DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
1.  This is in response to the communications filed on 11 January 2022.
2.  Claims 1-20 are pending in the application.
3.  Claims 1-20 have been rejected.
Information Disclosure Statement
4.  The examiner has considered the information disclosure statement (IDS) filed on 01 April 2021 and 11 January 2022.
Double Patenting
The nonstatutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper timewise extension of the “right to exclude” granted by a patent and to prevent possible harassment by multiple assignees. A nonstatutory double patenting rejection is appropriate where the conflicting claims are not identical, but at least one examined application claim is not patentably distinct from the reference claim(s) because the examined application claim is either anticipated by, or would have been obvious over, the reference claim(s). See, e.g., In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969).
A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) or 1.321(d) may be used to overcome an actual or provisional rejection based on nonstatutory double patenting provided the reference application or patent either is shown to be commonly owned with the examined application, or claims an invention made as a result of activities undertaken within the scope of a joint research agreement. See MPEP § 717.02 for applications subject to examination under the first inventor to file provisions of the AIA  as explained in MPEP § 2159. See MPEP § 2146 et seq. for applications not subject to examination under the first inventor to file provisions of the AIA . A terminal disclaimer must be signed in compliance with 37 CFR 1.321(b). 
The USPTO Internet website contains terminal disclaimer forms which may be used. Please visit www.uspto.gov/patent/patents-forms. The filing date of the application in which the form is filed determines what form (e.g., PTO/SB/25, PTO/SB/26, PTO/AIA /25, or PTO/AIA /26) should be used. A web-based eTerminal Disclaimer may be filled out completely online using web-screens. An eTerminal Disclaimer that meets all requirements is auto-processed and approved immediately upon submission. For more information about eTerminal Disclaimers, refer to www.uspto.gov/patents/process/file/efs/guidance/eTD-info-I.jsp.
5.  Claims 1-20 are rejected on the ground of nonstatutory double patenting as being unpatentable over claims 1-20 of U.S. Patent No. 10,972,445 B2 (hereinafter the ‘445 patent). Although the claims at issue are not identical, they are not patentably distinct from each other because the claims of the instant application are anticipated by the earlier filed claims of the ‘445 patent in that the claims of the ‘445 patent contain all of the limitations of the instant application.  Claims 1-20 of the instant application therefore are not patentably distinct from the earlier filed claims of the ‘445 patent, and as such, is unpatentable for obvious-type double patenting.
	The ‘445 patent teaches:
at a computing platform comprising at least one processor, memory, and a communication interface [column 31, lines 40-41]: 
generating, by the at least one processor, a tenant master key and a server recovery key [column 31, lines 46-49]; 
sending, by the at least one processor, via the communication interface, and to a cloud-based key vault server, the tenant master key and the server recovery key, wherein the cloud-based key vault server is configured to store the tenant master key and is further configured to encrypt the server recovery key with the tenant master key to produce an encrypted server recovery key [column 31, lines 50-60]; 
storing the encrypted server recovery key in a tenant database server associated with one or more enrollment servers [column 31 line 64 to column 32 line 3]; and 
provisioning the one or more enrollment servers with the encrypted server recovery key [column 32, lines 4-8].  
Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

The factual inquiries for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.
6.  Claim(s) 1, 13 and 20 is/are rejected under 35 U.S.C. 103 as being unpatentable over Chakrabarti et al US 2018/0097809 A1 (hereinafter Chakrabarti) in view of Ford et al US 2016/0352518 A1 (hereinafter Ford).
As to claim 1, Chakrabarti discloses a method comprising: 
at a computing platform comprising at least one processor [0031], memory [0030], and a communication interface [0018]: 
generating, by the at least one processor, a tenant master key and a server recovery key (i.e. keys generated in key store) [0049]; 
sending, by the at least one processor, via the communication interface, and to a cloud-based key vault server, the tenant master key and the server recovery key (i.e. providing keys) [0050]; 
storing the encrypted server recovery key in a tenant database server associated with one or more enrollment servers (i.e. send key to cloud components) [0056]; and 
provisioning the one or more enrollment servers with the encrypted server recovery key [0056].  
