Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
The present Office Action is responsive to communications received 10/19/2020.
Claims 1-20 are pending.

Information Disclosure Statement
The information disclosure statement (IDS) submitted on 10/19/2020 is in compliance with the provisions of 37 CFR 1.97. Accordingly, the information disclosure statement is being considered by the examiner.


Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1-2, 6-12, 16-20 are rejected under 35 U.S.C. 103 as being unpatentable over US 20140075493 to Krishnan et al., hereinafter Krishnan, and further in view of US 20140033271 to Barton et al., hereinafter Barton.
Regarding claim 1, Krishnan discloses 
A method comprising:  restricting, by use of a processor, access to a decryption key ([0037]: decryption key restricted based on location, time ...) for private data on an electronic device, wherein the private data is encrypted ([0037]: key to be presented to the client device to decrypt sensitive, hidden data i.e private data [0042][0045])); determining an electronic device profile comprising a device time and a device location of the electronic device; releasing the decryption key in response to the electronic device profile satisfying an access policy ([0037][0045]: where the device profile is the state of the device; verify location, time with access policy, grant or deny access to the decryption key); and decrypting the private data using the decryption key ([0042]: decrypt hidden data).   
Krishnan does not explicitly teach the private data comprises group communications. In an analogous art regarding protection of data in an enterprise, Barton discloses an electronic device storing encrypted data such as encrypted attachments to email messages received from other members of the enterprise ([0222]); therefore, Barton discloses encrypted data comprising group communications. It would have been obvious to a skilled artisan before the application was effectively filed to encrypt private data comprising group communications as taught by Barton because it would ensure confidentiality of the communications within the enterprise.
Regarding claim 11, the claim recites substantially the same content as claim 1, and is rejected using the rationales set forth in claim 1; the claimed apparatus comprising a process, memory (Krishnan [0023][0032]).
Similarly claim 20 recites substantially the same content as claim 1, and is rejected using the rationales set forth in claim 1; the claimed program product discloses by Khrisnan ([0062]), n view of Barton.
Regarding claim 2 and substantially claim 12, Khrisnan in view of Barton discloses the method of claim 1, wherein the access policy is satisfied if the device location is within a specified geographic area (Krishnan [0037]: device located in a country deemed dangerous from an industrial espionage perspective).
Regarding claim 6 and substantially claim 16, Khrisnan in view of Barton discloses the method of claim 1, wherein access to the decryption key is restricted by a remote management device (Krishnan [0008]: server).
Regarding claim 7 and substantially claim 17, Khrisnan in view of Barton discloses the method of claim 1, the method further comprising deleting the private data on the electronic device in response to a claw back command from a remote management device (Barton [0078][0230][0243]: selective wipe of the data stored in a secure container on the mobile device is performed at direction of management device; it would have been obvious to allow delete the private data in response to a command  from a management system because it would allow the management system to effectively control the access to private data in the user device).
Regarding claim 8 and substantially claim 18, Khrisnan in view of Barton discloses the method of claim 1, wherein the electronic device profile further comprises one or more of a device orientation of the electronic device, a device proximity of the electronic device to a user, a device motion of the electronic device, and a device acceleration of the electronic device (Krishnan [0048]: device motion grants access to the sensitive data).
Regarding claim 9 and substantially claim 19, Khrisnan in view of Barton discloses the method of claim 8, wherein the access policy is not satisfied if one or more of the device orientation exceeds an orientation threshold, the device  proximity exceeds a proximity threshold, the device motion exceeds a motion threshold, and the device acceleration exceeds an acceleration threshold (Krishnan [0048]: if the device motion is substantially horizontal (instead of being vertical), the policy is not satisfied to grant access to sensitive data).
Regarding claim 10, Khrisnan in view of Barton discloses the method of claim 1, wherein restricting the decryption key is selected from the group consisting of encrypting the decryption key (Krishnan [0042]: key generated using PKCS#5 based on password, one-way-encrypted as known in the art) and restricting access to the decryption key in a memory (Krishnan [0043]: decryption key stored in data storage; [0045]: key in key store or locally-generated key portions stored in sections of files).

