DETAILED ACTION
This action is in response to the amendment filed on July 12, 2022. Claims 1-20 are
pending. Of such, claims 1-7 represent a method, claims 8-13 represent a system, and claims 14-20
represents a computer program product directed to attribute-based encryption and user authentication and authorization.
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Response to Arguments
Applicant's arguments filed July 12, 2022 have been fully considered but they are not persuasive. 
On page 9 of the remarks, Applicant asserts that Matyas does not disclose the header information is associated with a request as claimed rather associated with an encrypted file. This is not persuasive. 
The request, whether to store a new encrypted file or store an updated encrypted file, is a request that includes an encrypted file, key file, and a file header (Col 10, Lines 20-25). Therefore the header is a portion of the request that is sent to the file server. 
On page 10 of the remarks, Applicant asserts that Matyas does not disclose whether a resource user is authorized to access a ‘decrypted protected resource’ responsive to determining that the decryption of an ‘encrypted protected resource’ was successful. This is not persuasive.
Matyas discloses that a file can be decrypted by the user who created the file after the validation is complete with who has the “passphrase” needed to decrypt the file, and/or by a trusted third party that the creating-user has granted access to the file (Col. 7, Lines 47-51). The ability to decrypt the file from the file server would mean that the authentication was successful to proceed with the action. 
On page 10 of the remarks with respect to Claim 1, Applicant asserts that Matyas does not disclose the message authentication code and recovery integrity key is read within an embedded header file of the protected resource access request and instead it is embedded within a file header of a file. This is not persuasive.
The request, whether to store a new encrypted file or store an updated encrypted file, is a request that includes an encrypted file, key file, and a file header (Col 10, Lines 20-25). Therefore the header is a portion of the request that is sent to the file server. 
	On page 11 of the remarks with respect to Claim 1, Applicant asserts that the comparison between the hashed message authentication code and the authentication code read within the embedded field of the protected resource access ‘request’ as claimed is not the same as Matyas due to the header being associated with the file. This is not persuasive.
The request, whether to store a new encrypted file or store an updated encrypted file, is a request that includes an encrypted file, key file, and a file header (Col 10, Lines 20-25). Therefore the header is a portion of the request that is sent to the file server. The message authentication code read from the header of the file would be part of the request sent to the file server. 
One pages 11-12 of the remarks with respect to Claim 2, Applicant asserts that Matyas does not described the determining whether the decryption of the resource was successful to form a decrypted protected resource using the retrieved attribute-based encryption user key. This is not persuasive.
The file header contains the encrypted user key as well as additional information related to the decryption of the file used to verify the authenticity of the file after decryption. The file can be decrypted using the “passphrase” needed to decrypt the file (Col 7, Lines 45-51).
On pages 12-13 of the remarks with respect to Claim 2, Applicant asserts the authorization determination responsive to the computer determining that the decryption of the protected resource was unsuccessful using the retrieved attribute encryption key is not disclosed by Matyas. This is not persuasive. 
Matyas states that the encryption key is hashed and included in the header of the file. If the keys have been recovered correctly and have not been changed then the decryption can occur, however if the hash values are not equal then an error has occurred and the operations would terminate (Col 11, lines 50-67). The decryption of the resource is directly corelated with the determination if the hash values that contain the encryption key are equal which relates to the applicants limitation. 
On page 14 of the remarks with respect to Claim 3, Applicant asserts the receiving step/action is not taught by Matyas as the encrypting action does not correspond to the receiving action. Further, the Applicant asserts the reading step is not taught by Matyas with respect to the authentication code and the identifier and the identifier is not used when retrieving an attribute-based encryption user key. This is not persuasive. 
Matyas describes that the request to access the encrypted file is sent to the file server that includes the encrypted file, key, and file header (Col 10, Lines 20-25). If the request is sent to the file server, the receiving action is completed by the file server. Further, the file server verifies within the directory for the identifier associated with the “store new encrypted file” request (Col 10, lines 36-40). As previously mentioned, the encryption user key is sent with the request to the file server which contains the file header that includes a tuple containing the identifier (Col 10, Lines 20-25).
On pages 16-17 of the remarks with respect to claim 4, Applicant asserts that Matyas includes the message authentication code in the file header rather than the request as claimed. This is not persuasive. 
