Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Specification 
The specification filed on April 28, 2021 is accepted. 
Drawings
The drawings filed on April 28, 2021 are accepted.

Information Disclosure Statement
The information disclosure statement (IDS) submitted on 08/09/2022 was filed after the mailing date of the application 17/242670 on 04/28/2021.  The submission is in compliance with the provisions of 37 CFR 1.97.  Accordingly, the information disclosure statement is being considered by the examiner.

Claim Objections
Claims 1-3, 6-8, 10, 11 and 13-15 objected to because of the following informalities: 
The examiner suggests to remove number/bullet point in claims 1, 7 and 10.
Claim 1 recites “Per-key Authorization, PKA,” should read as “Per-key Authorization (PKA)” and “Hardware Security Module, HSM,” should read as “Hardware Security Module (HSM)”
Claim 1 recites the terms “PKA object” and “PKA-based user object”. The examiner suggests to clarify the difference between “PKA object” and “PKA-based user object”
Claim 1 recites “this authentication data” should read as “wherein the authentication data” and “comprising” should read as “comprises”
Claim 1, 7 and 10 recites “retrieving and instantiating the PKA based user object”. The examiner suggests to clarify the term “retrieving…..PKA based user object” with respect to log-in credential of user. It seems like the PKA based user object in instantiated based on login credential of the user.  
Claim 2 recites “at least one cryptographic is created” Please clarify what does the term “cryptographic” corresponds to?
Claims 2 recites the phrase “and/or” it seems like the imitation after the phrase “and/or” is not mandatory step in the claim. Therefore, the impact of non-compulsory step in the claim is not clear.
Claim 3 recites “the associated end-user account” should read as “the end user account” as previously recited in claim 1.
Claim 3 recites “this encrypted form” its not clear if “this encrypted form” corresponds to the PKA-based user object or something else.
Claim 3 recites “…for its decryption….” should read as “for decryption”
Claim 6 recites “posterior setting in the login credential” based on which every thing is revoked is unclear. There is limited definition in the spec for this concept. The examiner suggests to clarify the term “posterior setting in the login credential” and the term “everything”
Claim 7 recites “Hardware Security Module, HSM, ” should read as “Hardware Security Module (HSM)”
Claim 7 line 5 recites “a first HSM of the cluster” should read as “a first HSM of the cluster of HSMs”
Claim 7 line 9-11 recites “the HSM” should read as “the first HSM” as previously recited in the claim.
Claim 7 line 6 recites the terms “PKA object” and “PKA-based user object”. The examiner suggests to clarify the difference between “PKA object” and “PKA-based user object”
Claim 7 line 6 recites “this authentication data” should read as “wherein the authentication data” and “comprising” should read as “comprises”
Claim 7 line 15 recites “encrypting said serial” should read as “encrypting serial of the PKA-based user object”
Claim 7 line 17 recites “propagating……this encrypted serial” should read as “propagating……[[this]] the encrypted serial of the PKA-based user object”
Claim 7 line 19 recites “receiving ….this serial” should read as “receiving ….the encrypted [[this]] serial of the PKA-based user object”
Claim 7 line 20 recites “decrypting ….the serial” should read as “decrypting ….the encrypted serial of the PKA-based user object”
Claim 7 line 26-28 recites “the HSM” should read as “the second HSM” as previously recited in the claim.
Claim 7. The examiner suggests to clarify why is it necessary for the second HSM to perform the steps of receiving login credential of user, creating PKA based user object and authenticating the PKA based user object as these steps have been already performed by the first HSM.
Claim 8 line 32 recites “….. a cryptographic protocol of the type of a transport layer security” should read as “a cryptographic protocol of 
Claim 10 recites “a.	creating PKA based user object by:	a.	creating PKA based user object comprising authentication data……” its unclear why the objection creation step is divided into steps a, b and c when the object is created by receiving the login credential of the user and the authentication step is not an object creation step. The claim should instead recite.
 receiving login credential of the user, creating object based on the login credentials of the user and authenticating the object based on PKCS#11
Claim 10 recites the terms “PKA object”, “PKA-based user object” and “PKA-based resource object”. The examiner suggests to clarify the difference between “PKA object”, “PKA-based user object” and “PKA-based resource object”
Claim 10 recites “this authentication data” should read as “wherein the authentication data” and “comprising” should read as “comprises”
Claim 10 recites “the access permission” should read as “access permission”
Claim 10 line 14 recites” the cryptographic key” should read as “the at least one cryptographic key” as recited on line 1 of the claim.
Claim 11 recites “at least the cryptographic key” should read as “the at least one cryptographic key”
claim 13 recites “the PKA-based resource” and “PKA-based user” should read as “the PKA-based resource object” and “PKA-based user object” as previously recited in claim 10.
Claim 13 recites “read-only parenting attributes”. The examiner suggests to clarify the term. The term is broadly interpreted as “read-only attribute”
Claim 14 recites “the permission” should read as” the access permission” as previously recited in claim 10.
Claim 14 recites “….its supported function of PKCS#11” the examiner suggest to clarify the supported function of PKCS#11 assuming that “PKCS#11” corresponds to public-key cryptographic standard #11
Claim 15 recites “the permission” should read as” the access permissions”
Appropriate correction is required.

Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.


The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.


Claim 1, 7 and 10 recites the limitation "the log-in credentials".  There is insufficient antecedent basis for this limitation in the claim.
Claim 7 recites the limitation "the authenticated state".  There is insufficient antecedent basis for this limitation in the claim.
Dependent claims 2-6, 8, 9, and 11-15 are also rejected due inheriting the deficiency of parent claims.

                                               Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1-4 and 6 are rejected under 35 U.S.C. 103 as being unpatentable over KANCHARLA et al (hereinafter KANCHARLA) (US 20150358161) in view of Price (US 20040059946).

Regarding claim 1 KANCHARLA teaches A method for authenticating an end-user account associated with at least one cryptographic key stored in the form of a Per-Key Authorization, PKA, object within a Hardware Security Module, HSM, wherein the method comprises the following steps: (KANCHARLA Fig 1 and text on [0007 and 0030-0032] teaches system and method to provide secured key management for cloud-based web services hosted at a third party data center via HSMs in which authentication of user is performed using credential information of the user represented as object);
  creating a PKA object comprising authentication data, PKA-based user object, this authentication data at least comprising the log-in credentials of the end-user account (KANCHARLA on [0030-0034] teaches creating by the HSM objects including secured credential (i.e. authentication data) user generated keys, certificate and configuration for corresponding HSM, wherein credential includes login credential of user. See also on [0064] teaches pre-existing keys and credential as object stored in a key store of HSM);
  receiving, by the HSM, log-in credentials of the end-user account (KANCHARLA on [0030-0034] teaches creating by the HSM objects including secured credential, user generated keys, certificate and configuration for corresponding HSM, wherein credential includes login credential of received by the user. See on [0041 and 0045] teaches user providing credential for login in a session with its corresponding HSM);
and authenticating, by the HSM, the PKA-based user object using a Public-Key Cryptographic Standard #11 (KANCHARLA on [0033-0034, 0065] teaches each object stored in key store is identified using unique key handler. Further teaches the key store of each HSM checks every object validity. See on [0050] teaches authentication performed using Public-Key Cryptography Standards#11 (PKCS));
	Although KANCHARLA teaches receiving user’s credential in a particular session and creating object using the credential but fails to explicitly teach retrieving and instantiating the PKA-based user object at session level, however Price from analogous art teaches retrieving and instantiating the PKA-based user object at session level (Price on [0011, 0020 and 0028] teaches instantiating user object at session level).
Thus, it would have been obvious to one ordinary skill in the art before the effective filing date to implement the teaching of Price into the teaching of KANCHARLA by creating object at session level. One would be motivated to do so in order to perform single authentication only at time when session is established and to provide unified and flexible data access within the system (Price on [0006-0008]).

Regarding claim 2 the combination of KANCHARLA and Price teaches all the limitations of claim 1 above, KANCHARLA further teaches wherein at least one cryptographic is created in an assigned association state with the end-user account, and/or at least one cryptographic key is created in unassigned association state with the end-user account being late assigned thereto (KANCHARLA on [0032, 0040 and 0046] teaches generating keys i.e.  cryptographic keys, wherein the keys and user’s credentials are stored in key store).

Regarding claim 3 the combination of KANCHARLA and Price teaches all the limitations of claim 1 above, KANCHARLA further teaches wherein the PKA-based user object or a modified form thereof is stored encrypted in a database outside of the HSM accessible via API, so that initiation of the associated end-user account retrieves this encrypted form from the database and inserts it into the HSM for its decryption and authentication based on requesting the log-in credentials (KANCHARLA on [0032] teaches  the objects are encoded and encrypted via an encryption key before being stored in the key store 109, outside of HSM wherein the encryption key is unique for each key store. See on [0027, 0031, 0036 and 0070] teaches cryptographic functionalities provided by the HSM 102 can be accessed by other components of system 100 via an Application Programming Interface (API) defined and provided by the HSM 102. See also on [0067-0068] teaches retrieves encrypted object and decrypting the encrypted object).

