Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

This application currently names joint inventors. In considering patentability of the claims the examiner presumes that the subject matter of the various claims was commonly owned as of the effective filing date of the claimed invention(s) absent any evidence to the contrary.  Applicant is advised of the obligation under 37 CFR 1.56 to point out the inventor and effective filing dates of each claim that was not commonly owned as of the effective filing date of the later invention in order for the examiner to consider the applicability of 35 U.S.C. 102(b)(2)(C) for any potential 35 U.S.C. 102(a)(2) prior art against the later invention.
Claim(s) 1, 2, 3, 6, 9, 11, 12, 13, 16, 19 is/are rejected under 35 U.S.C. 103 as being unpatentable over Leavy et al. (US 2018/0212772) hereafter Leavy in view of Ye (US 2018/0234237) hereafter Ye.

Regarding claim 1. Leavy discloses a cryptographic method for securing access to a private key generated and stored in a device, the method being implemented by at least one processor, the method comprising: 
generating, by the at least one processor, at least one application password relating to a predetermined level of entropy (para 45, escrow key is generated randomly); 
generating, by the at least one processor relating to a key manager in a secure area of the at least one processor, at least one user private key secured by using the at least one application password (para 46, encrypt root private key with escrow key); 
receiving, by the at least one processor from a user via an input device, at least one user entropy relating to a unique identifier for the user (para 46, user password); 
deriving, by the at least one processor using a password derivation function, at least one symmetric key based on the at least one user entropy (para 46, derive password-based key from user password); 
encrypting, by the at least one processor using an encryption system, the at least one application password by using the at least one symmetric key (para 46, encrypt escrow key with the derived password-based key); and 
storing, by the at least one processor in a memory, at least one device payload component relating to the at least one application password and the at least one symmetric key in a password management system (para 46, escrow bundle is sent to server and stored).
Leavy does not explicitly disclose a trusted execution environment.  However, in an analogous art, Ye discloses key updating including generating a private key within a trusted execution environment (para 31).  It would have been obvious to a person of ordinary skill in the art before the effective filing date to modify the implementation of Leavy with the implementation of Ye in order to provide confidentiality and integrity for the code and data loaded inside the trusted execution environment.

Regarding claim 2. Leavy and Ye disclose the method of claim 1, the method further comprising: 
receiving, by the at least one processor via a communication interface, at least one request to use the user private key, the at least one request including the at least one user entropy and at least one action (Leavy, para 55-56); 
deriving, by the at least one processor using the password derivation function, the at least one symmetric key based on the received at least one user entropy (Leavy, para 56); 
decrypting, by the at least one processor using the encryption system, the at least one application password by using the derived at least one symmetric key (Leavy, para 56); 
retrieving, by the at least one processor from within the trusted execution environment, reference information relating to the at least one user private key by using the decrypted at least one application password (Leavy, para 57; Ye, para 31); and 
using, by the at least one processor, the reference information to instruct the trusted execution environment to perform the action (Leavy, para 57).

Regarding claim 3. Leavy and Ye disclose the method of claim 1, wherein the at least one user private key remains within the trusted execution environment (Ye, para 31).

Regarding claim 6. Leavy and Ye disclose the method of claim 1, wherein the at least one user entropy includes at least one from among a username, a password, a randomly generated password from an authenticated request, and a randomly generated password that is accessible when user presence has been verified via biometrics (Leavy, para 46).

Regarding claim 9. Leavy and Ye disclose the method of claim 1, wherein the at least one user private key remains accessible in the trusted execution environment by using an alternate source of user entropy when the unique identifier that corresponds to the user is changed (para 4, 44, the username and password change from user to user, the 2nd user’s password is an alternate source of user entropy as it is provided as a seed to the hash).

	Claims 11, 12, 13, 16, 19 are similar in scope to claims 1, 2, 3, 6, 9 and are rejected under similar rationale.

Claim(s) 4, 5, 10 ,14, 15, 20 is/are rejected under 35 U.S.C. 103 as being unpatentable over Leavy and Ye as applied to claim 1 above, and further in view of Chester et al. (US 2021/0004454) hereafter Chester.
Regarding claim 4. Leavy and Ye disclose the method of claim 1, but does not explicitly disclose wherein the trusted execution environment includes a hardware-based key manager that is isolated from the at least one processor.  However, in an analogous art, Chester discloses frictionless credential provisioning including a hardware-based key manager that is isolated from the at least one processor (para 31, secure enclave processor is a hardware coprocessor).  It would have been obvious to a person of ordinary skill in the art before the effective filing date to modify the implementation of Leavy and Ye with the implementation of Chester in order to provide hardware root of trust, efficient and secure cryptographic operations, and protected memory.

Regarding claim 5. Leavy and Ye disclose the method of claim 1, but do not explicitly disclose wherein the password management system includes a device keychain. However, in an analogous art, Chester discloses frictionless credential provisioning including the password management system includes a device keychain (para 18, 31).  It would have been obvious to a person of ordinary skill in the art before the effective filing date to modify the implementation of Leavy and Ye with the implementation of Chester in order to allow for syncing across various devices (para 18).

Regarding claim 10. Leavy and Ye disclose the method of claim 1, wherein a server recovery key is obtained from a networked repository by using at least one authentication technique to validate the user identity (Leavy, para 55), but do not disclose the at least one authentication technique including a multi-factor authentication technique.  However, in an analogous art, Chester discloses frictionless credential provisioning including the at least one authentication technique including a multi-factor authentication technique (para 41). It would have been obvious to a person of ordinary skill in the art before the effective filing date to modify the implementation of Leavy and Ye with the implementation of Chester in order to further protect content and data in the instance in which one factor has been exposed.

Claims 14, 15, 20 are similar in scope to claims 4, 5, 10 and are rejected under similar rationale.

Allowable Subject Matter
Claims 7, 8, 17, 18 are objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims.


Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to JAMES R TURCHEN whose telephone number is (571)270-1378. The examiner can normally be reached Monday-Friday: 7-3.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Luu Pham can be reached on 571-270-5002. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/JAMES R TURCHEN/               Primary Examiner, Art Unit 2439