The request, whether to store a new encrypted file or store an updated encrypted file, is a request that includes an encrypted file, key file, and a file header (Col 10, Lines 20-25). Therefore the header is a portion of the request that is sent to the file server. The message authentication code read from the header of the file would be part of the request sent to the file server. 
On page 18 of the remarks with respect to Claim 4, Applicant asserts that Matyas fails to teach the client resource application inserts the authentication code and user identifier in a field prior to sending the resource request. Further the Applicant states the replacement of file headers and response to the client taught by Matyas does not represent the claims of utilizing the protected resource after successful decryption. This is not persuasive. 
The file headers may contain the tuple (id, fid) where id is the user identification of the owner of the file and fid is a file identification associated with the file (Col 7, lines 30-35) and the message authentication code (MAC) may also be included in the file header to verify authenticity of the file (Col 7 lines 45-50). Both the MAC and the identifier are included in the request that is structured prior to sending the request. Further, the utilization of the command of replacement of the file headers or a update/store command as stated by Matyas deems as utilization of the file. 
On page 19 of the remarks with regards to claim 7, Applicant asserts that Matyas fails to teach the invocation mechanism of determining that a match does not exist between the generated authentication code and the authentication code read within the header field. This is not persuasive. 
Matyas discloses the recovered integrity key is hashed with the file to provide a recovered message authentication code which is compared with a message authentication code from the file header to confirm that the decrypted file corresponds to the file which generated the message authentication code from the file header (Col 2, Lines 55-61).
Applicant asserts the teachings of Matyas with respect to the limitations of the claims are non-existing due to the citation error in the office action. Although, the Applicant was able to identify the citations within the reference as outlined by the remarks on pages 10-19. Citations have been corrected for clarity. 
Claim Rejections - 35 USC § 102
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –

(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale, or otherwise available to the public before the effective filing date of the claimed invention.

Claim(s) 1-20 are rejected under 35 U.S.C. 102 (a)(1) as being anticipated over Matyas at al. (US 7010689), hereinafter referred to as Matyas.
Regarding Claim 1, Matyas discloses:
A computer-implemented method for resource user authentication and authorization, the computer-implemented method comprising (In Col. 1, Lines 53-55, Matyas discloses “Embodiments of the present invention include methods, systems and computer program products which provide for controlling access to digital data in a file”) : generating, by a computer, an authentication code based on using a retrieved attribute-based encryption user key as a secret key for a keyed-hash message authentication code digital signature over a set of header fields of a protected resource access request received from a client device of a resource user via a network (In Col. 3, Lines 22-32, Matyas discloses “In further embodiments, an integrity key may be generated and a message authentication code generated based on digital data of the file utilizing the integrity key…. The file encryption key and the integrity key are encrypted with the public key to provide encrypted file encryption keys and a file header containing the encrypted file encryption keys and the message authentication code created.”); comparing, by the computer, the generated authentication code with an authentication code read within an embedded header field of the protected resource access request; determining, by the computer, whether a match exists between the generated authentication code and the authentication code read within the embedded header field (In Col 2, Lines 56-61, Matyas discloses “The recovered integrity key is hashed with the decrypted file to provide a recovered message authentication code which is compared with a message authentication code from the file header to confirm that the decrypted file corresponds to the file which generated the message authentication code from the file header.”); responsive to the computer determining that a match does exist between the generated authentication code and the authentication code read within the embedded header field, authenticating, by the computer, the resource user (In Col 11, Lines 29-35, Matyas discloses “Turning to FIG. 8, when the file server receives the request to access the encrypted file (block 690), the file server first verifies that a directory entry exists for the tuple (id, fid) received in the "access encrypted file" request (block 692). If so, the file server responds by sending the encrypted file, Enc.sub.ke(file)), and its associated file header to the personal key client (block 696).”); and performing, by the computer, decryption of an encrypted protected resource corresponding to the protected resource access request using the retrieved attribute-based encryption user key corresponding to the resource user in response to authentication of the resource user (In Col 3, Lines 2-6, Matyas discloses “The hash value and the recovered verification value may be compared and the file decrypted with the recovered file encryption key if the comparison of the hash value and the recovered verification value indicates that the values are equal”).
