DETAILED ACTION
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
The present application, filed on February 17, 2021, is accepted.
Claims 1 – 20 are being considered on the merits.

Drawings
The present application, filed on February 17, 2021, is accepted.

Specification
The present application, filed on February 17, 2021, is accepted.

Claim Objections
Claim 18 objected to because of the following informalities:  claim 18 has spelling error “storge”. For the purpose of examination, “storge” is interpreted as “storage”.  Appropriate correction is required.

Claim Rejections - 35 USC § 101
35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.



Claims 15 – 20 are rejected under 35 U.S.C. 101 because These claims are directed towards computer-readable storage medium which is not limited to falling under the statutory classes of invention set forth. These claims in using the term “computer-readable medium” in accordance with paragraph 35 in Applicants’ Specification, allow for the computer-readable storage medium to be signals. Based on current USPTO Policy, when the computer readable medium is not specifically defined as excluding signals i.e. non-transitory in the Specification the broadest reasonable interpretation is used according to MPEP 2111, thus the computer readable medium may embody signals, i.e. transitory media. The Examiner notes that paragraph 35 does not define the “computer-readable medium” as excluding signals for example non-transitory and tangible does not exclude transitory medium. Accordingly, the Examiner suggests that Applicants amend the claims to add a limitation to direct the language of the ‘computer- readable storage medium’ claims to only include the non-transitory embodiment which would remove the possibility of claiming signals.

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1 – 2, 6 – 9, 15 – 16, and 19 are rejected under 35 U.S.C. 103 as being unpatentable over US 20160127125 A1 to Yagisawa in view of “Improving Speed and Security in Updatable Encryption Schemes” to Boneh et al., (hereinafter, “Boneh”).
Regarding claim 1, Yagisawa teaches a method comprising: receiving, in a data storage device, a request from a client computer for a portion of ciphertext stored in the data storage device; [Yagisawa, para. 3 discloses  a method performed under control of a first device may include receiving, from a second device, a request to process a plaintext; downloading, from a server, a system parameter and a first ciphertext that corresponds to the plaintext, based at least in part on the received request; generating a second ciphertext by calculating the first ciphertext, based at least in part on the received request;] providing, by a controller of the data storage device, the portion of the ciphertext to the client computer; [Yagisawa, para. 3 discloses transmitting, to the second device, the generated second ciphertext.], but Yagisawa does not teach receiving, in the data storage device, an update token generated by the client computer from the portion of the ciphertext; and performing, by the controller of the data storage device, re-encryption of the ciphertext using the update token.  
However, Boneh does teach receiving, in the data storage device, an update token generated by the client computer from the portion of the ciphertext; [Boneh, page 560 lines 14 – 15 discloses the client can send the old and the new key to the cloud, and have the cloud re-encrypt in place, but this gives the cloud full access to the data in the clear. Page 560 lines 27 – 29 discloses If the client’s data is encrypted using an updatable encryption scheme, then the client can use the re-key generation algorithm ReKeyGen to generate a short update token Δ to send the cloud.] and performing, by the controller of the data storage device, re-encryption of the ciphertext using the update token. [Boneh, page 560 lines 14 – 15 discloses the client can send the old and the new key to the cloud, and have the cloud re-encrypt in place, but this gives the cloud full access to the data in the clear. Page 560 lines 27 – 29 discloses The cloud then runs the re-encryption algorithm ReEncrypt to update all the client’s ciphertexts. As before, the cloud must be trusted to discard the old ciphertexts.]
Therefore, it would have obvious to one of ordinary skill within the art before the effective filling date to combine Boneh’s system with Yagisawa’s system, with a motivation for an updatable encryption scheme that is a symmetric-key encryption scheme designed to support efficient key rotation in the cloud. The data owner sends a short update token to the cloud. This update token lets the cloud rotate the ciphertext from the old key to the new key, without learning any information about the plaintext. [Boneh, Abstract, lines 8 – 12]

