DETAILED ACTION

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Status of Claims
Claims 1-20 are pending.

Information Disclosure Statement
The information disclosure statement (IDS) submitted on 7/29/2022 is in compliance with the provisions of 37 CFR 1.97.  Accordingly, the information disclosure statement is being considered by the examiner.

Claim Objections
Claims 16, 18-19 are objected to because of the following informalities:  
Claim 16 has no antecedent basis for “the item key” or “the digital item”.
Claim 18 has no antecedent basis for “the item key”.
Claim 19 has no antecedent basis for “the encrypted digital item”.
Appropriate correction is required.

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claim(s) 1-3, 5, 11-12, 14, 17 is/are rejected under 35 U.S.C. 103 as being unpatentable over Riscombe-Burton et al (PGPUB 2016/0315923), and further in view of Fosmark et al (PGPUB 2013/0311382).

Regarding Claims 1 and 20:
Riscombe-Burton teaches a method and non-transitory computer-readable storage medium, comprising executable instructions that, are executed by a processor to perform (paragraph 56, memory storing instructions; processor executing instructions): 
establishing, by a sender system, cryptographic trust with a receiver system, wherein establishing cryptographic trust includes (abstract, method and system for negotiating secure device-to-device communications channel between first computing device and second computing device): 
obtaining, from a service provider server, via a first electronic communication network, a public encryption key of the receiver system (paragraph 62, if it is determined that a secure device-to-device communication channel between the secure applications 303, 305 running on the computing devices 302, 304 is permitted, the proxy server 120 proceeds to send the public key data and address data for the initiating device 302 to the receiving device 304 over secure communication channel 310, and to send the public key data and address data for the receiving device 304 to the initiating device 302 over secure communication channel 308); 
generating an encrypted message by encrypting the message using the public encryption key of the receiver system (paragraph 72, secure application 303 running on the initiating device 302 encrypts data to be sent over the device-to-device communications channel using the public key generated by the secure application 305 running on the receiving device 304 (received from the proxy server 120 at step 424)); 
sending, via a second electronic communication network that differs from the first electronic communication network, the message to the receiver system (paragraph 85, secure application establishes secure device-to-device communication channel (i.e. “direct contact” which is not related to the proxy server channel seen as the “API”) with receiving device and proceeds to send the encrypted data; device-to-device communication channel does not pass through proxy server).
Riscombe-Burton does not explicitly teach generating a verification message including first verification message content;
generating a signed, encrypted, verification message by encrypting the verification message using the public encryption key of the receiver system and a private encryption key of the sender system;
sending the signed verification message;
receiving, from the receiver system, via a third electronic communication network that differs from the first electronic communication network, second verification message content; and
verifying that the first verification message content matches the second verification message content.
However, Fosmark teaches the concept of generating a verification message including first verification message content (abstract, program for obtaining information for a transaction; paragraph 86, message flow for authenticating a user for session; paragraph 88, trusted third party data processing system uses user identifier to identify the identifier of the mobile device and corresponding public key and generates and sends message; message encrypted with public key for mobile device and includes unique challenge code and signature for the message using private key of trusted third party system; message to be provided to the mobile device); 
generating a signed, encrypted, verification message by encrypting the verification message using a public encryption key of a receiver system and a private encryption key of a sender system (abstract, program for obtaining information for a transaction; paragraph 86, message flow for authenticating a user for session; paragraph 88, trusted third party data processing system uses user identifier to identify the identifier of the mobile device and corresponding public key and generates and sends message; message encrypted with public key for mobile device and includes unique challenge code and signature for the message using private key of trusted third party system; message to be provided to the mobile device); 
sending the signed verification message (paragraph 88-89, message sent from third party data processing system to mobile device via out-of-band channel, e.g. sound, visual code, or NFC exchange with user data processing system);
receiving, from the receiver system, via a third electronic communication network that differs from a first electronic communication network, second verification message content (paragraph 90, mobile device performs function on challenge code resulting in response code, e.g. null function (the response code is identical to the challenge code); mobile device displays response code for user to enter into session interface of user data processing system (i.e. “out of band” channel), which forwards response code to trusted third party data processing system for comparison to originally issued challenge code); and 
verifying that the first verification message content matches the second verification message content (paragraph 90, response code forwarded to trusted third party data processing system for comparison to originally issued challenge code; if so, trusted third party data processing system 106 may then send a message 655 to the entity data processing system 104 including an assertion that the user is authenticated for the session).
It would have been obvious to one or ordinary skill in the art before the effective filing date of the claimed invention to combine the encrypted and signed challenge message of Fosmark with the trusted device-to-device channel teachings of Riscombe-Burton, in order to allow multiple devices to perform mutual authentication which proves each respective device owns the necessary private key of a public/private key pair, using PKI methods which are well known in the art, thereby verifying the identity of the devices and improving security by preventing certain types of attacks, e.g. “man-in-the-middle”.