Regarding claim 4 the combination of KANCHARLA and Price teaches all the limitations of claim 3 above, KANCHARLA further teaches wherein the encryption and decryption of the PKA- based user object or a modified form thereof is performed by the HSM computing a first symmetric key (KANCHARLA on [0027] teaches the encryption and decryption operation performed by HSM is based on symmetric cryptographic key).
Regarding claim 6 the combination of KANCHARLA and Price teaches all the limitations of claim 1 above, KANCHARLA further teaches wherein either a posterior setting in the log-in credentials of the end-user account or a log-out thereof revokes everything in cache of the HSM generated during the session about said PKA-based user object (KANCHARLA on [0070 and 0080] teaches  the HSM VM 104 is configured to delete and/or archive the objects from the key store 109 of its current HSM partition 108 after the objects have been exported from the key store 109. A single Application Programming Interface (API) provided by the HSM 102 may be utilized to delete and/or archive the objects from the key store 109.).


Claims 5 is/are rejected under 35 U.S.C. 103 as being unpatentable over KANCHARLA et al (hereinafter KANCHARLA) (US 20150358161) in view of Price (US 20040059946) and further in view of SCHIATTARELLA et al (hereinafter SCHIATTARELLA) (US 20220067221).

Regarding claim 5 the combination of KANCHARLA and Price teaches all the limitations of claim 1 above, although the combination teaches administer for performing crypto operation but fails to explicitly teach PKA-based user object is created by a Crypto Officer, however SCHIATTARELLA from analogous art teaches wherein the PKA-based user object is created by a Crypto Officer (SCHIATTARELLA on [0039] teaches crypto-officers are allowed to manage the keys, by e.g., generating, deleting, importing, and backing up the keys)
Thus, it would have been obvious to one ordinary skill in the art before the effective filing date to implement the teaching of SCHIATTARELLA into the combined teaching of KANCHARLA and Price by creating object at by crypto officer. One would be motivated to do so in order to perform crypto operation by an authorized entity such as crypto officer in order to prevent unauthorized access (SCHIATTARELLA on [0001]).

Claims 7-9 is/are rejected under 35 U.S.C. 103 as being unpatentable over KANCHARLA et al (hereinafter KANCHARLA) (US 20150358161) in view of Ye et al (hereinafter Ye) (US 20220247567) and further in view of Price (US 20040059946). 

