DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Claims 19-37 are pending in this application.
Claims 19-37 were newly added as part of the preliminary amendment that was submitted on 12/08/2021.
Claims 1-18 were canceled as part of the preliminary amendment.

Claim Rejections - 35 USC § 101
35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.

Claims 26-31 are rejected under 35 U.S.C. 101 because the claimed invention is directed to a non-statutory subject matter. The claims do not fall within at least one of the four categories of patent eligible subject matter because claim 26 is claiming “An article of manufacture comprising instructions” which appears to be directed to software per se by comprising program codes. Moreover, applicant’s specification doesn’t provide any clarification on what could be a “an article of manufacture”. Thus, claim 26 is directed to a software per se wherein “an article of manufacture” is a software comprising instructions (i.e. program code).
Claims 27-31 are dependent from claim 26 and do not cure the deficiencies of claim 26.


Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 19, 22-23, 25-27, 29, 32 and 35-36 are rejected under 35 U.S.C. 103 as being unpatentable over Uy et al. (Pub. No.: US 2015/0186621 A1) (hereinafter, “Uy”) in view of Tang et al. (Pub. No.: US 2017/0034554 A1) (hereinafter, “Tang”).

As to claim 19, Uy discloses an apparatus comprising: an interface to obtain a certificate … and an encryption key from a first remote device, the encryption key associated with a file, … (“In an example of the operation of the system 100, the license provider 110 provides a content license to a license server 120. The license server 120 may be a server that manages content licenses sent by the different license providers 110. The license server 120 communicates with a content server 140 to create DRM protected content. For example, the content provider 130 provides content to the content server 140, which associates a content identifier (ID) with the content. The content server 140 forwards a request, which contains the content ID, for a content key to the license server 120. The license server 120 associates a content key (i.e. a license) with the content identified via the content ID by the content server 140 to provide licensed (i.e. DRM protected) content.” -e.g. see, Uy: [0032]; herein, an interface of a license server 120 obtains a content license (i.e. certificate) from a license provider 110 (i.e. from a first remote device); moreover, the license is associated with a content key (i.e. encryption key) associated with a content (i.e. a file), see also, Fig. 1 which shoes a license provider 110 provides content license, DRM keys to a license server); 
instructions; and processor circuitry to execute the instructions to: cause storage of the certificate, the certificate is identifiable by a file identifier (ID) associated with at least one of the file, the expiry information, or the encryption key (“In an example of the operation of the system 100, the license provider 110 provides a content license to a license server 120. The license server 120 may be a server that manages content licenses sent by the different license providers 110. The license server 120 communicates with a content server 140 to create DRM protected content. For example, the content provider 130 provides content to the content server 140, which associates a content identifier (ID) with the content. The content server 140 forwards a request, which contains the content ID, for a content key to the license server 120. The license server 120 associates a content key (i.e. a license) with the content identified via the content ID by the content server 140 to provide licensed (i.e. DRM protected) content. “-e.g. see, Uy: [0032]; herein, the license server 120 manages content licensees (i.e. stores certificate) that is obtained from the license provider 110; the license server 120 associates a license (i.e. a certificate) with a content ID (i.e. a file identifier), see also, [0030]; herein, Each of the servers also includes a central processing unit (CPU), in the form of one or more processors); and 
in response to a request for the certificate that includes the file ID, cause transmission of the certificate to a second remote device (“In response to receiving the licensed content file, the media device 170 requests from the license server 120 the content key associated with the content ID. The device/appliance 170 request includes the content ID and the SE certificate that includes a public encryption key. The license server 120, in response to the request by the device/appliance 170, provides the license with an encrypted content key. The encrypted content key is encrypted using the public key provided with the SE certificate. Upon receipt of the encrypted content key, the SE enables decryption of the content key, which is used to decrypt the content. The link application 171 causes the content to be presented on the media device 170.” -e.g. see, Uy: [0032]; herein, a request includes a content ID (i.e. file ID) and the license server 120 transmits the license (i.e. the certificate) to the device/appliance 170 (i.e. to a second remote device), see also, Uy: [0034]; herein, the client application also requests license information from a server, such as license server 120. The requested license information may include a content identification of the DRM protected content and a public DRM encryption key of the identified content).
Uy may not explicitly disclose a certificate including expiry information; the expiry information indicative of a period for which the encryption key is valid to decrypt the file.
However, in an analogous art, Tang discloses a certificate including expiry information; the expiry information indicative of a period for which the encryption key is valid to decrypt the file (“The authentication certificate has an expiry date/time defining a period during which that the relevant media content and decryption key can be stored locally in client device 105. The validity period of the media content and the decryption key may be associated with one another. When MLU 115 detects that the media content or the decryption key has expired, it will stop streaming the relevant media content to media player 110 and erase that media content in local media store 125.” -e.g. see, Tang: [0078]).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filling date of the claimed invention was made to modify the teaching of Uy as taught by Tang in order to prevent a potential attacker from compromising an encryption key by providing an expiry information for the encryption key. Moreover, one of ordinary skill in the art before the effective filling date of the claimed invention would be motivated to include expiry information in a certificate in order to mitigate vulnerabilities caused by evolving security standards and changing ownership of the contents.

