Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
DETAILED ACTION
This Office Action is in response to the communication and claim amendment filed on 06/28/2022; Claims 1, 4-5, 10, 13-14, 17, 19, and 22-23 have been amended; and Claims 1, 10, and 19 are independent claims.  Claims 1-23 have been examined and are pending.  This Action is made FINAL.
In attempt to accelerate the process of prosecution, on July 14th, 2022, the Examiner has contacted the applicant (Mr. ASHLEY, WILLIAM, Reg. No.: 51,419) to discuss possible amendments to move the case forward.  The applicant has not accepted the proposed amended claims.
Response to Arguments
The rejection of claims 10-18, 19, and 20-23 under 35 U.S.C. § 112 second paragraph is withdrawn as the claim has been amended to overcome the claims recited both a device and a method for using that device. However, there is 35 U.S.C. § 112 second paragraph for amended limitations “operable to provide a data storage device” and “operable to establish a peer trust relationship” in claims 10 and 19.  Please, the office action below for more details.
Applicants’ arguments in the instant Amendment, filed on 06/28/2022, with respect to limitations listed below, have been fully considered but they are not persuasive.
a. Applicants argue: Applicant argue a trust relationship between client device and the printer (Applicant Remarks/Arguments, page 9, filed  06/28/2022); Liu fails to describe a trust relationship between the mobile device and the printer; and amended limitation “the trust relationship between the mobile device and content creation device 1s managed by the cloud service such that the certified applications (which are installed on the devices from the cloud service) can rely on the trust relationship as being valid for at least a single transaction” (Applicant Remarks/Arguments, page 10-filed  06/28/2022).
Applicants’ arguments with the amended limitations have been considered but are moot in view of the new ground(s) of rejection.

Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.

The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.
Claims 10-18 and 19-23 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA  35 U.S.C. 112, the applicant), regards as the invention.
Regarding claim 10; Claim 10 is found indefinite because the claim recites “a cloud service operable to provide a data storage service ….”  and “the cloud service operable to establish a peer trust relationship.” A cloud service is merely recited in independent claim 10 to be “operable to provide a data storage service.” and to be “operable to establish a peer trust relationship,” Thus, they are is merely capable of performed the recited or desired function of providing a data storage service and establishing a peer trust relationship. In other words, there is no present tense, positively recited establishing a peer trust relationship. Thus, since the peer trust relationship is not actually established, it cannot be used to manage by the cloud service as recited in the claim. This situation clearly renders the entire subject matter of independent claim 10 indefinite within the second paragraph of 35 U.S.C § 112. See Ex parte Craig Prouse (Appeal 2008-2417). See also Ex parte Herbert Liebl, Inbarajan Selvarajan, and Lee C. Harold (Appeal 2009-010624). It’s suggested that the limitation “operable to provide/establish” be further amended to “configured to provide/establish” (emphasis added).
Regarding claims 11-18; claims 11-18 are dependent on claim 10, and therefore inherit 35 U.S.C. 112 second paragraph issues of the independent claim 10. 
Similarly,
Regarding claim 19; Claim 19 is found indefinite because the claim recites “a cloud service operable to provide a data storage service ….”  and “the cloud service operable to establish a peer trust relationship.” A cloud service is merely recited in independent claim 19 to be “operable to provide a data storage service.” and to be “operable to establish a peer trust relationship,” Thus, they are merely capable of performed the recited or desired function of providing a data storage service and establishing a peer trust relationship. In other words, there is no present tense, positively recited establishing a peer trust relationship. Thus, since the peer trust relationship is not actually established, it cannot be used to manage by the cloud service as recited in the claim. This situation clearly renders the entire subject matter of independent claim 19 indefinite within the second paragraph of 35 U.S.C § 112. See Ex parte Craig Prouse (Appeal 2008-2417). See also Ex parte Herbert Liebl, Inbarajan Selvarajan, and Lee C. Harold (Appeal 2009-010624). It’s suggested that the limitation “operable to provide/establish” be further amended to “configured to provide/establish” (emphasis added).