Regarding Claim 2, Matyas discloses:
The computer-implemented method of claim 1 further comprising: determining, by the computer, whether the decryption of the encrypted protected resource was successful to form a decrypted protected resource using the retrieved attribute-based encryption user key; responsive to the computer determining that the decryption of the encrypted protected resource was successful to form a decrypted protected resource using the retrieved attribute-based encryption user key, determining, by the computer, that the Docket No. P202003235US01 Page 33 of 41resource user is authorized to access the decrypted protected resource and granting access (In Col 11, Lines 29-35, Matyas discloses “Turning to FIG. 8, when the file server receives the request to access the encrypted file (block 690), the file server first verifies that a directory entry exists for the tuple (id, fid) received in the "access encrypted file" request (block 692). If so, the file server responds by sending the encrypted file, Enc.sub.ke(file)), and its associated file header to the personal key client (block 696).”); and responsive to the computer determining that the decryption of the encrypted protected resource was unsuccessful using the retrieved attribute-based encryption user key, determining, by the computer, that the resource user is not authorized to access the encrypted protected resource and denying access (In Col 14, Lines 34-40, Matyas discloses “If the replacement is not successful, the file server may respond by rejecting the request and sending a "rejected" response to the personal key client (block 814)” and in ¶ 61, Matyas further discloses “If the hash values are not equal (block 714), then an error has occurred and this error may, optionally, be reported to the user (block 726) and operations may terminate.”).
Regarding Claim 3, Matyas discloses:
The computer-implemented method of claim 1 further comprising: receiving, by the computer, the protected resource access request including the set of header fields, an embedded authentication code field that contains the authentication code, and an embedded user key identifier field that contains a user key identifier from the client device corresponding to the resource user via the network (In Col 3, Lines 25-29, Matyas discloses “The file encryption key and the integrity key are encrypted with the public key to provide encrypted file encryption keys and a file header containing the encrypted file encryption keys and the message authentication code created”); reading, by the computer, the embedded authentication code field that contains the authentication code and the embedded user key identifier field that contains the user key identifier in the protected resource access request (In Col 3, Lines 9-13, Matyas discloses “A public key associated with the party other than the owner of the file is obtained and the file encryption key encrypted with the public key of the party other than the owner of the file to provide a public key encrypted file encryption key”); and retrieving, by the computer, an attribute-based encryption user key from a key store of the computer to form the retrieved attribute-based encryption user key using the user key identifier read within the embedded user key identifier field of the protected resource access request, wherein the user key identifier uniquely identifies the attribute- based encryption user key in the key store (In Col 5, Lines 28-30, Matyas discloses “The encrypted key may be stored in a header associated with the file and maintained on a server for access by a user…. Additional embodiments of the present invention provide for storing, updating, retrieving and managing keys associated with users which have access to the file.” And in Col 11, Lines 16-21, Matyas further discloses “Turning to FIG. 9, operations for data retrieval by a trusted third party are illustrated. When the trusted third party wants to retrieve and recover a file (fid) associated with a userid id, the trusted third party requests access to a named file (corresponding to a fid) stored on the file server belonging to the file owner whose userid is id by providing”).
Regarding Claim 4, Matyas discloses:
The computer-implemented method of claim 3, wherein a client resource application of the client device embeds the embedded authentication code field and the embedded user key identifier field in the protected resource access request in addition to the set of header fields (In Col 7, Lines 45-48, Matyas discloses “A message authentication code (MAC) 408 may also be included within the file header 402 to verify the authenticity of the file after decryption.” And in Col 7, Lines 33-35, Matyas further discloses “the file header may contain the tuple (id, fid) 404 where id is a user identification of an owner of the file and fid is a file identification associated with the file.”), and wherein the client resource application inserts the authentication code in the embedded authentication code field and the user key identifier in the embedded user key identifier field prior to sending the protected resource access request to the computer (In Col 11, Lines 50-53, Matyas discloses “The personal key client extracts the encrypted value (block 662), such as Enc.sub.k(ke, ki, Hash(ke, ki)), from the file header and decrypts this value with k to recover the encrypted values (block 664), such as ke, ki and Hash(ke, ki).”), and wherein the client resource application utilizes the encrypted protected resource after successful decryption by the computer (In Col 14, Lines 30-34, Matyas discloses “If the replacement of file headers was successful (block 810), the file server sends a response message to the personal key client indicating that the file headers have been replaced in the file server's database (block 812).”).
