De Gaspari et al. (US PGPUB. # US 2019/0297063) discloses, producer communicates over a network with a user application in an infrastructure-as-a-service (IaaS) and an IaaS node. The producer encrypts content with first encryption using a first key and second encryption using a second key, to produce twice encrypted content. The producer encrypts the second key with attribute-based encryption and symmetric encryption using an IaaS key, to produce a twice encrypted second key. The producer provides to the user application the twice encrypted content, the twice encrypted second key, and key information configured to remove the first encryption from the twice encrypted content. The producer provides to the IaaS node the IaaS key to enable the IaaS node to remove the symmetric encryption from the twice encrypted second key, such that the user application and the IaaS node are constrained to exchange with each other key-related information and intermediate decryption results in order to recover the content.
Firestone et al. (US PAT. # US 10,187,200) discloses, a method that encrypts each of a plurality of segments of a binary value using a selected block cipher of a plurality of block ciphers and a unique symmetric key of a first plurality of unique, symmetric keys to produce a first ciphertext. The method further encrypts each of a plurality of segments of the first ciphertext using a selected block cipher of the plurality of block ciphers and a unique symmetric key of a second plurality of unique, symmetric keys to produce a second ciphertext. The selected block cipher used to encrypt a first segment of the binary value to produce a first segment of the plurality of segments of the first ciphertext is different than the selected block cipher used to encrypt the first segment of the ciphertext to produce a first encrypted segment of the second ciphertext.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to DARSHAN I DHRUV whose telephone number is (571)272-4316. The examiner can normally be reached M-F 9:00 AM-5:00 PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Yin-Chen Shaw can be reached on 571-272-8878. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/DARSHAN I DHRUV/          Primary Examiner, Art Unit 2498