Regarding claim 2, modified Yagisawa teaches the method of claim 1, but Yagisawa does not teach wherein the ciphertext comprises a ciphertext header and a ciphertext body, and the portion of the ciphertext provided to the client computer is the ciphertext header.
However, Boneh does teach wherein the ciphertext comprises a ciphertext header and a ciphertext body, and the portion of the ciphertext provided to the client computer is the ciphertext header. [Boneh, page 567 lines 17 – 20 discloses for ciphertext-dependent updatable encryption schemes, it is useful to denote ciphertexts as consisting of two parts: a short ciphertext header ctˆ , which the client can download to generate its update token, and a ciphertext body ct that encrypts the actual plaintext.] 
Therefore, it would have obvious to one of ordinary skill within the art before the effective filling date to combine Boneh’s system with Yagisawa’s system, with a motivation for an updatable encryption scheme that is a symmetric-key encryption scheme designed to support efficient key rotation in the cloud. The data owner sends a short update token to the cloud. This update token lets the cloud rotate the ciphertext from the old key to the new key, without learning any information about the plaintext. [Boneh, Abstract, lines 8 – 12]

Regarding claim 6, modified Yagisawa teaches the method of claim 1, but Yagisawa does not teach wherein the performing, by the controller of the data storage device, re-encryption of the ciphertext using the update token comprises re-encrypting the ciphertext header and the ciphertext body.
However, Boneh does teach wherein the performing, by the controller of the data storage device, re-encryption of the ciphertext using the update token comprises re-encrypting the ciphertext header and the ciphertext body. [Boneh, page 560 lines 14 – 15 discloses the client can send the old and the new key to the cloud, and have the cloud re-encrypt in place, but this gives the cloud full access to the data in the clear. Page 560 lines 27 – 29 discloses The cloud then runs the re-encryption algorithm ReEncrypt to update all the client’s ciphertexts. As before, the cloud must be trusted to discard the old ciphertexts.]
Therefore, it would have obvious to one of ordinary skill within the art before the effective filling date to combine Boneh’s system with Yagisawa’s system, with a motivation for an updatable encryption scheme that is a symmetric-key encryption scheme designed to support efficient key rotation in the cloud. The data owner sends a short update token to the cloud. This update token lets the cloud rotate the ciphertext from the old key to the new key, without learning any information about the plaintext. [Boneh, Abstract, lines 8 – 12]

Regarding claim 7, modified Yagisawa teaches the method of claim 2, but Yagisawa does not teach further comprising, in response to providing the client computer with the ciphertext header, receiving new ciphertext encrypted with information in the ciphertext header.  
However, Boneh does teach further comprising, in response to providing the client computer with the ciphertext header, receiving new ciphertext encrypted with information in the ciphertext header. [Boneh, page 574 lines 22 – 25 discloses The client downloads the ciphertext header ctˆ to recover the body key kae. It then generates fresh header and body keys ˆk’ and k’ae, and sends a new ciphertext header ctˆ ← AE.Encrypt( ˆk’ , ( k’ae, kae)) along with k ae to the server.]
Therefore, it would have obvious to one of ordinary skill within the art before the effective filling date to combine Boneh’s system with Yagisawa’s system, with a motivation for an updatable encryption scheme that is a symmetric-key encryption scheme designed to support efficient key rotation in the cloud. The data owner sends a short update token to the cloud. This update token lets the cloud rotate the ciphertext from the old key to the new key, without learning any information about the plaintext. [Boneh, Abstract, lines 8 – 12]

Regarding claim 8, modified Yagisawa teaches the method of claim 1, but Yagisawa does not teach wherein the ciphertext comprises a plurality of ciphertext headers and a plurality ciphertext bodies, and the portion of the ciphertext provided to the client computer is the plurality of ciphertext headers.
However, Boneh does teach wherein the ciphertext comprises a plurality of ciphertext headers and a plurality ciphertext bodies, and the portion of the ciphertext provided to the client computer is the plurality of ciphertext headers. [Boneh, page 567 lines 17 – 20 discloses for ciphertext-dependent updatable encryption schemes, it is useful to denote ciphertexts as consisting of two parts: a short ciphertext header ctˆ , which the client can download to generate its update token, and a ciphertext body ct that encrypts the actual plaintext.] 
Therefore, it would have obvious to one of ordinary skill within the art before the effective filling date to combine Boneh’s system with Yagisawa’s system, with a motivation for an updatable encryption scheme that is a symmetric-key encryption scheme designed to support efficient key rotation in the cloud. The data owner sends a short update token to the cloud. This update token lets the cloud rotate the ciphertext from the old key to the new key, without learning any information about the plaintext. [Boneh, Abstract, lines 8 – 12]