Claims 3-4 and 13-14 are rejected under 35 USC 103 as being unpatentable over Krishnan, in view of Barton, and in further view of US 20160357959 to Dabbiere et al., hereinafter Dabbiere. Dabbiere is cited in IDS dated 10-19-2020.

Regarding claim 3 and substantially claim 13, Khrisnan in view of Barton discloses the method of claim 1. Krishnan discloses the policy includes time of access and behavioral deviations from the norm ([0037]) but does not explicitly teach the access policy is satisfied if the device time is within a specified time range.
In an analogous art, Dabbiere discloses a device storing compliance rules that specifying the required conditions to perform some functions; for instance, the user device is associated with a current time that is within an authorized time period ([0030]). It would have been obvious to a skilled artisan before the application was effectively filed to set policy requiring the device time be within a specified time range as taught by Dabbiere because it would impose more restrictions to accessing the private data in Krishnan, enhancing the access control policies.
Regarding claim 4 and substantially claim 14, Khrisnan in view of Barton discloses the method of claim 1, wherein the access policy is satisfied if the device location is within a specified geographic area (Krishnan [0037]).  Krishnan discloses the policy includes time of access and behavioral deviations from the norm ([0037]) but does not explicitly teach the device time is within a specified time range. In an analogous art, Dabbiere discloses a device storing compliance rules that specifying the required conditions to perform some functions; for instance, the user device is associated with a current time that is within an authorized time period ([0030]) and additional the rules require a safe zone location of the device ([0031]). It would have been obvious to a skilled artisan before the application was effectively filed to set policy requiring the device be at a specific location and the time be within a specified time range as taught by Dabbiere because it would impose more restrictions to accessing the private data in Krishnan, enhancing the access control policies.


Claims 5 and 15 are rejected under 35 USC 103 as being unpatentable over Krishnan, in view of Barton, and in further view of US 20180248863 to Kao et al., hereinafter Kao.
Regarding claim 5 and substantially claim 15, Khrisnan in view of Barton discloses the method of claim 1; while Krishnan additionally discloses comparing a pattern of user activity to historical patterns, if there are unusual changes, deny access to sensitive data ([0055]), Krishnan in view of Barton does not explicitly teach, wherein the access policy is satisfied if a weighted difference between the electronic device profile and a device profile history is within a difference threshold.
In an analogous art, Kao discloses a method is provided for authenticating an identity of a user requesting access to a computerized resource via a client computing device. Kao discloses determining risk scores based on weighted differences between at historical data in usage profile and the current data, and determining whether the risk scores are greater than one or more thresholds ([0011][0057]); the differences can also include a value representing an extent of match between the historical data and the current data ([0054]), i.e a difference threshold. Therefore Kao teaches the limitation. It would have been obvious to a skilled artisan before the application was effectively filed to use the method of comparison taught in Kao for the comparison between current data and historical patterns as taught in Krishnan because it would provide a “holistic approach for evaluating ... risks” (Kao [0002]) and would be more performant.


Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure:
Marshall et al 9705813 disclose accessing resources based on location of a client device, the current time is within an authorized time window ...
Ronca 9680827 discloses suspending the validity of the cryptographic key material when the entity is outside the geographic area and reinstating the validity of the cryptographic key material when the entity is inside the geographic area.
Sharifi Mehr 10853350 discloses setting access policies based on access pattern, compared to historic data.

Any inquiry concerning this communication or earlier communications from the examiner should be directed to CATHERINE B THIAW whose telephone number is (571)270-1138. The examiner can normally be reached Monday-Friday 7am-4pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, CARL G COLIN can be reached on 571-272-3862. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/Catherine Thiaw/Primary Examiner, Art Unit 2493                                                                                                                                                                                                        9/2/2022