Regarding claims 20-23; claims 20-23 are dependent on claim 19, and therefore inherit 35 U.S.C. 112 second paragraph issues of the independent claim 19. 

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
Claims 1-2, 5, 8-11, 14, 17-20, and 23 are rejected under 35 U.S.C. 103 as being unpatentable over Steely et al. (“Steely,” US 2014/0189351, published Jul. 3, 2014) in view of Gordon et al. (“Gordon,” US 2016/0092871, published Mar. 31, 2016), further in view of Leavy et al. (“Leavy,” US 2019/0020633, published Jan. 17, 2019).
Regarding claim 1, Steely discloses a method comprising: 
installing a certified application onto a content creation device from a cloud service (Steely: fig. 1, par. 0047; Output device 115 may include an output device cryptographic module (not shown). The output device cryptographic module may be encryption software installed in output device 115…), the certified application establishing a first trust relationship with the cloud service (Steely: fig. 1, printer server 110; par. 0033; Output device 115 may include the output device credential reader 120, a controller (not shown), a print engine (not shown) and an output device cryptographic module (not shown); par. 0047); 
installing a mobile certified application onto a mobile device from the cloud service (Steely: fig. 1; par. 0036, Client device 102 may include a client device cryptographic module (not shown). The client device cryptographic module may be encryption software installed as part of the output device driver of client device 102.), the mobile certified application establishing a second trust relationship with the cloud service (Steely:  fig. 1, printer server 110; par. 0033, Client device 102 may include the client device user credential reader 105 and an output device driver (not shown) that may have a client device cryptographic module (not shown). Print server 110 may include a print server cryptographic module (not shown); par. 0036); 
generating, via the mobile certified application, a first key pair having a private part that is private to the mobile device (Steely: par. 036, …The client device cryptographic module may utilize a variety of encryption algorithms known in the art, including, but not limited to, an RSA encryption algorithm (e.g., 1024-bit, 2048-bit, etc.) that may utilize asymmetrical keys (e.g., public and private keys); 
generating, via the certified application, a second key pair having a private part a that is private to the content creation device (Steely: par. 0047, The output device cryptographic module may utilize a variety of encryption algorithms known in the art, including, but not limited to, an RSA encryption algorithm (e.g., 1024-bit, 2048-bit, etc.) that may utilize asymmetrical keys (e.g., public and private keys); and 
requesting, via the mobile certified application, a service from the content creation device, the service involving transfer of data between the content creation device and the cloud service (Steely: pars.  0051-0056, Referring to FIG. 7, the process begins by a user requesting a temporary private drop-box "in the cloud" from a printer (processing block 701). This may occur in response to a user activating a push button on the printer. In response, processing logic in the printer requests a temporary private drop-box "in the cloud" by sending a request with printer's ID to a web service endpoint (via HTTP, SMS, email, Jabber, etc.) (processing block 702)), 
 the data being protected by at least one of the first and second key pairs (Steely: abstract, encrypting print jobs that includes receiving output data, encrypting the output data with a randomly-generated symmetric session key, generating a session key header by encrypting the randomly-generated symmetric session key using an asymmetric user public key, and encrypting the session key header using a server public key; pars. 0010, 0029) in response to invocation of the service, the service resulting in at least one of the data being stored at the cloud service and being rendered at the content creation device (Steely: par. 0039, Client device 102 may upload or send the one or more files to print server 110 for rendering into a printable format for printing and/or for storing in print server 110 or in a storage location remote from both client device 102 and print server 110. Print server 110 may have an appropriate software application program that is capable of directing the translation of the one or more files into a format recognized by output device 115. Once the files or data have been translated into an appropriate or recognizable format for printing, it may be referred to as a print job fig. 1, par. 0035). 
Steely discloses the certified application and mobile certified application but does not explicitly disclose coupling the mobile device to the content creation device via a proximity network to establish a third trust relationship via the certified application and mobile certified application, particulars of the third trust relationship being managed by the cloud service such that the certified application and the mobile certified application can rely on the third trust relationship as being valid for at least a single transaction.
