Notice of Pre-AIA  or AIA  Status
1.	The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .


Response to Arguments
2.	Applicant's arguments filed 10/05/2022 with respect to the 35 U.S.C. § 103 rejection of claims 1-20 as being unpatentable over Rudzitis, et al. (U.S. Patent No. 10,116,440, herein "Rudzitis") in view of Nimura, et al. (U.S. Publication No. 2010/0232607, herein "Nimura"), and further in view of Korkishko, et al. (U.S. Publication No. 2015/0046712, herein "Korkishko"), and further in view of Ruane, et al. (U.S. Publication No. 2021/0143990, herein "Ruane") have been fully considered However, upon further consideration, a new ground(s) of rejection is made in view of amended claims.

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

The factual inquiries for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.
3.	Claims 1-20 are rejected under 35 U.S.C. 103 as being unpatentable over U.S. Patent No. 10116440 hereinafter Rudzitis in view of U.S. Publication No. 20100232607 hereinafter Nimura, and further in view of U.S. Publication No. 20150046712 hereinafter Korkishko, and further in view of U.S. Publication No. 20210143990 hereinafter Ruane, and further in view of U.S. Publication No. 20150074408 hereinafter Oberheide.

As per claim 1, Rudzitis discloses:
A computer-implemented method (Col. 2 Lines 10-13 “This disclosure relates to enabling customers of a cryptographic key management service to import cryptographic keys that can be used to encrypt data and to decrypt data that is protected using these imported cryptographic keys.”)
comprising:
obtaining, using a processor, a cryptographic key to restrict access to
a resource (Fig. 1, Col. 2 lines 10-17 and Col. 4 Lines 44-66 “If the customer has provided the master key metadata 106 for a customer master key to the cryptographic key management service 104, the customer may submit a request to the cryptographic key management service 104 to import a customer cryptographic key 110 into the customer master key. The request may specify the cryptographic algorithm used for the customer cryptographic key 110, such as the Advanced Encryption Standard (AES) or any of the Secure Hash Algorithm (SHA) cryptographic algorithms (e.g., SHA-1, SHA-2, SHA-S, etc.). Additionally, the customer may specify the key size for the customer cryptographic key 110 (e.g., 128-bit, 256-bit, etc.) subject to the selected cryptographic algorithm. In response to the customer request to import the customer cryptographic key 110, the cryptographic key management service 104 may generate a cryptographic key pair using one or more public cryptographic key cryptosystems, such as a Rivest-Shamir-Adleman (RSA) algorithm. In some embodiments, the customer can specify the one or more public cryptographic key cryptosystems (e.g., RSA, elliptic curve algorithms, Diffie-Hellman algorithms,
etc.) that the cryptographic key management service 104 can use to generate the cryptographic key pair.”),
the cryptographic key being defined by a key token (Col. 4 Lines 13-34
“In an embodiment, the request to import a customer cryptographic key 110 includes master key metadata 106 for a customer master key. The customer master key is a logical construct that may be used to protect any cryptographic keys associated with the customer master key. The customer master key may initially have no associated cryptographic key and may not be used for any operations if a customer cryptographic key 110 has not been imported and an encrypted key token created based at least in part on the customer cryptographic key 110. The master key metadata 106 for the customer master key may specify an alias for the customer master key, any access control policies or grants for the customer master key, and the like. For instance, the master key metadata 106 may specify one or more grants that can be used to regulate access to the customer cryptographic keys imported to the cryptographic key management service 104. A grant may specify an entity that is the principal of the grant, such as an identifier of a user, a group of users, a role that may be assumed by users, and the like that may have permission to utilize a customer cryptographic key
110. The grant may further specify identifiers for principals that may have permission to retire the grant.” “Col. 5 Lines 8-18 “The cryptographic key management service 104 may serialize the private cryptographic key of the newly generated cryptographic key pair with an expiration date based at least in part on the validity period for the cryptographic key pair. If the private
cryptographic key is serialized with the expiration date successfully, the cryptographic key management service 104 may utilize a domain cryptographic key to encrypt the serialized private cryptographic key, resulting in an import key token for the customer cryptographic key 110 that is to be imported to the cryptographic key management service 104.”):
designating, using the processor, a storage field in metadata of the key
token, in metadata of a cryptographic key data set record that includes the key token, or in a resource access control database that controls use of the cryptographic key for inclusion of an indicator that the cryptographic key (Col. 6 Lines 33-55 “The cryptographic key management service 104 may utilize the customer cryptographic key 110 to produce an encrypted key token that may be associated with the customer master key. For instance, the cryptographic key management service 104 may set the expiration date for the customer cryptographic key 110 based at least in part on the expiration date provided by the customer in its request to import a cryptographic key. The cryptographic key management service 104 may use the domain cryptographic key to encrypt the customer cryptographic key 110 to produce the encrypted key token. This encrypted key token may be persisted in a token datastore of the cryptographic key management service 104 for use in response to requests to perform cryptographic operations using the customer cryptographic key 110. The expiration date for the customer cryptographic key 110 may be stored within the metadata for the customer master key. Thus, the cryptographic key management service 104 may associate the customer master key with the imported customer
cryptographic key 110. The cryptographic key management service 104 may transmit a notification to the customer indicating that the association between the customer cryptographic key and the customer master key has been made.”) 