Regarding claim 9, modified Yagisawa teaches the method of claim 1, but Yagisawa does not teach wherein the performing, by the controller of the data storage device, the re-encryption of the ciphertext using the update token is carried out when the client computer is offline.
However, Boneh does teach wherein the performing, by the controller of the data storage device, the re-encryption of the ciphertext using the update token is carried out [when the client computer is offline.] [Boneh, page 574 lines 36 – 40 discloses to prove security, we must introduce an additional step during a ciphertext update. Namely, instead of setting the new ciphertext body as the encryption of the old ciphertext header and body ct ← AE.Encrypt (k’ae,(ctˆ , ct)), the server replaces ctˆ with a new ciphertext header ctˆ history that the client provides to the server encrypted under a new key ˆkhistory.] 
Therefore, it would have obvious to one of ordinary skill within the art before the effective filling date to combine Boneh’s system with Yagisawa’s system, with a motivation for an updatable encryption scheme that is a symmetric-key encryption scheme designed to support efficient key rotation in the cloud. The data owner sends a short update token to the cloud. This update token lets the cloud rotate the ciphertext from the old key to the new key, without learning any information about the plaintext. [Boneh, Abstract, lines 8 – 12]

Regarding claim 15 – 16, they recite features similar to feature within claims 1 – 2, therefore, they are rejected in a similar manner.

Regarding claim 19, it recites features similar to features within claim 6, therefore, it is rejected in a similar manner.

Claims 3, 5, and 17 – 18 are rejected under 35 U.S.C. 103 as being unpatentable over US 20160127125 A1 to Yagisawa in view of “Improving Speed and Security in Updatable Encryption Schemes” to Boneh et al., (hereinafter, “Boneh”) in further view of US 20060117013 A1 to Wada.
Regarding claim 3, modified Yagisawa teaches the method of claim 2, but Yagisawa does not teach further comprising: storing the ciphertext header in a first memory of the data storage device; and storing the ciphertext body in a second memory of the data storage device, the second memory having a slower access speed than the first memory.
However, Wada does teach further comprising: storing the ciphertext header in a first memory of the data storage device; [Wada, para. 69 discloses the ordinary memory region 22 includes an application folder 31 and a user folder (data region) 32 that can be used by a user without any restriction. Further, the application folder 31 includes a management folder (contents region) 33 for storing a general management file 34 and an entire contents management file 35, contents folders (contents region) 36 for managing a plurality of contents as a unit and a user folder (data region) 37 that can be freely used by the user.] and storing the ciphertext body in a second memory of the data storage device, the second memory having a slower access speed than the first memory. [Wada, para. 69 discloses the ordinary memory region 22 includes an application folder 31 and a user folder (data region) 32 that can be used by a user without any restriction. A management file 37 and an encrypted contents 38 are stored in the contents folder 36, and a plaintext right information file 39 is stored in the user folders 32 and 37. Para. 96 discloses The foregoing display process eliminates the need to carry out the mutual authentication for accessing the authenticated memory region 23 and decode the encrypted right information per contents in comparison to the conventional manner of displaying the right information so that the user can be fast notified of the right information. When the plaintext right information file 39 is once generated and stored in the ordinary memory region 22, the memory card 11 can be used for, other than the mobile telephone 12, the television 13, DVD recorder 14, digital camera 15, moving image viewer 16 and any other contents processing device. As a result, the user can confirm the right information in a speedy manner.]
Therefore, it would have obvious to one of ordinary skill within the art before the effective filling date to combine Wada’s system with modified Yagisawa’s system, with a motivation to obtain a plaintext right information without obtaining a mutual authentication relative to a storage medium, reading an encrypted right information from an authenticated memory region and decoding the encrypted right information every time when the right information of contents is displayed and notify a user of the right information of the contents in a speedy manner. [Wada, para. 7]