However, in an analogous art, Gordon discloses coupling the mobile device to the content creation device via a proximity network to establish a third trust relationship (Gordon: fig. 2, Mobile device 201, Access Device 260, Cloud based 280; par. 0130) particulars of the third trust relationship being managed by the cloud service such that the certified application and the mobile certified application can rely on the third trust relationship as being valid for at least a single transaction (Gordon: fig. 2, Mobile device 201, Access Device 260, Cloud based 280; par. 0130, , To conduct a cloud-based transaction, a user of mobile device 201 may place mobile device 201 in proximity to contactless reader 262 of access device 260, or display an image such as a QR code or bar code on a screen of mobile device 201 for scanning by contactless reader 262 of access device 260).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Gordon with the method and system of Steely to include coupling the mobile device to the content creation device via a proximity network to establish a third trust relationship via the certified application and mobile certified application, particulars of the third trust relationship being managed by the cloud service such that the certified application and the mobile certified application can rely on the third trust relationship as being valid for at least a single transaction.” One would have been motivated to increase the size of the necessary malware is increased for making easier to identify and prevent attackers due to the security implementation (Gordon: par. 0050).
Stelly discloses generating, via the mobile certified application, a first key pair and generating, via the certified application, a second key pair but does explicitly disclose a first ephemeral key pair and second ephemeral key pair. 
However, in an analogous art, Leavy discloses creates a pool of asymmetric key pairs which include ephemeral public keys, and ephemeral private keys (Leavy: par. 0058, each instance of the secure communication application creates a pool of asymmetric key pairs. These key pairs are used as part of a key agreement protocol and enable the secure communication application to begin receiving encrypted communications. As the secure communication application begins receiving encrypted communications, the pool of asymmetric key pairs will become depleted and need to be replenished. FIG. 3 shows a method 300 for generating the pool of ephemeral asymmetric key pairs. As used herein, ephemeral asymmetric key pairs, ephemeral public keys, and ephemeral private keys means a short-term key or key pair or a single use key or key pair).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Leavy with the method and system of Steely and Gordon to include “a first ephemeral key pair and second ephemeral key pair.” One would have been motivated to provide encrypted communications when a key distribution center and communication server are unavailable (Leavy: par. 0005).
Regarding claim 2, the combination of Steely, Gordon, and Leavy teaches the method of claim 1. The combination of Steely, Gordon, and Leavy further discloses wherein the service comprises scanning of a document and the data comprises
 a digital file of the scanned document (Steely: par. 0044, Output device 115 may be any device capable of imaging, printing or producing a hard copy of a data file or document stored in electronic form. Example output devices include, but are not limited to, laser, inkjet or dot matrix printers or multi-function printing devices that have the capability of performing other functions, such a faxing, e-mailing, scanning and/or copying, in addition to printing.).
the protecting of the digital file comprising encrypting the digital file using a public part of the first ephemeral key pair before storing the encrypted digital file at the cloud service via the first trust relationship (Steely: abstract, encrypting print jobs that includes receiving output data, encrypting the output data with a randomly-generated symmetric session key, generating a session key header by encrypting the randomly-generated symmetric session key using an asymmetric user public key, and encrypting the session key header using a server public key; pars. 0010, 0029; Leavy: par. 0058).
Regarding claim 5, the combination of Steely, Gordon, and Leavy teaches the method of claim 1. The combination of Steely, Gordon, and Leavy further discloses, wherein the data comprises an encrypted file stored on the cloud service that is encrypted with the first ephemeral key pair, a public part of the second ephemeral key pair, the service comprising: 
transferring the encrypted file from the cloud service to the mobile device (Steely: par. 0030, receiving the print job at printer server gathering print tracking information, and holding for release at the destination output device includes receiving an encrypted metadata); 
decrypting the encrypted file at the mobile device using the first ephemeral key pair to obtain a digital copy of a document (Steely: par. 0030, decrypting the metadata using the print server private key, then re-encrypting it with the output device public asymmetric key);
encrypting the digital copy of the document using a public part of the second ephemeral key pair received from the content creation device to create a second encrypted file (Steely: par. 0030, …. then re-encrypting it with the output device public asymmetric key); 
decrypting the second encrypted file at the content creation device (Steely: pars. 0030-0031, decrypting the encrypted print data); and 
printing the decrypted digital copy of the document at the content creation device (Steely: par. 0031, printing the unencrypted print data). 