Rudzitis does not disclose:
cryptographic key being deletable or modifiable
indicator that the cryptographic key cannot be deleted or modified setting, using a processor, the indicator in the designated storage field to indicate the cryptographic key cannot be deleted or modified
safeguarding the cryptographic key from subsequent modification or deletion by setting, using the processor, the indicator in the designated storage field, indicating the cryptographic key as a safeguarded key that cannot be deleted or modified, wherein an attempt to delete or modify the safeguarded key by an application program interface will fail 

Nimura discloses:
setting, using a processor, the indicator in the designated storage field to indicating the cryptographic key (para 0012 “According to an aspect of the invention, an information processing device includes a content storage unit store encrypted content, a key storage unit store a key for decrypting the encrypted content stored in the content storage unit, a content processing unit decrypt the encrypted content stored in the content storage unit using the key stored in the key storage unit, a table storage unit store a deletion table storing information
indicating whether or not the key stored in the key storage unit is to be deleted when a transition from an operating state to one of other states is made, the information corresponding to the other states, and a key deletion unit configured to, when the transition from the operating state to one of the other states is made, check the information in the deletion table corresponding to the one of the other states and delete the key when the information indicates that the key is to be deleted.” Para 0050 “The table in FIG. 2 also stores flags indicating whether the key in the storage unit 140 is to be deleted ("1") or not ("0") when the PC 10 is entering from the operating state SO to the standby state S3, the hibernation state S4, the power-off state S5, or the "Reboot" state, so as to correspond to these states.”)
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the enabling customers of a cryptographic key management service to import cryptographic keys of Rudzitis to include setting, using a processor, the indicator in the designated storage field to indicate whether or not the cryptographic key may be deleted or modified, as taught by Nimura.
The motivation would have been to properly indicate whether a key can be used or deleted.

Rudzitis in view of Nimura does not disclose: 
cryptographic key being deletable or modifiable
indicator that the cryptographic key cannot be deleted or modified setting, using a processor, the indicator in the designated storage field to indicate the cryptographic key cannot be deleted or modified
safeguarding the cryptographic key from subsequent modification or deletion by indicating the cryptographic key as a safeguarded key that cannot be deleted or modified, wherein an attempt to delete or modify the safeguarded key by an application program interface will fail