Regarding Claim 2:
Riscombe-Burton in view of Fosmark teaches the method of claim 1.  In addition, Riscombe-Burton teaches wherein: 
the public encryption key of the receiver system is a part of a device-independent asymmetric key pair that includes a private encryption key of the receiver system (paragraph 61, public-private key pairs for sender’s and receiver’s computing devices are generated by secure applications on per-connection basis; therefore, the keys do not rely on a device key/information and can be considered device-independent); and 
the private encryption key of the sender system is a part of a device-independent asymmetric key pair that includes a public encryption key of the sender system (paragraph 61, public-private key pairs for sender’s and receiver’s computing devices are generated by secure applications on per-connection basis; therefore, the keys do not rely on a device key/information and can be considered device-independent).

Regarding Claim 3:
Riscombe-Burton in view of Fosmark teaches the method of claim 2.  In addition, Fosmark teaches wherein generating the signed, encrypted, verification message includes: 
generating an encrypted verification message by encrypting the verification message using the public encryption key of the receiver system (paragraph 88, trusted third party data processing system uses user identifier to identify the identifier of the mobile device and corresponding public key and generates and sends message; message encrypted with public key for mobile device); and 
generating the signed, encrypted, verification message by encrypting the encrypted verification message using the private encryption key of the sender system (abstract, program for obtaining information for a transaction; paragraph 86, message flow for authenticating a user for session; paragraph 88, trusted third party data processing system uses user identifier to identify the identifier of the mobile device and corresponding public key and generates and sends message; message encrypted with public key for mobile device and includes unique challenge code and signature for the message using private key of trusted third party system; message to be provided to the mobile device).
The rationale to combine Riscombe-Burton and Fosmark is the same as provided for claim 1 due to the overlapping subject matter between claims 1 and 3.

Regarding Claim 5:
Riscombe-Burton in view of Fosmark teaches the method of claim 2.  In addition, Riscombe-Burton teaches wherein the third electronic communication network is the second electronic communication network, wherein the second electronic communication network excludes the service provider server (paragraph 9, address data and cryptographic keys exchanged over channels which are “out of band” from device-to-device communications channel; therefore, the device-to-device communications channel can be seen as “out of band” with respect to the key exchange channel).

