Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Continued Examination Under 37 CFR 1.114
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection.  Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114.  Applicant's submission filed on 09/02/2022 has been entered.
Claims 1-13, and 16-18 are pending and are being considered.
Claims 1, 5, 9, 13 and 16 have been amended.
Claims 14 and 15 have been canceled.

Information Disclosure Statement
The information disclosure statement (IDS) submitted on 09/22/2022 was filed after the mailing date of the application no. 17/004610 on 08/27/2020.  The submission is in compliance with the provisions of 37 CFR 1.97.  Accordingly, the information disclosure statement is being considered by the examiner.

Response to 103
Applicants arguments filed on 09/02/2022 have been fully considered and are persuasive but are moot in view of new grounds of rejection. The argument do not apply to the current art being used.
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1-4, 6-13 and 16-18 are rejected under 35 U.S.C. 103 as being unpatentable over Flurscheim et al (hereinafter Flurscheim) (US 20160140545) in view of McGough (US 20080056501) and further in view of KESELMAN et al (hereinafter KESELMAN) (US 20200112429). 

Regarding claim 1 Flurscheim teaches a method for managing an electronic content item performed by a first license service system comprising a processor and a non-transitory computer-readable medium storing instructions that, when executed by the processor, cause the first license service system to perform the method, the method comprising: (Flurscheim on [0007] teaches method for enhancing the security of a communication device when conducting a transaction. See Fig 1 block 180 and text on [0074 and 0359] teaches CBPP may be a computer having processor and memory for executing instructions);
receiving a first padded content key share of a content key [[from a content service managing the electronic content item,]] the first padded content key share comprising a first padding string; (Flurscheim Fig 10 block 1010 and text on [0197-0198] teaches receiving key index information as input, wherein the key index information is padded with numeric value 1 represented as numeric string to generate first padded key index (e.g., 1YHHHHCC80000000) (i.e. first padded key share comprising string));
receiving a protected second padded content key share of the content key [[from a second license service]], the protected second padded content key share comprising a second padded content key share of the content key encrypted by the second license service using the public key, the second padded content key share comprising a second padding string (Flurscheim Fig 10 block 1010 and text on [0197-0198] teaches receiving key index information as input, wherein the key index information is padded with numeric value 2 represented as string to generate a second padded key index (e.g., 2YHHHHCC80000000) (i.e. second padded key share comprising string) and encrypting (i.e. protected) the second padded key index using the second encryption key 1008 (i.e. public key));
 generating a protected first padded content key share of the content key by encrypting the first padded content key share using the public key (Flurscheim Fig 10 block 1010 and text on [0197-0198] teaches receiving key index information as input, wherein the key index information is padded with numeric value 1 to generate first padded key index (e.g., 1YHHHHCC80000000) (i.e. first padded key share comprising string) and encrypting the first padded key index using the second encryption key 1008 (i.e. public key));
generating a protected content key based on the protected first padded content key share and the protected second padded content key share, wherein generating the protected content key is performed by the first license service system without exposing an unencrypted version of the content key to the first license service system (Flurscheim on [0198 and 0221] teaches generating protected limited user-key (LUK) (i.e. Protected content key) using the encrypted first padded share and the encrypted second padded share. See Fig 1 block 1014 and text on [0193 and 0198] teaches the LUK is generated by CBPP (i.e. first license service system) based on encrypted first and second padded share (i.e. without decrypting/deciphering the padded key share because the first and the second encrypted share are not decrypted prior to generating the LUK key));
[[the first license service system being an untrusted system by the content service,]] the first padding string and the second2U.S. Patent Application No. 17/004,610 Docket No. IT-163.1 (US)Amendment and Response to Final Office Action dated June 2, 2022padding string being configured to allow for generation of the protected content key by the first license service system without decrypting the protected first padded content key share and the protected second padded content key share (Flurscheim on [0198 and 0221] teaches generating the limited use-key (LUK) based on encrypted first padded key share and encrypted second padded key share i.e. without decrypting/deciphering the padded key share because the first and the second encrypted share are not decrypted prior to generating the LUK key. See on [0193 and 0199] teaches LUK generated by issuer CBPP (i.e. first license service system));
and transmitting the protected content key to the device for use in accessing the electronic content item (Flurscheim on [0199] teaches after the LUK 1014 is generated (e.g., by the CBPP), the LUK 1014 and the key index that includes information pertaining to the generation of LUK 1014 may be provided to a portable communication device to facilitate generation of transaction cryptograms for transactions (i.e. electronic content item) conducted using the portable communication device).
	Although Flurscheim teaches receving first and second padded key share as an input and using the public key to encrypt the first and the second padded key share, but fails to explicitly teach receiving the key share from different entities and receving the public key from a device, however McGough from analogous art teaches receiving a first [[padded]] content key share of a content key from a content service managing the electronic content item (McGough on [0010-0011] teaches computer (i.e. first license service system) executing an application receives a first portion of the session master key (i.e. first content key share) from server (i.e. content service). See on [0014] teaches server managing electronic information stored in a database of the server. See also Fig 3 and text on [0074-0076] teaches receiving first half of the key from server 32 (i.e. content service) and receiving second half of the key from directory service server 39 (i.e. second license service));
receiving a protected]second [[padded]] content key share of the content key from a second license service (McGough on [0010-0011] teaches the application sends an open request to the directory server specified by the server in the first reply for the second portion of the session master key. The directory server (i.e. second license service) sends the second portion of the session master key (i.e. second content key share) to the application. Further teaches the open request sent by the application to the directory server may also include a public key, in which case the second portion of the session master key sent from the directory server to the application is encrypted with the public key. See on [0014] teaches server managing electronic information stored in a database of the server. See also Fig 3 and text on [0074-0076] teaches receiving first half of the key from server 32 (i.e. content service) and receiving second half of the key from directory service server 39 (i.e. second license service)).
Thus, it would have been obvious to one ordinary skill in the art before the effective filing date to implement the teaching of McGough into the teaching of Flurscheim by receiving plurality of different key shares from different entities. One would be motivated to do so in order to improve authentication practice using the key generated based on sperate key share received from different entities (McGough on [0004-0006]).