Chakrabarti does not teach wherein the cloud-based key vault server is configured to store the tenant master key and is further configured to encrypt the server recovery key with the tenant master key to produce an encrypted server recovery key.
Ford teaches wherein the cloud-based key vault server is configured to store the tenant master key (i.e. stored in backup storage 120) [0043] and is further configured to encrypt the server recovery key with the tenant master key to produce an encrypted server recovery key (i.e. master key encrypts encryption keys) [0037].
Therefore, it would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains to have modified Chakrabarti so that the cloud-based key vault server would have been configured to store the tenant master key and would have been further configured to encrypt the server recovery key with the tenant master key to produce an encrypted server recovery key.
It would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains to have modified Chakrabarti by the teaching of Ford because the confidential data is stored in such a way that the data is protected from attackers [0001].
As to claim 13, Chakrabarti discloses a computing platform, comprising: 
at least one processor [0031]; 
a communication interface communicatively coupled to the at least one processor [0018]; and memory storing computer-readable instructions that, when executed by the at least one processor [0030], cause the computing platform to: 
generate, by the at least one processor, a tenant master key and a server recovery key (i.e. keys generated in key store) [0049]; 
send, by the at least one processor, via the communication interface, to a cloud-based key vault server, the tenant master key and the server recovery key (i.e. providing keys) [0050]; 
store the encrypted server recovery key in a tenant database server associated with one or more enrollment servers (i.e. send key to cloud components) [0056]; and 
provision the one or more enrollment servers with the encrypted server recovery key [0056].  
Chakrabarti does not teach wherein the cloud-based key vault server is configured to store the tenant master key and is further configured to encrypt the server recovery key with the tenant master key to produce an encrypted server recovery key.
Ford teaches wherein the cloud-based key vault server is configured to store the tenant master key (i.e. stored in backup storage 120) [0043] and is further configured to encrypt the server recovery key with the tenant master key to produce an encrypted server recovery key (i.e. master key encrypts encryption keys) [0037].
Therefore, it would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains to have modified Chakrabarti so that the cloud-based key vault server would have been configured to store the tenant master key and would have been further configured to encrypt the server recovery key with the tenant master key to produce an encrypted server recovery key.
It would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains to have modified Chakrabarti by the teaching of Ford because the confidential data is stored in such a way that the data is protected from attackers [0001].
As to claim 20, Chakrabarti discloses one or more non-transitory computer-readable media storing instructions that, when executed by a computing platform comprising at least one processor, memory, and a communication interface, cause the computing platform to: 
generate, by the at least one processor, a tenant master key and a server recovery key (i.e. keys generated in key store) [0049]; 
send, by the at least one processor, via the communication interface, and to a cloud-based key vault server, the tenant master key and the server recovery key (i.e. providing keys) [0050]; 
store the encrypted server recovery key in a tenant database server associated with one or more enrollment servers (i.e. send key to cloud components) [0056]; and 
provision the one or more enrollment servers with the encrypted server recovery key [0056].  
Chakrabarti does not teach wherein the cloud-based key vault server is configured to store the tenant master key and is further configured to encrypt the server recovery key with the tenant master key to produce an encrypted server recovery key.
Ford teaches wherein the cloud-based key vault server is configured to store the tenant master key (i.e. stored in backup storage 120) [0043] and is further configured to encrypt the server recovery key with the tenant master key to produce an encrypted server recovery key (i.e. master key encrypts encryption keys) [0037].
Therefore, it would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains to have modified Chakrabarti so that the cloud-based key vault server would have been configured to store the tenant master key and would have been further configured to encrypt the server recovery key with the tenant master key to produce an encrypted server recovery key.
It would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains to have modified Chakrabarti by the teaching of Ford because the confidential data is stored in such a way that the data is protected from attackers [0001].
7.  Claim(s) 2 is/are rejected under 35 U.S.C. 103 as being unpatentable over Chakrabarti et al US 2018/0097809 A1 (hereinafter Chakrabarti) and Ford et al US 2016/0352518 A1 (hereinafter Ford) as applied to claim 1 above, and further in view of Barton et al US 2014/0108794 A1 (hereinafter Barton).