Regarding Claim 11:
Riscombe-Burton teaches a system comprising: 
a memory storing instructions for establishing cryptographic trust (paragraph 56, memory storing instructions); 
a processor that executes the instructions to establish cryptographic trust between the system and an external system, wherein to establish cryptographic trust between the system and the external system, the processor executes the instruction to (paragraph 56, processor executing instructions): 
obtain, from a service provider system, via a first electronic communication network, a public encryption key of the external system (paragraph 62, if it is determined that a secure device-to-device communication channel between the secure applications 303, 305 running on the computing devices 302, 304 is permitted, the proxy server 120 proceeds to send the public key data and address data for the initiating device 302 to the receiving device 304 over secure communication channel 310, and to send the public key data and address data for the receiving device 304 to the initiating device 302 over secure communication channel 308), wherein the public encryption key of the external system is a part of a device-independent asymmetric key pair that includes a private encryption key of the external system  (paragraph 61, public-private key pairs for sender’s and receiver’s computing devices are generated by secure applications on per-connection basis; therefore, the keys do not rely on a device key/information and can be considered device-independent); 
generate an encrypted message, wherein, to generate the encrypted message, the processor executes the instructions to use the public encryption key of the external system  (paragraph 72, secure application 303 running on the initiating device 302 encrypts data to be sent over the device-to-device communications channel using the public key generated by the secure application 305 running on the receiving device 304 (received from the proxy server 120 at step 424)) to encrypt the verification message, wherein a private encryption key of the system is a part of a device-independent asymmetric key pair that includes a public encryption key of the system (paragraph 61, public-private key pairs for sender’s and receiver’s computing devices are generated by secure applications on per-connection basis; therefore, the keys do not rely on a device key/information and can be considered device-independent); 
send, to the external system, via a second electronic communication network that differs from the first electronic communication network, the message (paragraph 85, secure application establishes secure device-to-device communication channel (i.e. “direct contact” which is not related to the proxy server channel seen as the “API”) with receiving device and proceeds to send the encrypted data; device-to-device communication channel does not pass through proxy server).
Riscombe-Burton does not explicitly teach the processor to: generate a verification message that includes first verification message content;
generate a signed, encrypted, verification message, wherein, to generate the signed, encrypted, verification message, the processor executes the instructions to use the public encryption key of the external system and a private encryption key of the system to encrypt the verification message;
send the signed verification message;
receive, from the external system, via a third electronic communication network that differs from the first electronic communication network, second verification message content; and 
verify that the first verification message content matches the second verification message content.
However, Fosmark teaches the concept of a processor to: generate a verification message that includes first verification message content (abstract, program for obtaining information for a transaction; paragraph 86, message flow for authenticating a user for session; paragraph 88, trusted third party data processing system uses user identifier to identify the identifier of the mobile device and corresponding public key and generates and sends message; message encrypted with public key for mobile device and includes unique challenge code and signature for the message using private key of trusted third party system; message to be provided to the mobile device); 
generate a signed, encrypted, verification message, wherein, to generate the signed, encrypted, verification message, the processor executes instructions to use a public encryption key of an external system and a private encryption key of a system to encrypt the verification message (abstract, program for obtaining information for a transaction; paragraph 86, message flow for authenticating a user for session; paragraph 88, trusted third party data processing system uses user identifier to identify the identifier of the mobile device and corresponding public key and generates and sends message; message encrypted with public key for mobile device and includes unique challenge code and signature for the message using private key of trusted third party system; message to be provided to the mobile device); 
send the signed verification message (paragraph 88-89, message sent from third party data processing system to mobile device via out-of-band channel, e.g. sound, visual code, or NFC exchange with user data processing system);
receive, from the external system, via a third electronic communication network that differs from a first electronic communication network, second verification message content (paragraph 90, mobile device performs function on challenge code resulting in response code, e.g. null function (the response code is identical to the challenge code); mobile device displays response code for user to enter into session interface of user data processing system (i.e. “out of band” channel), which forwards response code to trusted third party data processing system for comparison to originally issued challenge code); and 
verify that the first verification message content matches the second verification message content (paragraph 90, response code forwarded to trusted third party data processing system for comparison to originally issued challenge code; if so, trusted third party data processing system 106 may then send a message 655 to the entity data processing system 104 including an assertion that the user is authenticated for the session).
It would have been obvious to one or ordinary skill in the art before the effective filing date of the claimed invention to combine the encrypted and signed challenge message of Fosmark with the trusted device-to-device channel teachings of Riscombe-Burton, in order to allow multiple devices to perform mutual authentication which proves each respective device owns the necessary private key of a public/private key pair, using PKI methods which are well known in the art, thereby verifying the identity of the devices and improving security by preventing certain types of attacks, e.g. “man-in-the-middle”.

Regarding Claim 12:
Riscombe-Burton in view of Fosmark teaches the system of claim 11.  In addition, Fosmark teaches wherein to generate the signed, encrypted, verification message, the processor executes the instruction to: 
generate an encrypted verification message, wherein, to generate the encrypted verification message, the processor executes the instruction to use the public encryption key of the external system to encrypt the verification message (paragraph 88, trusted third party data processing system uses user identifier to identify the identifier of the mobile device and corresponding public key and generates and sends message; message encrypted with public key for mobile device); and 
generate the signed, encrypted, verification message, wherein, to generate the signed, encrypted, verification message, the processor executes the instruction to use by the private encryption key of the system to encrypt the encrypted verification message (abstract, program for obtaining information for a transaction; paragraph 86, message flow for authenticating a user for session; paragraph 88, trusted third party data processing system uses user identifier to identify the identifier of the mobile device and corresponding public key and generates and sends message; message encrypted with public key for mobile device and includes unique challenge code and signature for the message using private key of trusted third party system; message to be provided to the mobile device).
The rationale to combine Riscombe-Burton and Fosmark is the same as provided for claim 11 due to the overlapping subject matter between claims 11 and 12.