Regarding Claim 5, Matyas discloses:
The computer-implemented method of claim 1, wherein the protected resource access request is requesting access to the encrypted protected resource that is hosted by the computer (In Col 7, Lines 7-9, Matyas discloses “As is further seen in FIG. 3, for client processing systems, the application program(s) 10 preferably includes a personal key client 12.”).
Regarding Claim 6, Matyas discloses:
The computer-implemented method of claim 1, wherein the retrieved attribute- based encryption user key corresponds to the resource user (In Col 1, Lines 52-56, Matyas discloses “Embodiments of the present invention include methods, systems and computer program products which provide for controlling access to digital data in a file by obtaining a passphrase from a user and generating a personal key”).
Regarding Claim 7, Matyas discloses:
The computer-implemented method of claim 1 further comprising: responsive to the computer determining that a match does not exist between the generated authentication code and the authentication code read within the embedded header field, determining, by the computer, that the resource user is not authenticated and denying access to the encrypted protected resource by the resource user (In Col 14, Lines 34-36, Matyas discloses “If the replacement is not successful, the file server may respond by rejecting the request and sending a "rejected" response to the personal key client (block 814)” and in Col 12, Lines 57-59, Matyas further discloses “If the hash values are not equal (block 714), then an error has occurred and this error may, optionally, be reported to the user (block 726) and operations may terminate.”).
Regarding Claim 8, Matyas discloses:
A computer system for resource user authentication and authorization, the computer system comprising (In Col. 1, Lines 53-55, Matyas discloses “Embodiments of the present invention include methods, systems and computer program products which provide for controlling access to digital data in a file”): a bus system; a storage device connected to the bus system, wherein the storage device stores program instructions; and a processor connected to the bus system (In Col 6, Lines 39-40, Matyas discloses “The processor 238 communicates with the memory 236 via an address/data bus 248.”), wherein the processor executes the program instructions to: generate an authentication code based on using a retrieved attribute-based encryption user key as a secret key for a keyed-hash message authentication code digital signature over a set of header fields of a protected resource access request received from a client device of a resource user via a network (In Col. 3, Lines 22-32, Matyas discloses “In further embodiments, an integrity key may be generated and a message authentication code generated based on digital data of the file utilizing the integrity key…. The file encryption key and the integrity key are encrypted with the public key to provide encrypted file encryption keys and a file header containing the encrypted file encryption keys and the message authentication code created.”);  compare the generated authentication code with an authentication code read within an embedded header field of the protected resource access request; determine whether a match exists between the generated authentication code and the authentication code read within the embedded header field (In Col 2, Lines 56-61, Matyas discloses “The recovered integrity key is hashed with the decrypted file to provide a recovered message authentication code which is compared with a message authentication code from the file header to confirm that the decrypted file corresponds to the file which generated the message authentication code from the file header.”); Docket No. P202003235US01 Page 35 of 41authenticate the resource user in response to determining that a match does exist between the generated authentication code and the authentication code read within the embedded header field (In Col 11, Lines 29-35, Matyas discloses “Turning to FIG. 8, when the file server receives the request to access the encrypted file (block 690), the file server first verifies that a directory entry exists for the tuple (id, fid) received in the "access encrypted file" request (block 692). If so, the file server responds by sending the encrypted file, Enc.sub.ke(file)), and its associated file header to the personal key client (block 696).”); and perform decryption of an encrypted protected resource corresponding to the protected resource access request using the retrieved attribute-based encryption user key corresponding to the resource user in response to authentication of the resource user (In Col 3, Lines 2-6, Matyas discloses “The hash value and the recovered verification value may be compared and the file decrypted with the recovered file encryption key if the comparison of the hash value and the recovered verification value indicates that the values are equal”).
Regarding Claim 9, Matyas discloses:
The computer system of claim 8, wherein the processor further executes the program instructions to: determine whether the decryption of the encrypted protected resource was successful to form a decrypted protected resource using the retrieved attribute-based encryption user key; determine that the resource user is authorized to access the decrypted protected resource and grant access in response to determining that the decryption of the encrypted protected resource was successful to form the decrypted protected resource using the retrieved attribute-based encryption user key (In Col 11, Lines 29-35, Matyas discloses “Turning to FIG. 8, when the file server receives the request to access the encrypted file (block 690), the file server first verifies that a directory entry exists for the tuple (id, fid) received in the "access encrypted file" request (block 692). If so, the file server responds by sending the encrypted file, Enc.sub.ke(file)), and its associated file header to the personal key client (block 696).”); and determine that the resource user is not authorized to access the encrypted protected resource and deny access in response to determining that the decryption of the encrypted protected resource was unsuccessful using the retrieved attribute-based encryption user key. (In Col 14, Lines 34-40, Matyas discloses “If the replacement is not successful, the file server may respond by rejecting the request and sending a "rejected" response to the personal key client (block 814)” and in ¶ 61, Matyas further discloses “If the hash values are not equal (block 714), then an error has occurred and this error may, optionally, be reported to the user (block 726) and operations may terminate.”).