	Although the combination of Flurscheim and McGough teaches public key for encrypting each key share, but fails to explicitly teach receiving a public key from a device and the first license service system being an untrusted system by the content service, however KESELMAN from analogous art teaches receiving a public key from a device (KESELMAN on [0045] teaches a client device may send public key PK to RCC processor. See also on [0059-0060] teaches RCC receives a request containing public key from client device);
the first license service system being an untrusted system by the content service (KESELMAN Fig 3 block 120, 140 and text on [0041] teaches PKS server 140 (i.e. content service in instant case) generated z and transmits it to RCC 120 (i.e. first license service system in instant case. There is no prior trust relationship between the PKS server 140 and RCC 120)).
Thus, it would have been obvious to one ordinary skill in the art before the effective filing date to implement the teaching of KESELMAN into the combined teaching of Flurscheim and McGough by having RCC device for receiving a public key from client device and RCC device communicating with untrusted PKS server. One would be motivated to do so in order to ensure security between the RCC device and the client device using the public key used for encrypting the data shared between the devices (KESELMAN on [0006]).


Regarding claim 2 the combination of the combination of Flurscheim, McGough and KESELMAN teaches all the limitations of claim 1 above, Flurscheim further teaches wherein the method further comprises receiving a request for a license to access the electronic content item from the device (Flurscheim Fig 9 and text on [0178-0182] teaches mobile device sending a request to MAP 970 which then sends the request to the CBPP. The CBPP generated the parameter including the LUK (i.e. license) key and sends the parameter to the device using in the transactions).

Regarding claim 3 the combination of Flurscheim, McGough and KESELMAN teaches all the limitations of claim 2 above, Flurscheim further teaches wherein the method further comprises generating an electronic license for the electronic content item, the electronic license comprising the protected content key (Flurscheim Fig 9 and text on [0178-0182] teaches mobile device sending a request to MAP 970 which then sends the request to the CBPP. The CBPP generated the parameter including the LUK (i.e. license including Limited use key) key and sends the parameter to the device using in the transactions).

Regarding claim 4 the combination of Flurscheim, McGough and KESELMAN teaches all the limitations of claim 3 above, Flurscheim further teaches wherein transmitting the protected content key to the device comprises transmitting the electronic license to the device (Flurscheim Fig 9 and text on [0178-0182] teaches mobile device sending a request to MAP 970 which then sends the request to the CBPP. The CBPP generated the parameter including the LUK (i.e. license including Limited use key) key and sends the parameter to the device using in the transactions).

Regarding claim 6 the combination of Flurscheim, McGough and KESELMAN teaches all the limitations of claim 1 above, McGough further teaches wherein the first license service is separate from the second license service (McGough on [0010] teaches a method for obtaining a session master key by an application executing on a computer (i.e. first license service system) from a server. Further teaches the directory server (i.e. second license service) sends the second portion of the session master key (i.e. second key share) to the application).