As to claims 26 and 32, these are rejected using the similar rationale as for the rejection of claim 19.

As to claim 22, The combination of Uy and Tang disclose wherein the file is stored separately from the certificate (“The license server 120 may be a server that manages content licenses sent by the different license providers 110. … The content server 140 upon receipt of the content key creates the DRM protected content by encrypting the content using the provided content key, and also encrypts the content key.” -e.g. see, Uy: [0032]; herein, file is stored in content server and the certificate is stored in a license server).
As to claims 29 and 35, these are rejected using the similar rationale as for the rejection of claim 22.

As to claim 23, The combination of Uy and Tang disclose wherein the expiry information indicates a time after which decryption of the file is to be prevented (“The authentication certificate has an expiry date/time defining a period during which that the relevant media content and decryption key can be stored locally in client device 105. The validity period of the media content and the decryption key may be associated with one another. When MLU 115 detects that the media content or the decryption key has expired, it will stop streaming the relevant media content to media player 110 and erase that media content in local media store 125.” -e.g. see, Tang: [0078]).

As to claim 36, it is rejected using the similar rationale as for the rejection of claim 23.

As to claim 25, The combination of Uy and Tang disclose wherein the first remote device is different than the second remote device (Uy: Fig. 1, [0032]; herein, a license provider 110 is equivalent to a first remote device and the device/appliance 170 is equivalent to a second remote device).

As to claim 27, The combination of Uy and Tang disclose wherein the instructions, when executed, cause the machine to manage the expiry information associated with the file (“The authentication certificate has an expiry date/time defining a period during which that the relevant media content and decryption key can be stored locally in client device 105. The validity period of the media content and the decryption key may be associated with one another. When MLU 115 detects that the media content or the decryption key has expired, it will stop streaming the relevant media content to media player 110 and erase that media content in local media store 125.” -e.g. see, Tang: [0078]).

Claims 20 and 33 are rejected under 35 U.S.C. 103 as being unpatentable over Uy in view of Tang and further in view of Wilson et al. (Pub. No.: US 2010/0203960 A1) (hereinafter, “Wilson”).

As to claim 20, neither Uy nor Tang explicitly disclose wherein the processor circuitry is to: communicate with a trusted execution environment that is to generate the encryption key and the certificate; and manage the expiry information associated with the file.
However, in an analogous art, Wilson discloses wherein the processor circuitry is to: communicate with a trusted execution environment that is to generate the encryption key and the certificate (“In an alternate example, a trusted platform module is available on the server and in the wagering game devices, and can be used for key generation and storage. In one such example, the server's trusted platform module is used to generate the certificate authority and server keys, but is not used to generate the wagering game device's key pair since the private key can't be easily extracted from the trusted platform module for transfer to the wagering game devices. In an alternate embodiment, the server's trusted platform module does generate the wagering game device keys, which are securely transferred to the wagering game devices such as by use of a secure portable memory such as a smart card or flash drive device.” -e.g. see, Wilson: [0078]); and manage the expiry information associated with the file (“The certificate’s period of validity is specified at 604, and is typically based on cost, the level of security desired, and other factors. The subject of the certificate is identified at 605, identifying the entity whose public key is being conveyed via the certificate and other information such as the internet address and contact information for the entity.” -e.g. see, Wilson: [0066]).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filling date of the claimed invention was made to modify the teaching of Uy and Tang as taught by Wilson in order to provide protection for any connected “thing,” such as a trusted application (TA), by enabling an isolated, cryptographic electronic structure and enable end-to-end security.