Regarding claim 5, modified Yagisawa teaches the method of claim 2, but Yagisawa does not teach further comprising storing the ciphertext header and the ciphertext body in a same memory type of the data storage device.  
However, Wada does teach further comprising storing the ciphertext header and the ciphertext body in a same memory type of the data storage device. [Wada, para. 69 discloses the ordinary memory region 22 includes an application folder 31 and a user folder (data region) 32 that can be used by a user without any restriction. Further, the application folder 31 includes a management folder (contents region) 33 for storing a general management file 34 and an entire contents management file 35, contents folders (contents region) 36 for managing a plurality of contents as a unit and a user folder (data region) 37 that can be freely used by the user. A management file 37 and an encrypted contents 38 are stored in the contents folder 36, and a plaintext right information file 39 is stored in the user folders 32 and 37. (Examiner noted that fig. 7 shows the embodiments and visually the memory region is shown with user folder and contents folder within the application folder)] 
Therefore, it would have obvious to one of ordinary skill within the art before the effective filling date to combine Wada’s system with modified Yagisawa’s system, with a motivation to obtain a plaintext right information without obtaining a mutual authentication relative to a storage medium, reading an encrypted right information from an authenticated memory region and decoding the encrypted right information every time when the right information of contents is displayed and notify a user of the right information of the contents in a speedy manner. [Wada, para. 7]

Regarding claim 17, it recites features similar to features within claim 3, therefore, it is rejected in a similar manner.

Regarding claim 18, it recites features similar to features within claim 5, therefore, it is rejected in a similar manner.

Claims 10 – 12 are rejected under 35 U.S.C. 103 as being unpatentable over US 20060117013 A1 to Wada in view of “Improving Speed and Security in Updatable Encryption Schemes” to Boneh et al., (hereinafter, “Boneh”).
Regarding claim 10, Wada teaches a data storage device comprising: at least one memory; a controller communicatively coupled to the at least one memory, the controller configured to carry out encryption-related operations when new data is to be written in the data storage device, [Wada, para. 64 discloses the memory card 11 comprises a control unit 21, an ordinary memory region 22 and an authenticated memory region 23. The control unit 21 controls data input/output with respect to the ordinary memory region 22 and the authenticated memory region 23 in response to requests for read and write of the data received from the mobile telephone 12.] the encryption-related operations comprising: determining whether a previously-generated ciphertext header is stored in the at least one memory; [Wada, para. 80 discloses when the encrypted key/right information management file 43 can be normally read in the Step 63, an effective encrypted key/right information in the encrypted key/right information management file 43 is checked by the control unit 24 of the mobile telephone 12. In the absence of the effective encrypted key/right information, the process is terminated. In the presence of the effective encrypted key/right information, the process advances to Step 64 so as to check the presence/absence of any unprocessed encrypted right information in the effective encrypted key/right information.] in response to determining that the previously-generated ciphertext header is stored in the at least one memory, sending the previously-generated ciphertext header to a client computer for utilization in encryption of the new data; [Wada, para. 80 discloses When the encrypted key/right information management file 43 can be normally read in the Step 63, an effective encrypted key/right information in the encrypted key/right information management file 43 is checked by the control unit 24 of the mobile telephone 12. In the absence of the effective encrypted key/right information, the process is terminated. In the presence of the effective encrypted key/right information, the process advances to Step 64 so as to check the presence/absence of any unprocessed encrypted right information in the effective encrypted key/right information.], but Wada does not teach in response to determining that no previously-generated ciphertext header is stored in the at least one memory, requesting the client computer to generate a new ciphertext header and a new ciphertext body for the new data. 
However, Boneh does teach  in response to determining that no previously-generated ciphertext header is stored in the at least one memory, requesting the client computer to generate a new ciphertext header and a new ciphertext body for the new data. [Boneh, page 574 lines 14 – 20 discloses the construction uses an authenticated encryption (AE) scheme. A key for this UAE scheme is a standard AE key ˆk, which we call the header key. The UAE encryption algorithm implements standard chained encryption. To encrypt m using ˆk, first generate a fresh body key kae and then encrypt the plaintext ct ← AE.Encrypt(kae, m). Next, the body key kae is encrypted under the header key ctˆ ← AE.Encrypt(ˆk, kae) to form the ciphertext header. Finally, output the UAE ciphertext (ctˆ, ct).]
Therefore, it would have obvious to one of ordinary skill within the art before the effective filling date to combine Boneh’s system with Wada’s system, with a motivation for an updatable encryption scheme that is a symmetric-key encryption scheme designed to support efficient key rotation in the cloud. The data owner sends a short update token to the cloud. This update token lets the cloud rotate the ciphertext from the old key to the new key, without learning any information about the plaintext. [Boneh, Abstract, lines 8 – 12]