Regarding Claim 10, Matyas discloses:
The computer system of claim 8, wherein the processor further executes the program instructions to: receive the protected resource access request including the set of header fields, an embedded authentication code field that contains the authentication code, and an embedded user key identifier field that contains a user key identifier from the client device corresponding to the resource user via the network (In Col 3, Lines 25-29, Matyas discloses “The file encryption key and the integrity key are encrypted with the public key to provide encrypted file encryption keys and a file header containing the encrypted file encryption keys and the message authentication code created”); Docket No. P202003235US01 Page 36 of 41read the embedded authentication code field that contains the authentication code and the embedded user key identifier field that contains the user key identifier in the protected resource access request (In Col 3, Lines 9-13, Matyas discloses “A public key associated with the party other than the owner of the file is obtained and the file encryption key encrypted with the public key of the party other than the owner of the file to provide a public key encrypted file encryption key”); and retrieve an attribute-based encryption user key from a key store of the computer system to form the retrieved attribute-based encryption user key using the user key identifier read within the embedded user key identifier field of the protected resource access request, wherein the user key identifier uniquely identifies the attribute-based encryption user key in the key store (In Col 5, Lines 28-30, Matyas discloses “The encrypted key may be stored in a header associated with the file and maintained on a server for access by a user…. Additional embodiments of the present invention provide for storing, updating, retrieving and managing keys associated with users which have access to the file.” And in Col 11, Lines 16-21, Matyas further discloses “Turning to FIG. 9, operations for data retrieval by a trusted third party are illustrated. When the trusted third party wants to retrieve and recover a file (fid) associated with a userid id, the trusted third party requests access to a named file (corresponding to a fid) stored on the file server belonging to the file owner whose userid is id by providing”).
Regarding Claim 11, Matyas discloses:
The computer system of claim 10, wherein a client resource application of the client device embeds the embedded authentication code field and the embedded user key identifier field in the protected resource access request in addition to the set of header fields (In Col 7, Lines 45-48, Matyas discloses “A message authentication code (MAC) 408 may also be included within the file header 402 to verify the authenticity of the file after decryption.” And in Col 7, Lines 33-35, Matyas further discloses “the file header may contain the tuple (id, fid) 404 where id is a user identification of an owner of the file and fid is a file identification associated with the file.”), and wherein the client resource application inserts the authentication code in the embedded authentication code field and the user key identifier in the embedded user key identifier field prior to sending the protected resource access request to the computer system (In Col 11, Lines 50-53, Matyas discloses “The personal key client extracts the encrypted value (block 662), such as Enc.sub.k(ke, ki, Hash(ke, ki)), from the file header and decrypts this value with k to recover the encrypted values (block 664), such as ke, ki and Hash(ke, ki).”),, and wherein the client resource application utilizes the encrypted protected resource after successful decryption by the computer system (In Col 14, Lines 30-34, Matyas discloses “If the replacement of file headers was successful (block 810), the file server sends a response message to the personal key client indicating that the file headers have been replaced in the file server's database (block 812).”).
Regarding Claim 12, Matyas discloses:
The computer system of claim 8, wherein the protected resource access request is requesting access to the encrypted protected resource that is hosted by the computer system (In Col 7, Lines 7-9,, Matyas discloses “As is further seen in FIG. 3, for client processing systems, the application program(s) 10 preferably includes a personal key client 12.”).
Regarding Claim 13, Matyas discloses:
The computer system of claim 8, wherein the retrieved attribute-based encryption user key corresponds to the resource user  (In Col 1, Lines 52-56, Matyas discloses “Embodiments of the present invention include methods, systems and computer program products which provide for controlling access to digital data in a file by obtaining a passphrase from a user and generating a personal key”).