Regarding claim 8, the combination of Steely, Gordon, and Leavy teaches the method of claim 1.  The combination of Steely, Gordon, and Leavy further discloses, wherein the proximity network comprises a Bluetooth connection (Gordon: par. 0102, Contact reader 262 may include one or more RF transceivers that can send and receive communications using NFC or other radio frequency or wireless communication protocols such as Blue-tooth, BLE, Wi-Fi..).
Regarding claim 9, the combination of Steely, Gordon, and Leavy teaches the method of claim 1. The combination of Steely, Gordon, and Leavy further discloses wherein the content creation device comprises a multifunction printer (Steely: fig. 1, par. 0044, multi-function printing device). 
Regarding claim 10, Steely discloses system comprising:
a cloud service operable to provide a data storage service and, the trust module first and second certified applications, the cloud service operable to establish a peer trust relationship between the first and second certified applications (Steely: fig. 1; pars. 0033, 0036);
a content creation device onto which the first certified application is installed (Steely: par. 0047; Output device 115 may include an output device cryptographic module (not shown). The output device cryptographic module may be encryption software installed in output device 115…), the content creation device being network-coupled to the cloud service via a first trust relationship (Steely: fig. 1, printer server110; par. 0033; Output device 115 may include the output device credential reader 120, a controller (not shown), a print engine (not shown) and an output device cryptographic module (not shown); par. 0047);
a mobile device onto which the second certified application is installed (Steely: par. 0036, Client device 102 may include a client device cryptographic module (not shown). The client device cryptographic module may be encryption software installed as part of the output device driver of client device 102.), the mobile device being network-coupled to the cloud service via second trust relationship (Steely: fig. 1, printer server 110; par. 0033, Client device 102 may include the client device user credential reader 105 and an output device driver (not shown) that may have a client device cryptographic module (not shown). Print server 110 may include a print server cryptographic module (not shown); par. 0036) the mobile device operable via the second certified application to:
generate a first key pair comprising a private part that is private to the mobile device (Steely: par. 036, …The client device cryptographic module may utilize a variety of encryption algorithms known in the art, including, but not limited to, an RSA encryption algorithm (e.g., 1024-bit, 2048-bit, etc.) that may utilize asymmetrical keys (e.g., public and private keys)); and
request a service from the content creation device using the peer trust relationship, the service involving transfer of data between the content creation device and the cloud service (Steely: pars.  0051-0056, Referring to FIG. 7, the process begins by a user requesting a temporary private drop-box "in the cloud" from a printer (processing block 701). This may occur in response to a user activating a push button on the printer. In response, processing logic in the printer requests a temporary private drop-box "in the cloud" by sending a request with printer's ID to a web service endpoint (via HTTP, SMS, email, Jabber, etc.) (processing block 702), the data being protected by at least one of the first ephemeral key pair and a second ephemeral key pair of the content creation device Steely: par. 036, …The client device cryptographic module may utilize a variety of encryption algorithms known in the art, including, but not limited to, an RSA encryption algorithm (e.g., 1024-bit, 2048-bit, etc.) that may utilize asymmetrical keys (e.g., public and private keys)) in response to invocation of the service, the second ephemeral key pair having a private part that is private to the content creation device (Steely: par. 0047, The output device cryptographic module may utilize a variety of encryption algorithms known in the art, including, but not limited to, an RSA encryption algorithm (e.g., 1024-bit, 2048-bit, etc.) that may utilize asymmetrical keys (e.g., public and private keys),  the service resulting in at least one of the data being stored at the cloud service and being rendered at the content creation device (Steely: pars.  0051-0056, Referring to FIG. 7, the process begins by a user requesting a temporary private drop-box "in the cloud" from a printer (processing block 701). This may occur in response to a user activating a push button on the printer. In response, processing logic in the printer requests a temporary private drop-box "in the cloud" by sending a request with printer's ID to a web service endpoint (via HTTP, SMS, email, Jabber, etc.) (processing block 702)).