Regarding claim 7 KANCHARLA teaches A method for a single authenticating an end-user account within a cluster of Hardware Security Modules, HSMs, connected to each other through a secure communication channel, wherein the end-user account is represented by a PKA-based user object, the method comprising the following steps: (KANCHARLA Fig 1 and text on [0007 and 0030-0032] teaches system and method to provide secured key management for cloud-based web services hosted at a third party data center via HSMs (i.e. cluster of HSMs connected together) in which authentication of user is performed using credential information of the user represented as object);
i. authenticating, by a first HSM of the cluster, the PKA-based user object by: creating a PKA object comprising authentication data, PKA-based user object, this authentication data at least comprising the log-in credentials of the end-user account (KANCHARLA on [0030-0034] teaches creating by the HSM objects including secured credential, user generated keys, certificate and configuration for corresponding HSM, wherein credential includes login credential of user. See also on [0064] teaches pre-existing keys and credential as object stored in a key store of HSM);
receiving, by the HSM, log-in credentials of the end-user account for (KANCHARLA on [0030-0034] teaches creating by the HSM objects including secured credential, user generated keys, certificate and configuration for corresponding HSM, wherein credential includes login credential of received by the user. See on [0041 and 0045] teaches user providing credential for login in a session with its corresponding HSM);
and authenticating, by the HSM, the PKA-based user object using a Public-Key Cryptographic Standard #11 (KANCHARLA on [0033-0034, 0065] teaches each object stored in key store is identified using unique key handler. Further teaches the key store of each HSM checks every object validity. See on [0050] teaches authentication performed using Public-Key Cryptography Standards#11 (PKCS));
ii. serializing, by the first HSM, the PKA-based user object with the authenticated state (KANCHARLA on [0033] teaches serializing the object with a unique ID and accessing the object using the unique ID i.e. and object moving from one HSM to second HSM refers to state of the object);
vii. authenticating, by at least the second HSM, the PKA-based user object by: (KANCHARLA on [0073-0075] teaches moving object from first HSM to second HSM and the authentication is performed);
 creating a PKA object comprising authentication data, PKA-based user object, this authentication data at least comprising the log-in credentials of the end-user account (KANCHARLA on [0030-0034] teaches creating by the HSM objects including secured credential, user generated keys, certificate and configuration for corresponding HSM, wherein credential includes login credential of user. See also on [0064] teaches pre-existing keys and credential as object stored in a key store of HSM);
 receiving, by the HSM, log-in credentials of the end-user account for (KANCHARLA on [0030-0034] teaches creating by the HSM objects including secured credential, user generated keys, certificate and configuration for corresponding HSM, wherein credential includes login credential of received by the user. See on [0041 and 0045] teaches user providing credential for login in a session with its corresponding HSM);
and authenticating, by the HSM, the PKA-based user object using a Public-Key Cryptographic Standard #11 (KANCHARLA on [0033-0034, 0065] teaches each object stored in key store is identified using unique key handler. Further teaches the key store of each HSM checks every object validity. See on [0050] teaches authentication performed using Public-Key Cryptography Standards#11 (PKCS));
	Although the combination teaches receiving user’s credential when session is established for generating object, but fails to explicitly teach retrieving and instantiating the PKA-based user object at session level, encrypting said serial, by the first HSM, with a symmetric key or a derived form thereof shared among the HSMs forming the cluster, propagating, by the first HSM, this encrypted serial through the secure communication channel receiving, by at least a second HSM of the cluster, this serial and  decrypting the serial, by at least the second HSM, with the symmetric key, however Ye from analogous art teaches
iii. encrypting said serial, by the first HSM, with a symmetric key or a derived form thereof shared among the HSMs forming the cluster (Ye Fig 3 block 310 and text on [0036-0038] teaches the first control module 102 encrypts serial number using public key of public-private key pair shared between control module 102 and server 108. The first control module 102 transmits encrypted serial number to trusted server 102 via communication network 118);
 iv. propagating, by the first HSM, this encrypted serial through the secure communication channel (Ye Fig 3 block 310 and text on [0036-0038] teaches the first control module 102 (i.e. first HSM) encrypts serial number using public key of public-private key pair shared between control module 102 and server 108. The first control module 102 transmits (i.e. propagating) encrypted serial number to trusted server 102 (i.e. second HSM) via communication network 118);
 v. receiving, by at least a second HSM of the cluster, this serial, vi. decrypting the serial, by at least the second HSM, with the symmetric key (Ye on [0047-0048] teaches the trusted server receives the public key and the encrypted serial number and decrypts the serial number using the private key of the server).

Thus, it would have been obvious to one ordinary skill in the art before the effective filing date to implement the teaching of Ye into the teaching of KANCHARLA by encrypting and decrypting the serial number of the object. One would be motivated to do so in order securely communicate data between different entities and retrieve data associated with the object based on decrypting the encrypted object (Ye on [0001]).
Although KANCHARLA teaches receiving user’s credential in a particular session and creating object using the credential but fails to explicitly teach retrieving and instantiating the PKA-based user object at session level, however Price from analogous art teaches retrieving and instantiating the PKA-based user object at session level (Price on [0011, 0020 and 0028] teaches instantiating user object at session level).
Thus, it would have been obvious to one ordinary skill in the art before the effective filing date to implement the teaching of Price into the teaching of KANCHARLA by creating object at session level. One would be motivated to do so in order to perform single authentication only at time when session is established and to provide unified and flexible data access within the system (Price on [0006-0008]).

Regarding claim 8 the combination of KANCHARLA, Ye and Price teaches all the limitations of claim 7 above, KANCHARLA further teaches wherein the secure communication channel implements a cryptographic protocols of the type of a Transport Layer Security (KANCHARLA on [0027] teaches he encryption/decryption key management is for symmetric and/or asymmetric (e.g., RSA) keys and the crypto operations to be accelerated are for cryptographic protocols such as Transport Layer Security (TLS) and/or Secure Sockets Layer (SSL) designed to provide communication security over the Internet)

Regarding claim 9 the combination of KANCHARLA, Ye and Price teaches all the limitations of claim 7 above Ye further teaches wherein the first HSM of the cluster propagates the encrypted serial through the secure communication channel only to one or more HSMs storing at least one cryptographic key associated to the end-user account (Ye on [0047-0048] teaches the trusted server receives the public key and the encrypted serial number and decrypts the serial number using the private key of the server (i.e. second HSM having private key for decrypting the encrypted serial number)).
Thus, it would have been obvious to one ordinary skill in the art before the effective filing date to implement the teaching of Ye into the teaching of KANCHARLA by encrypting and decrypting the serial number of the object. One would be motivated to do so in order securely communicate data between different entities and retrieve data associated with the object based on decrypting the encrypted object (Ye on [0001]).