Regarding Claim 14, Matyas discloses:
A computer program product for resource user authentication and authorization, the computer program product comprising a computer readable storage medium having program instructions embodied therewith, the program instructions executable by a computer to cause the computer to perform a method of (In Col. 1, Lines 53-55, Matyas discloses “Embodiments of the present invention include methods, systems and computer program products which provide for controlling access to digital data in a file”): Docket No. P202003235US01 Page 37 of 41generating, by the computer, an authentication code based on using a retrieved attribute-based encryption user key as a secret key for a keyed-hash message authentication code digital signature over a set of header fields of a protected resource access request received from a client device of a resource user via a network (In Col. 3, Lines 22-32, Matyas discloses “In further embodiments, an integrity key may be generated and a message authentication code generated based on digital data of the file utilizing the integrity key…. The file encryption key and the integrity key are encrypted with the public key to provide encrypted file encryption keys and a file header containing the encrypted file encryption keys and the message authentication code created.”);  comparing, by the computer, the generated authentication code with an authentication code read within an embedded header field of the protected resource access request; determining, by the computer, whether a match exists between the generated authentication code and the authentication code read within the embedded header field (In Col 2, Lines 56-61, Matyas discloses “The recovered integrity key is hashed with the decrypted file to provide a recovered message authentication code which is compared with a message authentication code from the file header to confirm that the decrypted file corresponds to the file which generated the message authentication code from the file header.”); responsive to the computer determining that a match does exist between the generated authentication code and the authentication code read within the embedded header field, authenticating, by the computer, the resource user (In Col 11, Lines 29-35, Matyas discloses “Turning to FIG. 8, when the file server receives the request to access the encrypted file (block 690), the file server first verifies that a directory entry exists for the tuple (id, fid) received in the "access encrypted file" request (block 692). If so, the file server responds by sending the encrypted file, Enc.sub.ke(file)), and its associated file header to the personal key client (block 696).”); and performing, by the computer, decryption of an encrypted protected resource corresponding to the protected resource access request using the retrieved attribute-based encryption user key corresponding to the resource user in response to authentication of the resource user (In Col 3, Lines 2-6, Matyas discloses “The hash value and the recovered verification value may be compared and the file decrypted with the recovered file encryption key if the comparison of the hash value and the recovered verification value indicates that the values are equal”).
Regarding Claim 15, Matyas discloses:
The computer program product of claim 14 further comprising: determining, by the computer, whether the decryption of the encrypted protected resource was successful to form a decrypted protected resource using the retrieved attribute-based encryption user key; responsive to the computer determining that the decryption of the encrypted protected resource was successful to form a decrypted protected resource using the retrieved attribute-based encryption user key, determining, by the computer, that the resource user is authorized to access the decrypted protected resource and granting access (In Col 11, Lines 29-35, Matyas discloses “Turning to FIG. 8, when the file server receives the request to access the encrypted file (block 690), the file server first verifies that a directory entry exists for the tuple (id, fid) received in the "access encrypted file" request (block 692). If so, the file server responds by sending the encrypted file, Enc.sub.ke(file)), and its associated file header to the personal key client (block 696).”); and responsive to the computer determining that the decryption of the encrypted protected resource was unsuccessful using the retrieved attribute-based encryption user key, determining, by the computer, that the resource user is not authorized to access the encrypted protected resource and denying access (In Col 14, Lines 34-40, Matyas discloses “If the replacement is not successful, the file server may respond by rejecting the request and sending a "rejected" response to the personal key client (block 814)” and in ¶ 61, Matyas further discloses “If the hash values are not equal (block 714), then an error has occurred and this error may, optionally, be reported to the user (block 726) and operations may terminate.”).