Steely discloses the first certified application and second certified application but does not explicitly disclose the mobile device locally coupled to the content creation device using the peer trust relationship, particulars of the peer trust relationship being managed by the cloud service such that the first certified application and the second certified application can rely on the peer trust relationship as being valid for at least a single transaction.
However, in an analogous art, Gordon discloses the mobile device locally coupled to the content creation device using the peer trust relationship (Gordon: fig. 2, Mobile device 201, Access Device 260, Cloud based 280; par. 0130) particulars of the peer trust relationship being managed by the cloud service such that the first certified application and the second certified application can rely on the peer trust relationship as being valid for at least a single transaction (Gordon: fig. 2, Mobile device 201, Access Device 260, Cloud based 280; par. 0130, , To conduct a cloud-based transaction, a user of mobile device 201 may place mobile device 201 in proximity to contactless reader 262 of access device 260, or display an image such as a QR code or bar code on a screen of mobile device 201 for scanning by contactless reader 262 of access device 260).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Gordon with the method and system of Steely to include “the mobile device locally coupled to the content creation device using the peer trust relationship, particulars of the peer trust relationship being managed by the cloud service such that the first certified application and the second certified application can rely on the peer trust relationship as being valid for at least a single transaction.” One would have been motivated to increase the size of the necessary malware is increased for making easier to identify and prevent attackers due to the security implementation (Gordon: par. 0050).
Steely discloses generating, via the mobile certified application, a first key pair and generating, via the certified application, a second key pair but does explicitly disclose a first ephemeral key pair and second ephemeral key pair. 
However, in an analogous art, Leavy discloses creates a pool of asymmetric key pairs which include ephemeral public keys, and ephemeral private keys (Leavy: par. 0058, each instance of the secure communication application creates a pool of asymmetric key pairs. These key pairs are used as part of a key agreement protocol and enable the secure communication application to begin receiving encrypted communications. As the secure communication application begins receiving encrypted communications, the pool of asymmetric key pairs will become depleted and need to be replenished. FIG. 3 shows a method 300 for generating the pool of ephemeral asymmetric key pairs. As used herein, ephemeral asymmetric key pairs, ephemeral public keys, and ephemeral private keys means a short-term key or key pair or a single use key or key pair).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Leavy with the method and system of Steely and Gordon to include “a first ephemeral key pair and second ephemeral key pair.” One would have been motivated to provide encrypted communications when a key distribution center and communication server are unavailable (Leavy: par. 0005).
Regarding claim 11, claim 11 is similar in scope to claim 2, and is therefore rejected under similar rationale.
Regarding claim 14, claim 15 is similar in scope to claim 5, and is therefore rejected under similar rationale.
Regarding claim 17, claim 17 is similar in scope to claim 8, and is therefore rejected under similar rationale.
Regarding claim 18, claim 18 is similar in scope to claim 9, and is therefore rejected under similar rationale.