Korkishko discloses:
indicator that the cryptographic key cannot be deleted or modified setting, using a processor, the indicator in the designated storage field to indicate the cryptographic key cannot be deleted or modified (para 0056 “When the temporary encryption key is selected by the trusted App 43_1, the temporary encryption key is set as a key for encrypting the data of the protection module 45. When the permanent encryption key 47 is selected by the trusted App 43_1, the protection module 45 sets the key for encrypting the data as a permanent encryption key.”)
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the enabling customers of a cryptographic key management service to import cryptographic keys of Rudzitis in view of Nimura to include setting, using a processor, the indicator in the designated storage field to indicate the cryptographic key cannot be deleted or modified, as taught by Korkishko.
The motivation would have been to indicate that a key is be used for permanent encryption. 

Rudzitis in view of Nimura does not disclose:
cryptographic key being deletable or modifiable
safeguarding the cryptographic key from subsequent modification or deletion by setting, using the processor, the indicator in the designated storage field, indicating the cryptographic key as a safeguarded key that cannot be deleted or modified, wherein an attempt to delete or modify the safeguarded key by an application program interface will fail

Ruane discloses:
cryptographic key being deletable or modifiable (para 0012 “In some situations, it may be desired to change the public key used by the memory sub- system. That is, it may be desired to have the memory sub-system use a new public key to encrypt and/or verify sensitive information rather than the root public key. For example, it may be desirable to have the memory sub-system utilize a new public key that corresponds to a new private key stored by a portable HSM (e.g., included in a laptop) rather than the HSM of the secure server.” Para 0014 “To cause the memory sub-system controller to accept and use the new public key in cryptographic operations, the user of the host system must have the challenge signed by both the root private key and a new private key corresponding to the new public key and provide the two digital signatures to the memory subsystem. These two digital signatures prove that the OEM approves of the new key delegation to the memory sub-system and that the user has possession of the new private key.”)
safeguarding the cryptographic key from subsequent modification or deletion by setting, using the processor, the indicator in the designated storage field, indicating the cryptographic key as a safeguarded key that cannot be deleted or modified, wherein an attempt to delete or modify the safeguarded key will fail (para 0054 “As shown in FIG. 5, the method 400 can, in some embodiments, include operations 450 and 455. Consistent with these examples, the processing device stores the new public key in a volatile memory component at operation 440. At operation 450, the processing device receives a command to make the new public key permanent. The command can be received from the host system 120 via a host system interface. Based on receiving the command, the processing device stores the new public key in a non-volatile memory component such that the new public key is maintained upon system reboot, in operation 455. As an example, the processing device can store the new public key in the key store 109.”)
	an application program interface (para 0029 and 0039, Applicant’s specification on paragraph on 0014 discloses the API provides will issue a failure to the request. The API itself does not attempt to delete the key but a user operating the API would is attempting to delete the key will receive a failure from the API.)
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the enabling customers of a cryptographic key management service to import cryptographic keys of Rudzitis in view of Nimura and Korkishko to include safeguarding the cryptographic key from subsequent modification or deletion by setting, using the processor, the indicator in the designated storage field, indicating the cryptographic key as a safeguarded key that cannot be deleted or modified, wherein an attempt to delete or modify the safeguarded key will fail , as taught by Ruane. 
The motivation would have been to indicate that a key is be used for permanent encryption. 

Rudzitis in view of Nimura and Korkishko does not disclose:
wherein an attempt to delete or modify the safeguarded key by an application program interface will fail

Oberheide discloses:
wherein an attempt to delete or modify the safeguarded key by an application program interface will fail (para 0019 “In one variation, the policy engine includes a time expiration monitor that deletes, removes, or otherwise prevents access to a public key after a time expiration window has expired for a particular public key. For example, a public key may only be valid for 24 hours after creation. In another variation, the policy engine is integrated with a key request engine (or at least the API service provided to outside services 140. The policy can regulate access to a public key based on the access conditions. The policy engine can restrict the number of access attempts, authenticate access (with user provided credentials or outside service credentials), machine address restrictions, geographic meta data restrictions, time of day restrictions on access, and/or any suitable policy related to the conditions relating to key requests.”)
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the enabling customers of a cryptographic key management service to import cryptographic keys of Rudzitis in view of Nimura and Korkishko to include wherein an attempt to delete or modify the safeguarded key by an application program interface will fail, as taught by Oberheide. 
The motivation would have been to control access to key data. 