As to claim 33, it is rejected using the similar rationale as for the rejection of claim 20.

Claims 21, 28 and 34 are rejected under 35 U.S.C. 103 as being unpatentable over Uy in view of Tang and further in view of FU et al. (Pub. No.: US 2015/0121078 A1) (hereinafter, “FU”).

As to claim 21, neither Uy nor Tang explicitly disclose wherein the processor circuitry is to set a policy according to which trusted execution environment is to determine the expiry information.
However, in an analogous art, FU discloses wherein the processor circuitry is to set a policy according to which trusted execution environment is to determine the expiry information (“In some embodiments, the secure communication module may be further configured to dynamically determine an expiry date associated with the wildcard security certificate. Further, the secure communication module may be configured to perform at least one of: dynamically obtaining a new wildcard security certificate specifying the Common Name upon detecting that the wildcard security certificate has expired; or dynamically obtaining a new security certificate security certificate specifying the Common Name upon detecting that the period for expiry of the wildcard security certificate is within a threshold.” -e.g. see, FU: [0013]).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filling date of the claimed invention was made to modify the teaching of Uy and Tang as taught by FU in order to facilitate secure communication for cloud-based and/or distributed computing applications (FU: [0007]).

As to claims 28 and 34, these are rejected using the similar rationale as for the rejection of claim 21.

Claims 24, 30-21 and 37 are rejected under 35 U.S.C. 103 as being unpatentable over Uy in view of Tang and further in view of Bromley et al. (Pub. No.: US 2009/0271319 A1) (hereinafter, “Bromley”).

As to claim 24, neither Uy nor Tang explicitly disclose wherein the processor circuitry is to cause removal of the certificate from storage to prevent decryption of the file.
However, in an analogous art, Bromley discloses wherein the processor circuitry is to cause removal of the certificate from storage to prevent decryption of the file (“Licenses can be selected for deletion from portion 204 in a variety of different manners. In one or more embodiments, a three-step process is used to select one or more licenses for deletion from portion 204. First, any license that has expired is selected for deletion. Licenses oftentimes have associated durations or expiration dates, and once expired can no longer be used to decrypt the associated content. Accordingly, any such expired licenses are selected for deletion first.” -e.g. see, Bromley: [0038]).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filling date of the claimed invention was made to modify the teaching of Uy and Tang as taught by Bromley in order to make sufficient space for the one or more licenses to be added (Bromley: [0039]).

As to claims 30 and 37, these are rejected using the similar rationale as for the rejection of claim 24.


As to claim 31, neither Uy nor Tang explicitly disclose wherein the instructions, when executed, cause removal of the certificate from storage before expiration of the period for which the encryption key is valid.
However, in an analogous art, Bromley discloses wherein the instructions, when executed, cause removal of the certificate from storage before expiration of the period for which the encryption key is valid (“Licenses can be selected for deletion from portion 204 in a variety of different manners. In one or more embodiments, a three-step process is used to select one or more licenses for deletion from portion 204. First, any license that has expired is selected for deletion. Licenses oftentimes have associated durations or expiration dates, and once expired can no longer be used to decrypt the associated content. Accordingly, any such expired licenses are selected for deletion first.” -e.g. see, Bromley: [0038]).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filling date of the claimed invention was made to modify the teaching of Uy and Tang as taught by Bromley in order to make sufficient space for the one or more licenses to be added (Bromley: [0039]).


Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to SUMAN DEBNATH whose telephone number is (571)270-1256. The examiner can normally be reached Mon-Fri; 9:00am-5:00pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Farid Homayounmehr can be reached on 571-272-3739. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

SUMAN DEBNATH
Patent Examiner
Art Unit 2495



/S.D/Examiner, Art Unit 2495                                                                                                                                                                                                        
/PONNOREAY PICH/Primary Examiner, Art Unit 2495