Regarding claim 7 the combination of Flurscheim, McGough and KESELMAN teaches all the limitations of claim 1 above, Flurscheim further teaches wherein the content key comprises a content decryption key associated with the electronic content item (Flurscheim on [0208] teaches the first key KA may correspond to a first portion of the LUK 1014 (e.g., most significant 8 bytes), and the second key KB may correspond to a second portion of the LUK 1014, wherein KB is decryption key for performing decryption operation).

Regarding claim 8 the combination of Flurscheim, McGough and KESELMAN teaches all the limitations of claim 1 above, McGough further teaches wherein the content key is generated by the content service (McGough on [0010-0011] teaches the session master key is generated by the application of computer using the first portion received from the server and the second portion received from the directory server).
Thus, it would have been obvious to one ordinary skill in the art before the effective filing date to implement the teaching of McGough into the teaching of Flurscheim by receiving plurality of different key shares from different entities. One would be motivated to do so in order to improve authentication practice using the key generated based on sperate key share received from different entities (McGough on [0004-0006]).

Regarding claim 9 the combination of Flurscheim, McGough and KESELMAN teaches all the limitations of claim 1 above, McGough further teaches wherein the first padded content key share is generated by the content service (McGough on [0010-0011] teaches computer executing an application receives a first portion of the session master key (i.e. first content key share) from server (i.e. content service indicating separate device)).
Thus, it would have been obvious to one ordinary skill in the art before the effective filing date to implement the teaching of McGough into the teaching of Flurscheim by receiving plurality of different key shares from different entities. One would be motivated to do so in order to improve authentication practice using the key generated based on sperate key share received from different entities (McGough on [0004-0006]).

Regarding claim 10 the combination of Flurscheim, McGough and KESELMAN teaches all the limitations of claim 1 above, McGough further teaches wherein the second padded content key share is generated by the content service (McGough on [0011] teaches server sending a second reply to a directory server with a second portion of the session master key (i.e. indicating the second portion of the key is generated at server which in this case is the content service)).
Thus, it would have been obvious to one ordinary skill in the art before the effective filing date to implement the teaching of McGough into the teaching of Flurscheim by receiving plurality of different key shares from different entities. One would be motivated to do so in order to improve authentication practice using the key generated based on sperate key share received from different entities (McGough on [0004-0006]).

Regarding claim 11 the combination of Flurscheim, McGough and KESELMAN teaches all the limitations of claim 1 above, Flurscheim further teaches wherein the protected content key comprises the content key encrypted with the public key (Flurscheim on [0198 and 0221] teaches generating protected limited user-key (LUK) (i.e. Protected content key) using the encrypted first padded share and the encrypted second padded share. See Fig 1 block 1014 and text on [0193 and 0198] teaches the LUK is generated by CBPP (i.e. first license service system) based on encrypted first and second padded share (i.e. without decrypting/deciphering the padded key share because the first and the second encrypted share are not decrypted prior to generating the LUK key)).

Regarding claim 12 the combination of Flurscheim, McGough and KESELMAN teaches all the limitations of claim 1 above, KESELMAN  further teaches wherein the protected content key comprises the content key encrypted with the public key with a homomorphic encryption algorithm (KESELMAN on [0007, 0014 and 0024] teaches Key derivation service instructions 218 may include instructions that perform the various homomorphic key derivation functions).
Thus, it would have been obvious to one ordinary skill in the art before the effective filing date to implement the teaching of KESELMAN into the combined teaching of Flurscheim and McGough by performing encryption using homomorphic encryption algorithm. One would be motivated to do so in order to ensure security between the RCC device and the client device using the public key used for encrypting the data shared between the devices (KESELMAN on [0006]).

Regarding claim 13 the combination of Flurscheim, McGough and KESELMAN teaches all the limitations of claim 1 above, McGough further teaches wherein the protected second padded content key share comprises the second padded content key share encrypted by the second license service with the public key [[using a homomorphic encryption algorithm]] (McGough on [0010-0011] teaches the application sends an open request to the directory server specified by the server in the first reply for the second portion of the session master key. The directory server (i.e. second license service) sends the second portion of the session master key (i.e. second key share) to the application. Further teaches the open request sent by the application to the directory server may also include a public key, in which case the second portion of the session master key sent from the directory server to the application is encrypted with the public key).
Thus, it would have been obvious to one ordinary skill in the art before the effective filing date to implement the teaching of McGough into the teaching of Flurscheim by encrypting the second share using the public key at the second license service.  One would be motivated to do so in order to improve authentication practice using the key generated based on sperate key share received from different entities (McGough on [0004-0006]).