Regarding Claim 14:
Riscombe-Burton in view of Fosmark teaches the system of claim 11.  In addition, Riscombe-Burton teaches wherein the third electronic communication network is the second electronic communication network, and wherein the second electronic communication network excludes the service provider server (paragraph 9, address data and cryptographic keys exchanged over channels which are “out of band” from device-to-device communications channel; therefore, the device-to-device communications channel can be seen as “out of band” with respect to the key exchange channel).

Regarding Claim 17:
Riscombe-Burton in view of Fosmark teaches the system of claim 11.  In addition, Riscombe-Burton teaches wherein, to obtain the public encryption key of the external system, the processor executes the instruction to: 
receive, from service provider server, the public encryption key of the external system in response to sending, to service provider server, a request to identify the external system (paragraph 62, if it is determined that a secure device-to-device communication channel between the secure applications 303, 305 running on the computing devices 302, 304 is permitted, the proxy server 120 proceeds to send the public key data and address data for the initiating device 302 to the receiving device 304 over secure communication channel 310, and to send the public key data and address data for the receiving device 304 to the initiating device 302 over secure communication channel 308; paragraph 66-67, 70, initiating device sends lookup request including unique identifier for receiving user to proxy server; connection request includes identifier for initiating user and receiving user; proxy server performs lookup operation based on received identifiers for initiating and receiving users to match connection request received by initiating and receiving devices).

Claim(s) 4, 13 is/are rejected under 35 U.S.C. 103 as being unpatentable over Riscombe-Burton in view of Fosmark, and further in view of Persson et al (PGPUB 2007/0055877).

Regarding Claim 4:
Riscombe-Burton in view of Fosmark teaches the method of claim 2.
Neither Riscombe-Burton nor Fosmark explicitly teaches wherein establishing cryptographic trust includes: 
signing the public encryption key of the receiver system with the private encryption key of the sender system.
However, Persson teaches the concept wherein establishing cryptographic trust includes: 
signing a public encryption key of a receiver system with a private encryption key of a sender system (abstract, method of establishing a secured peer-to-peer communication between two communications devices; paragraph 95-96, device B sends its own public key or self-signed certificate to device A; device A receives the public key of device B, and chooses to sign the public key of device B using its own private key; paragraph 97-98, device A sends its own public key or self-signed certificate to device B; device B receives the public key of device A and chooses to sign the public key of device A using its own private key).
It would have been obvious to one or ordinary skill in the art before the effective filing date of the claimed invention to combine the signed public key teachings of Persson with the trusted device-to-device channel teachings of Riscombe-Burton in view of Fosmark, in order to generate a signed credential which could be trusted by any user or device which also trusted the party which generated the signature on the certificate, thereby increasing the scope of the zone of trust, and providing assurance that secure communication can be performed with additional devices.

Regarding Claim 13:
Riscombe-Burton in view of Fosmark teaches the system of claim 11.
Neither Riscombe-Burton nor Fosmark explicitly teaches wherein, to establish cryptographic trust, the processor executes the instruction to: 
sign the public encryption key of the external system, wherein, to sign the public encryption key of the external system, the processor executes the instruction to use the private encryption key of the system to encrypt the public encryption key of the external system.
However, Persson teaches the concept wherein wherein, to establish cryptographic trust, a processor executes an instruction to: 
sign a public encryption key of an external system, wherein, to sign the public encryption key of the external system, the processor executes the instruction to use a private encryption key of a system to encrypt the public encryption key of the external system (abstract, method of establishing a secured peer-to-peer communication between two communications devices; paragraph 95-96, device B sends its own public key or self-signed certificate to device A; device A receives the public key of device B, and chooses to sign the public key of device B using its own private key; paragraph 97-98, device A sends its own public key or self-signed certificate to device B; device B receives the public key of device A and chooses to sign the public key of device A using its own private key).
It would have been obvious to one or ordinary skill in the art before the effective filing date of the claimed invention to combine the signed public key teachings of Persson with the trusted device-to-device channel teachings of Riscombe-Burton in view of Fosmark, in order to generate a signed credential which could be trusted by any user or device which also trusted the party which generated the signature on the certificate, thereby increasing the scope of the zone of trust, and providing assurance that secure communication can be performed with additional devices.