Claims 10-15 is/are rejected under 35 U.S.C. 103 as being unpatentable over KANCHARLA et al (hereinafter KANCHARLA) (US 20150358161) in view of Popp et al (hereinafter Popp) (US 6249291).

Regarding claim 10 KANCHARLA teaches A method for implementing access control to at least one cryptographic key stored within a HSM by an end-user account, wherein the method comprises: (KANCHARLA Fig 1 and text on [0007 and 0030-0032] teaches system and method to provide secured key management for cloud-based web services hosted at a third party data center via HSMs in which authentication of user is performed using credential information of the user represented as object);
 a. creating a PKA-based user object by: a. creating a PKA object comprising authentication data, PKA-based user object, this authentication data at least comprising the log-in credentials of the end-user account (KANCHARLA on [0030-0034] teaches creating by the HSM objects including secured credential (i.e. authentication data) user generated keys (i.e. cryptographic key), certificate and configuration for corresponding HSM, wherein credential includes login credential of user. See also on [0064] teaches pre-existing keys and credential as object stored in a key store of HSM);
b. receiving, by the HSM, log-in credentials of the end-user account (KANCHARLA on [0030-0034] teaches creating by the HSM objects including secured credential, user generated keys, certificate and configuration for corresponding HSM, wherein credential includes login credential of received by the user. See on [0041 and 0045] teaches user providing credential for login in a session with its corresponding);
 and c. authenticating, by the HSM, the PKA-based user object using a Public-Key Cryptographic Standard #11(KANCHARLA on [0033-0034, 0065] teaches each object stored in key store is identified using unique key handler. Further teaches the key store of each HSM checks every object validity. See on [0050] teaches authentication performed using Public-Key Cryptography Standards#11 (PKCS));
 b. wherein the PKA-based user object further comprising a dedicated symmetric key associated with the end-user account (KANCHARLA on [0032] teaches object includes user generated/imported keys);
c. creating at least one PKA object comprising the cryptographic key, PKA-based resource object, this PKA-based resource object being authenticable through an identifier (KANCHARLA on [0033-0034] teaches creating by the HSM objects including secured credential (i.e. authentication data) user generated keys (i.e. cryptographic key), certificate and configuration for corresponding HSM, wherein credential includes login credential of user. See also on [0064] teaches pre-existing keys and credential as object stored in a key store of HSM each object stored in the key store 109 is identified and can be accessed with a unique key handler, wherein the key handler along with the HSM ID forms a global unique identifier for the object. When a web service host accesses a corresponding HSM service unit 107 using its HSM ID, the key handler is sufficient to uniquely identify each object in the key store 109 of the HSM partition 108);
 and d. setting up the access permissions for each PKA-based resource object by means of its attributes (KANCHARLA on [0034] teaches objects stored in key store along with its attribute. Object flags may also be adopted to define the usability of the object for wrapping, exporting, signature generation, verification, etc. The key store 109 checks every object for validity (e.g., date and time) based on the stored attributes before using the object for crypto operations (i.e. object wrapping and verifying as object permission is interpreted in view of page 9 line 13-19)).
	Although KANCHARLA teaches establishing a communication session when receiving users credential but fails to explicitly teach instantiating the PKA-based user object at session level and identifier encrypted with the symmetric key of the PKA-based user object, however Popp from analogous art teaches retrieving and instantiating the PKA-based user object at session level (Popp Fig 5C-5D and text on [col 28 line 21-44] teaches creating object at session level);
identifier encrypted with the symmetric key of the PKA-based user object (Popp Fig 5C-5D and text on [col 28 line 21-44] teaches creating object at session level and encrypting string containing session ID and sender ID using public key).

Thus, it would have been obvious to one ordinary skill in the art before the effective filing date to implement the teaching of Popp into the teaching of KANCHARLA by creating object and session level and using the encrypted identifier for generating the object. One would be motivated to do so in order to perform secure communication of information using encrypted identifier when generating object at session level (Popp on [col 4 line 25-40]).