KESELMAN teaches encrypting using homomorphic encryption algorithm (KESELMAN on [0007, 0014 and 0024] teaches Key derivation service instructions 218 may include instructions that perform the various homomorphic key derivation functions).
Thus, it would have been obvious to one ordinary skill in the art before the effective filing date to implement the teaching of KESELMAN into the combined teaching of Flurscheim and McGough by performing encryption using homomorphic encryption algorithm. One would be motivated to do so in order to ensure security between the RCC device and the client device using the public key used for encrypting the data shared between the devices (KESELMAN on [0006]).

Regarding claim 16 the combination of Flurscheim, McGough and KESELMAN teaches all the limitations of claim 1 above, Flurscheim further teaches wherein the protected content key comprises a protected padded content key (Flurscheim on [0198 and 0221] teaches generating protected limited user-key (LUK) (i.e. Protected padded content key) using the encrypted first padded share and the encrypted second padded share. See Fig 1 block 1014 and text on [0193 and 0198] teaches the LUK is generated by CBPP (i.e. first license service system) based on encrypted first and second padded share (i.e. without decrypting/deciphering the padded key share because the first and the second encrypted share are not decrypted prior to generating the LUK key)).

Regarding claim 17 the combination of Flurscheim, McGough and KESELMAN teaches all the limitations of claim 1 above, KESELMAN further teaches wherein the public key is associated with the device (KESELMAN on [0009] teaches client may generated public key (i.e. public key associated with client device). See on [0007] teaches client 150 may be any device configured to provide access to remote applications. For example, client 150 may be a smartphone, personal computer, tablet, laptop computer, or other device).
Thus, it would have been obvious to one ordinary skill in the art before the effective filing date to implement the teaching of KESELMAN into the combined teaching of Flurscheim and McGough by having public key for performing encryption operation. One would be motivated to do so in order to ensure security between the RCC device and the client device using the public key used for encrypting the data shared between the devices (KESELMAN on [0006]).

Regarding claim 18 the combination of Flurscheim, McGough and KESELMAN teaches all the limitations of claim 1 above, KESELMAN further teaches wherein the public key is associated with a user of the device (KESELMAN on [0009] teaches client may generated public key (i.e. public key associated with client device). See on [0007] teaches client 150 may be any device configured to provide access to remote applications. For example, client 150 may be a smartphone, personal computer, tablet, laptop computer, or other device).
Thus, it would have been obvious to one ordinary skill in the art before the effective filing date to implement the teaching of KESELMAN into the combined teaching of Flurscheim and McGough by having public key for performing encryption operation. One would be motivated to do so in order to ensure security between the RCC device and the client device using the public key used for encrypting the data shared between the devices (KESELMAN on [0006]).

Claim 5 is/are rejected under 35 U.S.C. 103 as being unpatentable over Flurscheim et al (hereinafter Flurscheim) (US 20160140545) in view of McGough (US 20080056501) in view of KESELMAN et al (hereinafter KESELMAN) (US 20200112429) and further in view of Audley (US 20200076594).

Regarding claim 5 the combination of Flurscheim, McGough and KESELMAN teaches all the limitations of claim 1 above, the combination fails to explicitly teach wherein generating the protected content key comprises multiplying the protected first padded content key share and the protected second padded content key share, however Audley from analogous art teaches generating the protected content key comprises multiplying the protected first padded content key share and the protected second padded content key share (Audley on [0032] teaches multiply the key share to produce the key share for example multiplicative masking using the * operators for three key shares is effective key=keyshare1 * keyshare2 * keyshare3).

Thus, it would have been obvious to one ordinary skill in the art before the effective filing date to implement the teaching of Audley into the combined teaching of Flurscheim, McGough and KESELMAN by generating the protected key based on multiplicative operator on the first and second key share. One would be motivated to do so in order to ensure security of data using the secure key generated based on plurality of key shares (Audley on [0003-0005]).

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to MOEEN KHAN whose telephone number is (571)272-3522. The examiner can normally be reached 7AM-5PM EST M-TH Alternate Fridays.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Shewaye Gelagay can be reached on (571)272-4219. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/MOEEN KHAN/Examiner, Art Unit 2436                                                                                                                                                                                                        
/FATOUMATA TRAORE/Primary Examiner, Art Unit 2436