As to claim 2, the Chakrabarti-Ford combination does not teach the method of claim 1, wherein the one or more enrollment servers are configured to manage enrollment of a plurality of policy-managed devices in a policy enforcement scheme and to authenticate with a key update service based on the encrypted server recovery key.  
Barton teaches that the one or more enrollment servers are configured to manage enrollment of a plurality of policy-managed devices in a policy enforcement scheme (i.e. managing mobile devices) [0069] and to authenticate with a key update service based on the encrypted server recovery key (i.e. through authorization) [0191].  
Therefore, it would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains to have modified the Chakrabarti-Ford combination so that the one or more enrollment servers would have been configured to manage enrollment of a plurality of policy-managed devices in a policy enforcement scheme and to authenticate with a key update service based on the encrypted server recovery key.  
It would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains to have modified the Chakrabarti-Ford combination by the teaching of Barton because it help control on how devices can be used and what resources these devices can access) [0004].
8.  Claim(s) 3 is/are rejected under 35 U.S.C. 103 as being unpatentable over Chakrabarti et al US 2018/0097809 A1 (hereinafter Chakrabarti) and Ford et al US 2016/0352518 A1 (hereinafter Ford) as applied to claim 1 above, and further in view of Cash US 2016/0224983 A1.
As to claim 3, the Chakrabarti-Ford combination does not teach sending the encrypted server recovery key to the one or more enrollment servers via the communication interface.  
Cash teaches sending the encrypted server recovery key to the one or more enrollment servers via the communication interface (i.e. transmitting keys to servers during enrollment) [0078].  
Therefore, it would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains to have modified the Chakrabarti-Ford combination so that the encrypted server recovery key would have been sent to the one or more enrollment servers via the communication interface.  
It would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains to have modified the Chakrabarti-Ford combination by the teaching of Cash because it provides sufficient security and efficiency [0003].
9.  Claim(s) 4 is/are rejected under 35 U.S.C. 103 as being unpatentable over Chakrabarti et al US 2018/0097809 A1 (hereinafter Chakrabarti) and Ford et al US 2016/0352518 A1 (hereinafter Ford) as applied to claim 1 above, and further in view of Dalbehera et al US 2015/0358301 A1 (hereinafter Dalbehera).
As to claim 4, the Chakrabarti-Ford combination does not teach the method of claim 1, wherein the encrypted server recovery key enables a plurality of policy-managed devices associated with a tenant to authenticate with a key update service.  
Dalbehera teaches that the encrypted server recovery key enables a plurality of policy-managed devices associated with a tenant to authenticate with a key update service (i.e. authenticating with a key update server) [0048].
Therefore, it would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains to have modified the Chakrabarti-Ford combination so that the encrypted server recovery key would have enabled a plurality of policy-managed devices associated with a tenant to authenticate with a key update service.
It would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains to have modified the Chakrabarti-Ford combination by the teaching of Dalbehera because it provides an inexpensive way to change the configuration of stored keys in order to add new use cases or modify old use cases for usage of the hardware resources [0004].
10.  Claim(s) 5 is/are rejected under 35 U.S.C. 103 as being unpatentable over Chakrabarti et al US 2018/0097809 A1 (hereinafter Chakrabarti) and Ford et al US 2016/0352518 A1 (hereinafter Ford) as applied to claim 1 above, and further in view of Murata US 2008/0104584 A1.
As to claim 5, the Chakrabarti-Ford combination does not teach prior to generating the master tenant key, receiving, by the at least one processor and via a key upgrade service provided by the computing platform, a request to generate one or more new keys.  
Murata teaches prior to generating the master tenant key, receiving, by the at least one processor and via a key upgrade service provided by the computing platform, a request to generate one or more new keys (i.e. through an upgrade key service) [0060, 0063].  
Therefore, it would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains to have modified the Chakrabarti-Ford combination so that prior to generating the master tenant key, it would have been received, by the at least one processor and via a key upgrade service provided by the computing platform, a request to generate one or more new keys.  