Regarding claim 11 the combination of KANCHARLA and Popp teaches all the limitations of claim 10 above Popp further teaches wherein the PKA-based resource object comprises sensitive and non-sensitive attributes wherein, the non-sensitive attributes comprise the encrypted identifier, and the sensitive attributes comprise at least the cryptographic key (Popp Fig 5C-5D and text on [col 28 line 21-44] teaches encrypted session identifier as non-sensitive information and session key or encryption key as cryptographic key sensitive attribute).
Thus, it would have been obvious to one ordinary skill in the art before the effective filing date to implement the teaching of Popp into the teaching of KANCHARLA by creating object and session level and using the encrypted identifier for generating the object. One would be motivated to do so in order to perform secure communication of information using encrypted identifier when generating object at session level (Popp on [col 4 line 25-40]).

Regarding claim 12 the combination of KANCHARLA and Popp teaches all the limitations of claim 10 above KANCHARLA further teaches wherein the identifier is a random string (KANCHARLA on [0033] teaches identifier as string with serial number).
Regarding claim 13 the combination of KANCHARLA and Popp teaches all the limitations of claim 10 above Popp further teaches wherein the PKA-based resource is assigned to the PKA-based user by setting its read-only parenting attributes (Popp on [Col 4 line 53-67, Col 16 line 1-10 and col 25 line 6 -30] teaches object with assigned attributes and A control object can have subcontrols that are themselves control objects. Subcontrols can be pre-defined or generated at runtime. The associative behavior of a subcontrol is attributed to the parent control object. A control object activates a subcontrol's push and pull modes by forwarding the activation message that it received).
Thus, it would have been obvious to one ordinary skill in the art before the effective filing date to implement the teaching of Popp into the teaching of KANCHARLA by creating object and session level and using the encrypted identifier for generating the object. One would be motivated to do so in order to perform secure communication of information using encrypted identifier when generating object at session level (Popp on [col 4 line 25-40]).

Regarding claim 14 the combination of KANCHARLA and Popp teaches all the limitations of claim 13 above KANCHARLA further teaches wherein the permissions are set up for each PKA- based resource object by means of its supported functions of PKCS #11 (KANCHARLA on [0034] teaches objects stored in key store along with its attribute. Object flags may also be adopted to define the usability of the object for wrapping, exporting, signature generation, verification, etc. The key store 109 checks every object for validity (e.g., date and time) based on the stored attributes before using the object for crypto operations (i.e. object wrapping and verifying as object permission is interpreted in view of page 9 line 13-19)).
Regarding claim 15 the combination of KANCHARLA and Popp teaches all the limitations of claim 14 above KANCHARLA further teaches wherein the permissions are at least one of the following: allow encryption, allow decryption, allow wrap, allow unwrap, allow signing, allow verifying (KANCHARLA on [0034] teaches objects stored in key store along with its attribute. Object flags may also be adopted to define the usability of the object for wrapping, exporting, signature generation, verification, etc. The key store 109 checks every object for validity (e.g., date and time) based on the stored attributes before using the object for crypto operations (i.e. object wrapping and verifying as object permission is interpreted in view of page 9 line 13-19)).


Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. 
Needham et al (US 10095549) is directed towards providing an ownership transfer service in virtual computing service environment. Computing resources under the control of one or multiple customers are stored in an ownership transfer account. Workflows based on a pre-defined set of triggers for releasing the computing resources from the ownership transfer account are established.
Veiseh et al (US 20090228959) is directed towards markup language and system to be used with devices or objects that treats them as web objects able to be viewed over the Internet and displayed as webpages. Each device or object is equipped with a mini-server that has a unique IP address. Using wireless communication, the mini-server connects to the Internet. A remote user then enters the IP address of the mini-server, connecting to the device.
Relyea (US 20080133514) is directed towards a method and apparatus, including a client and security token, for managing cryptographic objects, such as public key cryptography standard (PKCS)#11 objects, in a computer system. A storage table for the cryptographic objects is established including rows for the cryptographic objects and columns corresponding to available attributes capable of being associated with the cryptographic objects. 

Any inquiry concerning this communication or earlier communications from the examiner should be directed to MOEEN KHAN whose telephone number is (571)272-3522. The examiner can normally be reached 7AM-5PM EST M-TH Alternate Fridays.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Shewaye Gelagay can be reached on (571)272-4219. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/MOEEN KHAN/Examiner, Art Unit 2436