As per claim 2, Rudzitis in view of Nimura, Korkishko, Ruane and Oberheide discloses: 
The computer-implemented method according to claim 1, further comprising storing the cryptographic key data set record in a cryptographic key data set (Rudzitis Col. 5 Lines 40-59). 

As per claim 3, Rudzitis in view of Nimura, Korkishko, Ruane and Oberheide discloses: 
The computer-implemented method according to claim 2, wherein the designating the storage field includes the storage field being in the metadata of the key token which is part of the cryptographic key data set record (Rudzitis Col. 4 Lines 13-34 and Col. 8 Line 29-39). 

As per claim 4, Rudzitis in view of Nimura, Korkishko, Ruane and Oberheide discloses: 
The computer-implemented method according to claim 1, wherein the designating the storage field in the resource access control database includes the storage field being in a profile corresponding with the cryptographic key, the profile being one of two or more profiles in the resource access control database that correspond, respectively, with two or more of the cryptographic keys (Rudzitis Col. 8 Line 29-39 and Col. 8 Lines 40-52).
As per claim 5, Rudzitis in view of Nimura, Korkishko, Ruane and Oberheide discloses: 
The computer-implemented method according to claim 4, wherein the
setting the indicator in the designated storage field includes setting the indicator
in the designated storage field of the two or more profiles at once (Rudzitis Col. 8
Line 29-39 and Col. 8 Lines 40-52) and (Nimura para 0050, The motivation would
have been to properly indicate whether a key can be used or deleted).

As per claim 6, Rudzitis in view of Nimura, Korkishko, Ruane and Oberheide discloses: 
The computer-implemented method according to claim 1, wherein the
setting the indicator includes setting a flag to indicate whether the cryptographic
key may or may not be deleted or modified (Nimura para 0050, The motivation
would have been to properly indicate whether a key can be used or deleted).

As per claim 7, Rudzitis in view of Nimura, Korkishko, Ruane and Oberheide discloses: 
The computer-implemented method according to claim 1, wherein the
generating the cryptographic key to restrict access to the resource includes
generating the cryptographic key to restrict access to a program or to data
(Rudzitis Col. 2 lines 10-17).

As per claim 8, the implementation of the computer-implemented method of claim 1 will execute the system of claim 9. The claim is analyzed with respect to claim 1. 

As per claim 9, the claim is analyzed with respect to claim 2. 

As per claim 10, the claim is analyzed with respect to claim 3. 

As per claim 11, the claim is analyzed with respect to claim 4. 

As per claim 12, the claim is analyzed with respect to claim 5. 

As per claim 13, the claim is analyzed with respect to claim 6. 

As per claim 14, the claim is analyzed with respect to claim 7. 

As per claim 15, the implementation of the computer-implemented method of claim 1 will execute the computer program product comprising a computer readable storage medium (Nimura paragraph 0092) of claim 15. The claim is analyzed with respect to claim 1. 

As per claim 16, the claim is analyzed with respect to claim 2.

As per claim 17, the claim is analyzed with respect to claim 3.

As per claim 18, the claim is analyzed with respect to claim 4.

As per claim 19, the claim is analyzed with respect to claim 5.

As per claim 20, the claim is analyzed with respect to claim 6.


Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to GARY S GRACIA whose telephone number is (571)270-5192. The examiner can normally be reached Monday-Friday 9am-6pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Ashok Patel can be reached on 5712723972. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/GARY S GRACIA/Primary Examiner, Art Unit 2499