It would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains to have modified the Chakrabarti-Ford combination by the teaching of Murata because it helps manage a user apparatus corresponding to a delivered upgrade key [0003].
11.  Claim(s) 6, 14 and 15 is/are rejected under 35 U.S.C. 103 as being unpatentable over Chakrabarti et al US 2018/0097809 A1 (hereinafter Chakrabarti) and Ford et al US 2016/0352518 A1 (hereinafter Ford) as applied to claims 1 and 13 above, and further in view of Jacobs et al US 2018/0131579 A1 (hereinafter Jacobs).
As to claim 6, the Chakrabarti-Ford combination does not teach detecting, by the at least one processor, that a new enrollment server is online.  The Chakrabarti-Ford combination does not teach sending, by the at least one processor and via the communication interface, the encrypted server recovery key to the new enrollment server.  
Jacobs teaches detecting, by the at least one processor, that a new enrollment server is online (i.e. detecting and enrolling new servers) [0076].  Jacobs teaches sending, by the at least one processor and via the communication interface, the encrypted server recovery key to the new enrollment server [0076].  
Therefore, it would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains to have modified the Chakrabarti-Ford combination so that detecting, by the at least one processor, that a new enrollment server is online.  The Chakrabarti-Ford combination does not teach sending, by the at least one processor and via the communication interface, the encrypted server recovery key to the new enrollment server.  
It would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains to have modified the Chakrabarti-Ford combination by the teaching of Jacobs because it helps monitor the network servers [0005].
As to claim 14, the Chakrabarti-Ford combination does not teach detect that a new enrollment server is online.  The Chakrabarti-Ford combination does not teach send, via the communication interface, the encrypted server recovery key to the new enrollment server.  As to claim 15, the Chakrabarti-Ford combination does not teach provision the new enrollment server enabling a plurality of policy-managed devices to enroll with the new enrollment server.  
Jacobs teaches detect that a new enrollment server is online (i.e. detecting and enrolling new servers) [0076].  Jacobs teaches send, via the communication interface, the encrypted server recovery key to the new enrollment server [0076].  Jacobs teaches the new enrollment server enabling a plurality of policy-managed devices to enroll with the new enrollment server [0076].  
Therefore, it would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains to have modified the Chakrabarti-Ford combination so that it would have been detected that a new enrollment server was online.  The encrypted server recovery key would have been sent via the communication interface to the new enrollment server.  The new enrollment server would have been provisioned enabling a plurality of policy-managed devices to enroll with the new enrollment server.  
It would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains to have modified the Chakrabarti-Ford combination by the teaching of Jacobs because it helps monitor the network servers [0005].
12.  Claim(s) 7, 8, 18 and 19 is/are rejected under 35 U.S.C. 103 as being unpatentable over Chakrabarti et al US 2018/0097809 A1 (hereinafter Chakrabarti) and Ford et al US 2016/0352518 A1 (hereinafter Ford) as applied to claims 1 and 13 above, and further in view of D’Souza U.S. Patent No. 8,645,681 B1.
As to claim 7, the Chakrabarti-Ford combination does not teach sending, by the at least one processor and via the communication interface, commands directing a device management server to send new variables to a plurality of policy-managed devices.  The Chakrabarti-Ford combination does not teach wherein the plurality of policy-managed devices are configured to generate a device key for each of the plurality of policy-managed devices based on the new variables.  
D’Souza teaches sending, by the at least one processor and via the communication interface, commands directing a device management server to send new variables to a plurality of policy-managed devices (i.e. commands which include a passphrase for generating a key) [column 2, lines 53-67].  D’Souza teaches wherein the plurality of policy-managed devices are configured to generate a device key for each of the plurality of policy-managed devices based on the new variables (i.e. commands which include a passphrase for generating a key) [column 2, lines 53-67].  
Therefore, it would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains to have modified the Chakrabarti-Ford combination so that commands directing a device management server to send new variables would have been sent, by the at least one processor and via the communication interface, to a plurality of policy-managed devices.  The plurality of policy-managed devices would have been configured to generate a device key for each of the plurality of policy-managed devices based on the new variables.  