Regarding Claim 16, Matyas discloses:
The computer program product of claim 14 further comprising: receiving, by the computer, the protected resource access request including the set of header fields, an embedded authentication code field that contains the authentication code, and an embedded user key identifier field that contains a user key identifier from the client device corresponding to the resource user via the network (In Col 3, Lines 25-29, Matyas discloses “The file encryption key and the integrity key are encrypted with the public key to provide encrypted file encryption keys and a file header containing the encrypted file encryption keys and the message authentication code created”); reading, by the computer, the embedded authentication code field that contains the authentication code and the embedded user key identifier field that contains the user key identifier in the protected resource access request (In Col 3, Lines 9-13, Matyas discloses “A public key associated with the party other than the owner of the file is obtained and the file encryption key encrypted with the public key of the party other than the owner of the file to provide a public key encrypted file encryption key”); and retrieving, by the computer, an attribute-based encryption user key from a key store of the computer to form the retrieved attribute-based encryption user key using the user key identifier read within the embedded user key identifier field of the protected resource access request, wherein the user key identifier uniquely identifies the attribute- based encryption user key in the key store (In Col 5, Lines 28-30, Matyas discloses “The encrypted key may be stored in a header associated with the file and maintained on a server for access by a user…. Additional embodiments of the present invention provide for storing, updating, retrieving and managing keys associated with users which have access to the file.” And in Col 11, Lines 16-21, Matyas further discloses “Turning to FIG. 9, operations for data retrieval by a trusted third party are illustrated. When the trusted third party wants to retrieve and recover a file (fid) associated with a userid id, the trusted third party requests access to a named file (corresponding to a fid) stored on the file server belonging to the file owner whose userid is id by providing”).
Regarding Claim 17, Matyas discloses:
The computer program product of claim 16, wherein a client resource application of the client device embeds the embedded authentication code field and the embedded user key identifier field in the protected resource access request in addition to the set of header fields (In Col 7, Lines 45-48, Matyas discloses “A message authentication code (MAC) 408 may also be included within the file header 402 to verify the authenticity of the file after decryption.” And in Col 7, Lines 33-35, Matyas further discloses “the file header may contain the tuple (id, fid) 404 where id is a user identification of an owner of the file and fid is a file identification associated with the file.”),  and wherein the client resource application inserts the authentication code in the embedded authentication code field and the user key identifier in the embedded user key identifier field prior to sending the protected resource access request to the computer (In Col 11, Lines 50-53, Matyas discloses “The personal key client extracts the encrypted value (block 662), such as Enc.sub.k(ke, ki, Hash(ke, ki)), from the file header and decrypts this value with k to recover the encrypted values (block 664), such as ke, ki and Hash(ke, ki).”), and wherein the client resource application utilizes the encrypted protected resource after successful decryption by the computer (In Col 14, Lines 30-34, Matyas discloses “If the replacement of file headers was successful (block 810), the file server sends a response message to the personal key client indicating that the file headers have been replaced in the file server's database (block 812).”).
Regarding Claim 18, Matyas discloses:
The computer program product of claim 14, wherein the protected resource access request is requesting access to the encrypted protected resource that is hosted by the computer (In Col 7, Lines 7-9, Matyas discloses “As is further seen in FIG. 3, for client processing systems, the application program(s) 10 preferably includes a personal key client 12.”).
Regarding Claim 19, Matyas discloses:
The computer program product of claim 14, wherein the retrieved attribute-based encryption user key corresponds to the resource user  (In Col 1, Lines 52-56, Matyas discloses “Embodiments of the present invention include methods, systems and computer program products which provide for controlling access to digital data in a file by obtaining a passphrase from a user and generating a personal key”).
Regarding Claim 20, Matyas discloses:
The computer program product of claim 14 further comprising: responsive to the computer determining that a match does not exist between the generated authentication code and the authentication code read within the embedded header field, determining, by the computer, that the resource user is not authenticated and denying access to the encrypted protected resource by the resource user (In Col 14, Lines 34-36, Matyas discloses “If the replacement is not successful, the file server may respond by rejecting the request and sending a "rejected" response to the personal key client (block 814)” and in Col 12, Lines 57-59, Matyas further discloses “If the hash values are not equal (block 714), then an error has occurred and this error may, optionally, be reported to the user (block 726) and operations may terminate.”).
Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. 
Sugarev (US 2022/0150066) discloses a method for authenticating a client using security tokens comparing message authentication codes. 
Chen et al. (US 2018/0123785) discloses a method for message authentication using identifiers and a hashed message authentication code distributed over a message header. 
THIS ACTION IS MADE FINAL.  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to SHADI H KOBROSLI whose telephone number is (571)272-1952. The examiner can normally be reached M-F 9am-5pm ET.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Saleh Najjar can be reached on 571-272-4006. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.



/SHADI H KOBROSLI/Examiner, Art Unit 2492                                                                                                                                                                                                        /SALEH NAJJAR/Supervisory Patent Examiner, Art Unit 2492