Regarding claim 19, Steely discloses a system comprising:
 a cloud service operable to provide a data storage service and first and second certified applications, the cloud service operable to establish a peer trust relationship between the first and second certified applications (Steely: fig. 1; pars. 0033, 0036);
 a content creation device onto which the first certified application is installed (Steely: par. 0047; Output device 115 may include an output device cryptographic module (not shown). The output device cryptographic module may be encryption software installed in output device 115…), the content creation device being network coupled to the cloud service via a first trust relationship (Steely: fig. 1, printer server 110; par. 0033; Output device 115 may include the output device credential reader 120, a controller (not shown), a print engine (not shown) and an output device cryptographic module (not shown); par. 0047));
 a mobile device onto which the second certified application is installed (Steely: par. 0036, Client device 102 may include a client device cryptographic module (not shown). The client device cryptographic module may be encryption software installed as part of the output device driver of client device 102.), the mobile device being network coupled to the cloud service via second trust relationship (Steely: fig. 1, printer server 110; par. 0033, Client device 102 may include the client device user credential reader 105 and an output device driver (not shown) that may have a client device cryptographic module (not shown). Print server 110 may include a print server cryptographic module (not shown); par. 0036) the content creation device operable via the first certified application to:
generate an key pair comprising a private part that is private to the content creation device (Steely: par. 0047, The output device cryptographic module may utilize a variety of encryption algorithms known in the art, including, but not limited to, an RSA encryption algorithm (e.g., 1024-bit, 2048-bit, etc.) that may utilize asymmetrical keys (e.g., public and private keys); and
service a request from the mobile device, the service involving transfer of data between the content creation device and the cloud service, the data being protected by the key pair (Steely: par. 0047; Output device 115 may include an output device cryptographic module (not shown). The output device cryptographic module may be encryption software installed in output device 115…) in response to invocation of the service, the service resulting in at least one of the data being stored at the cloud service and being rendered at the content creation device (Steely: pars.  0051-0056, Referring to FIG. 7, the process begins by a user requesting a temporary private drop-box "in the cloud" from a printer (processing block 701). This may occur in response to a user activating a push button on the printer. In response, processing logic in the printer requests a temporary private drop-box "in the cloud" by sending a request with printer's ID to a web service endpoint (via HTTP, SMS, email, Jabber, etc.) (processing block 702).
Steely discloses the first certified application and second certified application but does not explicitly disclose locally coupled to the content creation device using the peer trust relationship, particulars of the peer trust relationship being managed by the cloud service such that the first certified application and the second certified application can rely on the peer trust relationship as being valid for at least a single transaction.
However, in an analogous art, Gordon discloses locally coupled to the content creation device using the peer trust relationship (Gordon: fig. 2, Mobile device 201, Access Device 260, Cloud based 280; par. 0130), particulars of the peer trust relationship being managed by the cloud service such that the first certified application and the second certified application can rely on the peer trust relationship as being valid for at least a single transaction (Gordon: fig. 2, Mobile device 201, Access Device 260, Cloud based 280; par. 0130, , To conduct a cloud-based transaction, a user of mobile device 201 may place mobile device 201 in proximity to contactless reader 262 of access device 260, or display an image such as a QR code or bar code on a screen of mobile device 201 for scanning by contactless reader 262 of access device 260).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Gordon with the method and system of Steely to include “locally coupled to the content creation device using the peer trust relationship, particulars of the peer trust relationship being managed by the cloud service such that the first certified application and the second certified application can rely on the peer trust relationship as being valid for at least a single transaction. ” One would have been motivated to increase the size of the necessary malware is increased for making easier to identify and prevent attackers due to the security implementation (Gordon: par. 0050).
Stelly discloses generating an key pair comprising a private part that is private to the content creation device but does not explicitly disclose an ephemeral key pair.
However, in an analogous art, Leavy discloses creates a pool of asymmetric key pairs which include an ephemeral key pair (Leavy: par. 0058, each instance of the secure communication application creates a pool of asymmetric key pairs. These key pairs are used as part of a key agreement protocol and enable the secure communication application to begin receiving encrypted communications. As the secure communication application begins receiving encrypted communications, the pool of asymmetric key pairs will become depleted and need to be replenished. FIG. 3 shows a method 300 for generating the pool of ephemeral asymmetric key pairs. As used herein, ephemeral asymmetric key pairs, ephemeral public keys, and ephemeral private keys means a short-term key or key pair or a single use key or key pair).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Leavy with the method and system of Steely and Gordon to include “an ephemeral key pair” One would have been motivated to provide encrypted communications when a key distribution center and communication server are unavailable (Leavy: par. 0005).
Regarding claim 20, claim 20 is similar in scope to claim 2, and is therefore rejected under similar rationale.
Regarding claim 23, claim 23 is similar in scope to claim 5, and is therefore rejected under similar rationale.
Claims 3, 12, and 21 are rejected are rejected under 35 U.S.C. 103 as being unpatentable over Steely et al. (“Steely,” US 2014/0189351, published Jul. 3, 2014) in view of Gordon et al. (“Gordon,” US 2016/0092871, published Mar. 31, 2016), further in view of Leavy et al. (“Leavy,” US 2019/0020633, published Jan. 17, 2019), and Brady et al. (“Brady,” US 10,573,106, published Feb. 25, 2020).