It would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains to have modified the Chakrabarti-Ford combination by the teaching of D’Souza because it provides a more secure and efficient method for sending keys [column 1, lines 44-47].
As to claim 8, the Chakrabarti-Ford combination does not teach receive a passphrase from user associated with a policy-managed device of the plurality of policy-managed devices.  The Chakrabarti-Ford combination does not teach generate an encrypted device key based on the passphrase.  The Chakrabarti-Ford combination does not teach store the encrypted device key in local storage of the corresponding policy-managed device.  
D’Souza teaches receive a passphrase from user associated with a policy-managed device of the plurality of policy-managed devices (i.e. commands which include a passphrase for generating a key) [column 2, lines 53-67].  D’Souza teaches generate an encrypted device key based on the passphrase [column 5, lines 36-51].  D’Souza teaches store the encrypted device key in local storage of the corresponding policy-managed device [column 5, lines 36-51].  
Therefore, it would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains to have modified the Chakrabarti-Ford combination so that a passphrase would have been received from user associated with a policy-managed device of the plurality of policy-managed devices.  An encrypted device key would have been generated based on the passphrase.  The encrypted device key would have been stored in local storage of the corresponding policy-managed device.  
It would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains to have modified the Chakrabarti-Ford combination by the teaching of D’Souza because it provides a more secure and efficient method for sending keys [column 1, lines 44-47].
As to claim 18, the Chakrabarti-Ford combination does not teach send, via the communication interface, commands directing a device management server to send new variables to a plurality of policy-managed devices.  As to claim 19, the Chakrabarti-Ford combination does not teach generate a device key based on the new variables from the device management server.  
D’Souza teaches sending, by the at least one processor and via the communication interface, commands directing a device management server to send new variables to a plurality of policy-managed devices (i.e. commands which include a passphrase for generating a key) [column 2, lines 53-67].  D’Souza teaches wherein the plurality of policy-managed devices are configured to generate a device key for each of the plurality of policy-managed devices based on the new variables (i.e. commands which include a passphrase for generating a key) [column 2, lines 53-67].  
Therefore, it would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains to have modified the Chakrabarti-Ford combination so that commands directing a device management server to send new variables would have been sent, by the at least one processor and via the communication interface, to a plurality of policy-managed devices.  The plurality of policy-managed devices would have been configured to generate a device key for each of the plurality of policy-managed devices based on the new variables.  
It would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains to have modified the Chakrabarti-Ford combination by the teaching of D’Souza because it provides a more secure and efficient method for sending keys [column 1, lines 44-47].
13.  Claim(s) 9 is/are rejected under 35 U.S.C. 103 as being unpatentable over Chakrabarti et al US 2018/0097809 A1 (hereinafter Chakrabarti), Ford et al US 2016/0352518 A1 (hereinafter Ford) and D’Souza U.S. Patent No. 8,645,681 B1 as applied to claim 7 above, and further in view of Bao et al US 2016/0239674 A1 (hereinafter Bao).
As to claim 9, the Chakrabarti-Ford-D’Souza combination does not teach generate file keys for one or more files residing on the plurality of policy-managed devices.  
Bao teaches generate file keys for one or more files residing on the plurality of policy-managed devices (i.e. client devices generates file key) [0015].  
Therefore, it would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains to have modified the Chakrabarti-Ford-D’Souza combination so that file keys would have been generated for one or more files residing on the plurality of policy-managed devices.  
It would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains to have modified the Chakrabarti-Ford-D’Souza combination by the teaching of Bao because it allows a client device to encrypt and decrypt files [0001].
14.  Claim(s) 10 is/are rejected under 35 U.S.C. 103 as being unpatentable over Chakrabarti et al US 2018/0097809 A1 (hereinafter Chakrabarti) and Ford et al US 2016/0352518 A1 (hereinafter Ford) as applied to claim 1 above, and further in view of Ness et al US 2018/0123791 A1 (hereinafter Ness).