Regarding claim 11, modified Wada teaches the data storage device of claim 10, but Wada does not teach wherein the controller is further configured to: receive the new ciphertext header and the new ciphertext body from the client computer; and store the new ciphertext header and the new ciphertext body in the at least one memory.  
Boneh does teach wherein the controller is further configured to: receive the new ciphertext header and the new ciphertext body from the client computer; and store the new ciphertext header and the new ciphertext body in the at least one memory. [Boneh, page 560 lines 27 – 31 discloses If the client’s data is encrypted using an updatable encryption scheme, then the client can use the re-key generation algorithm ReKeyGen to generate a short update token Δ to send the cloud. The cloud then runs the re-encryption algorithm ReEncrypt to update all the client’s ciphertexts. As before, the cloud must be trusted to discard the old ciphertexts.]
Therefore, it would have obvious to one of ordinary skill within the art before the effective filling date to combine Boneh’s system with Wada’s system, with a motivation for an updatable encryption scheme that is a symmetric-key encryption scheme designed to support efficient key rotation in the cloud. The data owner sends a short update token to the cloud. This update token lets the cloud rotate the ciphertext from the old key to the new key, without learning any information about the plaintext. [Boneh, Abstract, lines 8 – 12]

As per claim 12, modified Wada teach the data storage device of claim 11 and wherein the at least one memory comprises a plurality of memories, and wherein the controller is further configured to: store the new ciphertext header in a first memory of the plurality of memories; [Wada, para. 69 discloses the ordinary memory region 22 includes an application folder 31 and a user folder (data region) 32 that can be used by a user without any restriction. Further, the application folder 31 includes a management folder (contents region) 33 for storing a general management file 34 and an entire contents management file 35, contents folders (contents region) 36 for managing a plurality of contents as a unit and a user folder (data region) 37 that can be freely used by the user.] and store the new ciphertext body in a second memory of the plurality of memories, the second memory having a slower access speed than the first memory. [Wada, para. 69 discloses the ordinary memory region 22 includes an application folder 31 and a user folder (data region) 32 that can be used by a user without any restriction. A management file 37 and an encrypted contents 38 are stored in the contents folder 36, and a plaintext right information file 39 is stored in the user folders 32 and 37. Para. 96 discloses The foregoing display process eliminates the need to carry out the mutual authentication for accessing the authenticated memory region 23 and decode the encrypted right information per contents in comparison to the conventional manner of displaying the right information so that the user can be fast notified of the right information. When the plaintext right information file 39 is once generated and stored in the ordinary memory region 22, the memory card 11 can be used for, other than the mobile telephone 12, the television 13, DVD recorder 14, digital camera 15, moving image viewer 16 and any other contents processing device. As a result, the user can confirm the right information in a speedy manner.]
 
Allowable Subject Matter
Claims 4, 13 – 14, and 20 are objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims and overcome other rejections rendered above.

Conclusion
Pertinent prior art made of record however not relied upon includes:
“Key Homomorphic PRFs and Their Applications” to Boneh et al.
“A pseudorandom function F : K×X →Y is said to be key homomorphic if given F(k1, x) and F(k2, x) there is an efficient algorithm to compute F(k1 ⊕ k2, x), where ⊕ denotes a group operation on k1 and k2 such as xor. Key homomorphic PRFs are natural objects to study and have a number of interesting applications: they can simplify the process of rotating encryption keys for encrypted data stored in the cloud, they give one round distributed PRFs, and they can be the basis of a symmetric-key proxy re-encryption scheme. Until now all known constructions for key homomorphic PRFs were only proven secure in the random oracle model. We construct the first provably secure key homomorphic PRFs in the standard model. Our main construction is based on the learning with errors (LWE) problem. We also give a construction based on the decision linear assumption in groups with an -linear map. We leave as an open problem the question of constructing standard model key homomorphic PRFs from more general assumptions”
Any inquiry concerning this communication or earlier communications from the examiner should be directed to Phuc Pham whose telephone number is (571)272-8893. The examiner can normally be reached Monday - Thursday 7:30 AM - 4:30 PM; Friday 8:00 AM - 12:00 PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Kambiz Zand can be reached on (571)272-3811. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/P.P./Patent Examiner, Art Unit 2434                                                                                                                                                                                                        /KAMBIZ ZAND/Supervisory Patent Examiner, Art Unit 2434