Regarding claim 3, the combination of Steely Gordon, and Leavy teaches the method of claim 2. The combination of Steely Gordon, and Leavy discloses wherein the public part of the first ephemeral key pair of the mobile certified application and the certified application of the content creation device but does not explicitly disclose the public part of the first ephemeral key pair is send to the certified application of the content creation device.
However, in an analogous art, Brady discloses public key may be automatically transmitted to the intermediary device by plugging the computer device of the worker into the intermediary device, e.g., by a USB or other cable or connector, or by placing the computer device of the worker within a proximity of the intermediary device, e.g., via Bluetooth®, NFC, RFID (Brady: Col. 24, lines 24-36, The worker may provide the public key to the intermediary device in a manual or automatic fashion, such as by manually entering the public key into an input/output device associated with the intermediary device or a computer device of the worker (e.g., a smartphone or tablet computer) or by transmitting the public key to the intermediary device in a wired or wireless fashion. For example, the public key may be automatically transmitted to the intermediary device by plugging the computer device of the worker into the intermediary device, e.g., by a USB or other cable or connector, or by placing the computer device of the worker within a proximity of the intermediary device, e.g., via Bluetooth®, NFC, RFID or another wireless protocol).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Brady with the method and system of Steely Gordon, and Leavy to include “the public part of the first ephemeral key pair is send to the certified application of the content creation device”. One would have been motivated to intermediary devices that grant temporary access to a home, an office or another secure facility on behalf of an owner or another designated individual associated with the secure facility, or engage in secure communications between the owner and an authorized visitor to whom access has been granted. In particular, the intermediary devices of the present disclosure is configured to automatically authenticate a visitor (e.g., a worker such as a deliveryman, a repairman or another service provider) to a secure facility, to grant the visitor temporary access to specific aspects of the secure facility for a limited purpose and for a limited period of time, and to automatically monitor the visitor's actions at the secure facility (Brady: Col. 2, lines 7-20).
Regarding claim 12, claim 12 is similar in scope to claim 3, and is therefore rejected under similar rationale.
Regarding claim 21, claim 21 is similar in scope to claim 3, and is therefore rejected under similar rationale.
Claims 6 and 15 are rejected are rejected under 35 U.S.C. 103 as being unpatentable over Steely et al. (“Steely,” US 2014/0189351, published Jul. 3, 2014) in view of Gordon et al. (“Gordon,” US 2016/0092871, published Mar. 31, 2016), further in view of Leavy et al. (“Leavy,” US 2019/0020633, published Jan. 17, 2019), and Kakutani et al. (“Kakutani,” US 20170085751, published Mar. 23, 2017).
Regarding claim 6, the combination of Steely Gordon, and Leavy teaches the method of claim 5.  The combination of Steely Gordon, and Leavy further discloses wherein the public part of the second ephemeral key pair, the certified application on the content creation device, and the mobile certified application but does not explicitly disclose the public part of the second ephemeral key pair is sent from the certified application on the content creation device to the mobile certified application.
However, in an analogous art, Kakutani discloses the mobile terminal receiving the public key from the multifunction peripheral (Kakutani: par. 0063, In step S521, the CPU 205 generates a key pair of a private key and a public key, and stores them in the SRAM 213. Next, in step S522, the CPU 205 transmits the public key to the mobile terminal 21. Here, after the mobile terminal 21 receives the public key from the multifunction peripheral 100).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Kakutatni with the method and system of Steely Gordon, and Leavy to include “the public part of the second ephemeral key pair is sent from the certified application on the content creation device to the mobile certified application”. One would have been motivated to provides high security path-encrypted communication while preventing spoofing of the image processing apparatus (Kakutani: par. 0008).
Regarding claim 15, claim 15 is similar in scope to claim 5, and is therefore rejected under similar rationale.