As to claim 10, the Chakrabarti-Ford combination does not teach the method of claim 1, wherein the tenant database server is separate from the cloud-based key vault server.  
Ness teaches that the tenant database server is separate from the cloud-based key vault server (i.e. key vaults in separated regions) [0030].  
Therefore, it would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains to have modified the Chakrabarti-Ford combination so that the tenant database server would have been separate from the cloud-based key vault server.  
It would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains to have modified the Chakrabarti-Ford combination it provides a highly available and reliable secret distribution infrastructure [0004].
15.  Claim(s) 16 is/are rejected under 35 U.S.C. 103 as being unpatentable over Chakrabarti et al US 2018/0097809 A1 (hereinafter Chakrabarti) and Ford et al US 2016/0352518 A1 (hereinafter Ford) as applied to claim 13 above, and further in view of Faibish et al U.S. Patent No. 10,382,407 B1 (hereinafter Faibish).
As to claim 16, the Chakrabarti-Ford combination does not teach cause a plurality of policy-managed devices to generate a device key for each of the plurality of policy-managed devices.  
Faibish teaches a plurality of policy-managed devices to generate a device key for each of the plurality of policy-managed devices (i.e. generating an encryption key that is unique for each source device) [column 3, lines 33-40].  
Therefore, it would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains to have modified the Chakrabarti-Ford combination so that a plurality of policy-managed devices would have been caused to generate a device key for each of the plurality of policy-managed devices.  
It would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains to have modified the Chakrabarti-Ford combination by the teaching of Faibish because it helps protect time series data in information processing systems [column 1, lines 7-9].
16.  Claim(s) 17 is/are rejected under 35 U.S.C. 103 as being unpatentable over Chakrabarti et al US 2018/0097809 A1 (hereinafter Chakrabarti) and Ford et al US 2016/0352518 A1 (hereinafter Ford) as applied to claim 13 above, and further in view of Bao et al US 2016/0239674 A1 (hereinafter Bao).
As to claim 17, the Chakrabarti-Ford combination does not teach cause a plurality of policy-managed devices to generate file keys for one or more files residing on the plurality of policy-managed devices.  
Bao teaches a plurality of policy-managed devices to generate file keys for one or more files residing on the plurality of policy-managed devices (i.e. client devices generates file key) [0015].  
Therefore, it would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains to have modified the Chakrabarti-Ford combination so that a plurality of policy-managed devices would have been caused to generate file keys for one or more files residing on the plurality of policy-managed devices.  
It would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains to have modified the Chakrabarti-Ford combination by the teaching of Bao because it allows a client device to encrypt and decrypt files [0001].
Allowable Subject Matter
17.  Claims 11 and 12 objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims.
As to claim 11, the prior art does not disclose, teach or fairly suggest the limitations of “read offline variables from local storage of a policy-managed device of the plurality of policy-managed devices”, “generate an offline device key based on the offline variables from the local storage”, “read offline encrypted file keys from the local storage, wherein the offline encrypted file keys correspond to files residing on the policy-managed device”, “decrypt the offline encrypted file keys with the offline device key to generate decrypted file keys” and “encrypt the decrypted file keys with the device key generated based on the new variables to generate encrypted file keys”.  
Any claims not directly addressed are objected to on the virtue of their dependency.
Relevant Prior Art
18.  The following references have been considered relevant by the examiner:
A.  Nagarajamoorthy et al US 2018/0167812 A1 directed to granting access to a wireless network by allowing approval by a trusted authenticator [abstract].
B.  Dolev et al US 2019/0034618 A1 directed to securing a communication channel by obtaining a first value by first and second devices [abstract].
C.  Gray US 2018/0332011 A1 directed to secure transactions [abstract].
Conclusion
19.	Any inquiry concerning this communication or earlier communications from the examiner should be directed to ARAVIND K MOORTHY whose telephone number is (571)272-3793. The examiner can normally be reached M-F 5:00-3:30.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Saleh Najjar can be reached on 571-272-4006. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/ARAVIND K MOORTHY/            Primary Examiner, Art Unit 2492