Claim(s) 6-8, 15-16 is/are rejected under 35 U.S.C. 103 as being unpatentable over Riscombe-Burton in view of Fosmark, and further in view of Dashlane (“Dashlane Security White Paper”, October 2018).

Regarding Claim 6:
Riscombe-Burton in view of Fosmark teaches the method of claim 2.  In addition, Riscombe-Burton teaches the method, further comprising: 
sharing, by the sender system, an encrypted digital item with the receiver system (paragraph 66-67, 70, 85, secure application establishes secure device-to-device communication channel with receiving device via means of cryptographic information exchanged using proxy server and proceeds to send the encrypted data).
Neither Riscombe-Burton nor Fosmark teaches, wherein sharing the encrypted digital item includes:
obtaining an unencrypted digital item; 
obtaining an item key for encrypting the digital item; 
obtaining the encrypted digital item by encrypting the unencrypted digital item using the item key; 
obtaining an encrypted item key by encrypting the item key with the public encryption key of the receiver system; and 
outputting the encrypted digital item and the encrypted item key to the service provider server, such that the unencrypted digital item is accessible to the receiver system by: 
obtaining the encrypted digital item, the encrypted item key, and the public encryption key of the sender system from service provider server; 
obtaining the item key by decrypting the encrypted item key using the private encryption key of the receiver system; and 
obtaining the unencrypted digital item by decrypting the encrypted digital item using the item key.
However, Dashlane teaches the concept wherein sharing an encrypted digital item includes: 
obtaining an unencrypted digital item (page 9 section k, Alice encrypts her credential with ObjectKey, creating EncryptedCredential; therefore, credential is initially unencrypted); 
obtaining an item key for encrypting the digital item (page 9 section k, Alice generates ObjectKey); 
obtaining the encrypted digital item by encrypting the unencrypted digital item using the item key (page 9 section k, Alice encrypts her credential with ObjectKey, creating EncryptedCredential); 
obtaining an encrypted item key by encrypting the item key with a public encryption key of a receiver system (page 9 section k, Sharing Data Between Users; Alice asks Dashlane’s servers for Bob’s public key; Alice generates a 256-bit AES key which is unique for each shared item and is called an ObjectKey; Alice encrypts the ObjectKey using Bob’s public key, creating a BobEncryptedObjectKey); and 
outputting the encrypted digital item (page 9 section k, Alice sends EncryptedCredential to Dashlane’s servers) and the encrypted item key to a service provider server, such that the unencrypted digital item is accessible to the receiver system by (page 9 section k, Alice sends the BobEncryptedObjectKey to Dashlane’s servers; Alice encrypts credential with ObjectKey creating EncryptedCredential and sends to Dashlane’s servers; EncryptedCredential serves as item identification): 
obtaining the encrypted digital item (page 9 section k, Dashlane’s servers send Bob the EncryptedCredential), the encrypted item key, and a public encryption key of a sender system from service provider server (page 9 section k, Dashlane’s servers send Bob the BobEncryptedObjectKey); 
obtaining the item key by decrypting the encrypted item key using a private encryption key of the receiver system (page 9 section k, Bob decrypts BobEncryptedObjectKey with his private key and gets the ObjectKey); and 
obtaining the unencrypted digital item by decrypting the encrypted digital item using the item key (page 9 section k, Bob decrypts the EncryptedCredential with the ObjectKey and adds Alice’s plain text credential to his own personal data).
It would have been obvious to one or ordinary skill in the art before the effective filing date of the claimed invention to combine the unique item key teachings of Dashlane with the trusted device-to-device channel teachings of Riscombe-Burton in view of Fosmark, in order to limit damage caused by malicious interception or leakage of a key by generating a key for individual encrypted items, as the individual keys would only be usable for a single item, thereby providing a measure of forward secrecy (i.e. future keys cannot be used to decrypt past items).