Claims 4, 13, and 22 are rejected are rejected under 35 U.S.C. 103 as being unpatentable over Steely et al. (“Steely,” US 2014/0189351, published Jul. 3, 2014) in view of Gordon et al. (“Gordon,” US 2016/0092871, published Mar. 31, 2016), further in view of Leavy et al. (“Leavy,” US 2019/0020633, published Jan. 17, 2019), and Potter et al. (“Potter,” US 8,370,907, published Feb. 5, 2013).
Regarding claim 4, the combination of Steely Gordon, and Leavy teaches the method of claim 2.  The combination of Steely Gordon, and Leavy discloses the public part of the first ephemeral key pair, cloud service, and the certified application of the content creation device but does not explicitly disclose, wherein a public part of the first ephemeral key pair is sent from the cloud service to the certified application of the content creation device at the request of the mobile certified application.
However, in an analogous art, Potter discloses wherein a public part of the first ephemeral key pair is sent from the cloud service to the certified application of the content creation device at the request of the mobile certified application (Potter: figs. 8, 9A; Col. 9, line 60 to Col. 10, lines 1-5, … This process begins in step 900 and proceeds to step 902 where the initiator device 800 sends a request to connect to the target device 802 to the device server 804 over the previously-established connection between the device 800 and the device server 804. This request contains the address of the target device 802 and public key of the initiator device 800. In step 904, the device server 804 forwards the request containing the public key of the initiator device 800 to the target device 802; Col. 3, lines 49-53).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Potter with the method and system of Steely Gordon, and Leavy to include “wherein a public part of the first ephemeral key pair is sent from the cloud service to the certified application of the content creation device at the request of the mobile certified application.” One would have been motivated to communication between a monitored location and a remote location is accomplished securely over the Internet by using a communication channel with public/private key encryption to connect the two locations and by performing authentication of a user at the local monitoring device rather than at a device server at the remote location, thereby effectively removing the device server as vulnerable point for attack (Potter: Col. 2, lines 42-50).
Regarding claim 13, claim 13 is similar in scope to claim 4, and is therefore rejected under similar rationale.
Regarding claim 22, claim 22 is similar in scope to claim 4, and is therefore rejected under similar rationale.
Claims 7 and 16 are rejected under are rejected under 35 U.S.C. 103 as being unpatentable over Steely et al. (“Steely,” US 2014/0189351, published Jul. 3, 2014 in view of Gordon et al. (“Gordon,” US 2016/0092871, published Mar. 31, 2016), further in view of Leavy et al. (“Leavy,” US 2019/0020633, published Jan. 17, 2019), and Kessler (“Kessler,” US 2015/0378656, published Dec. 31, 2015).
Regarding claim 7, the combination of Steely Gordon, and Leavy teaches the method of claim 5.  The combination of Steely Gordon, and Leavy discloses wherein the encrypted file is transferred from the cloud service to the mobile device but does not explicitly disclose via the content creation device. 
However, in an analogous art, Kessler discloses the content creation device which uploads an encrypted file to a cloud server (Kessler: pars. 0082-0084, … an encrypted file and then sending that file via the Internet 132 to a cloud server 135 that may then store the file on secure data repository 140).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Kessler with the method and system of Steely Gordon, and Leavy to include “the encrypted file is transferred from the cloud service to the mobile device via the content creation device.” One would have been motivated to use a cryptographic component to facilitate process of security authorization, so that access to a resource is inhibited by a security protocol, thus allowing the cryptographic component to facilitate secure accessing of resources and facilitate access of secured resources on remote systems. The method enables allowing the cryptographic component to support encryption schemes for allowing secure transmission of information across a communications network to enable the component to engage in secure transactions (Kessler: pars. 0072).
Regarding claim 16, claim 16 is similar in scope to claim 7, and is therefore rejected under similar rationale.
Conclusion
Applicant’s amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a). 
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to Canh Le whose telephone number is 571-270-1380. The examiner can normally be reached on Monday to Friday 6:00AM to 3:30PM other Friday off.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Luu Pham can be reached on 571-270-5002.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. 
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/Canh Le/
Examiner, Art Unit 2439

August 16, 2022


/LUU T PHAM/Supervisory Patent Examiner, Art Unit 2439