Regarding Claim 7:
Riscombe-Burton in view of Fosmark and Dashlane teaches the method of claim 6.  In addition, Dashlane teaches wherein obtaining the item key includes: 
generating a symmetric key for encrypting the digital item (page 9 section k, Alice generates 256-bit AES key called ObjectKey; ObjectKey used for both encryption of EncryptedCredential and decryption, and is therefore symmetric key); and 
using the symmetric key as the item key (page 9 section k, Alice encrypts her credential with ObjectKey, creating EncryptedCredential).
The rationale to combine Riscombe-Burton and Dashlane is the same as provided for claim 6 due to the overlapping subject matter between claims 6 and 7.

Regarding Claim 8:
Riscombe-Burton in view of Fosmark and Dashlane teaches the method of claim 6.  In addition, Riscombe-Burton teaches wherein obtaining the public encryption key of the receiver system includes: 
receiving, from service provider server, the public encryption key of the receiver system in response to sending, to service provider server, a request to identify the receiver system (paragraph 62, if it is determined that a secure device-to-device communication channel between the secure applications 303, 305 running on the computing devices 302, 304 is permitted, the proxy server 120 proceeds to send the public key data and address data for the initiating device 302 to the receiving device 304 over secure communication channel 310, and to send the public key data and address data for the receiving device 304 to the initiating device 302 over secure communication channel 308; paragraph 66-67, 70, initiating device sends lookup request including unique identifier for receiving user to proxy server; connection request includes identifier for initiating user and receiving user; proxy server performs lookup operation based on received identifiers for initiating and receiving users to match connection request received by initiating and receiving devices).

Regarding Claim 15:
Riscombe-Burton in view of Fosmark teaches the system of claim 11.  In addition, Riscombe-Burton teaches wherein the processor executes the instruction to: 
share an encrypted digital item with the external system (paragraph 66-67, 70, 85, secure application establishes secure device-to-device communication channel with receiving device via means of cryptographic information exchanged using proxy server and proceeds to send the encrypted data).
Neither Riscombe-Burton nor Fosmark explicitly teaches wherein, to share the encrypted digital item, the processor executes the instruction to: 
obtain an unencrypted digital item; 
obtain an item key for encrypting the digital item; 
obtain the encrypted digital item, wherein, to obtain the encrypted digital item, the processor executes the instruction to use the item key to encrypt the unencrypted digital item; 
obtain an encrypted item key, wherein, to obtain the encrypted item key, the processor executes the instruction to use the public encryption key of the external system to encrypt the item key; and 
output the encrypted digital item and the encrypted item key to the service provider server, such that the unencrypted digital item is accessible to the external system by: 
obtaining the encrypted digital item, the encrypted item key, and the public encryption key of the system from service provider server; 
obtaining the item key by decrypting the encrypted item key using the private encryption key of the external system; and 
obtaining the unencrypted digital item by decrypting the encrypted digital item using the item key.
However, Dashlane teaches the concept wherein, to share an encrypted digital item, a processor executes an instruction to: 
obtain an unencrypted digital item (page 9 section k, Alice encrypts her credential with ObjectKey, creating EncryptedCredential; therefore, credential is initially unencrypted); 
obtain an item key for encrypting the digital item (page 9 section k, Alice generates ObjectKey); 
obtain the encrypted digital item, wherein, to obtain the encrypted digital item, the processor executes the instruction to use the item key to encrypt the unencrypted digital item (page 9 section k, Alice encrypts her credential with ObjectKey, creating EncryptedCredential); 
obtain an encrypted item key, wherein, to obtain the encrypted item key, the processor executes the instruction to use a public encryption key of an external system to encrypt the item key (page 9 section k, Sharing Data Between Users; Alice asks Dashlane’s servers for Bob’s public key; Alice generates a 256-bit AES key which is unique for each shared item and is called an ObjectKey; Alice encrypts the ObjectKey using Bob’s public key, creating a BobEncryptedObjectKey); and 
output the encrypted digital item (page 9 section k, Alice sends EncryptedCredential to Dashlane’s servers) and the encrypted item key to a service provider server, such that the unencrypted digital item is accessible to the external system by (page 9 section k, Alice sends the BobEncryptedObjectKey to Dashlane’s servers; Alice encrypts credential with ObjectKey creating EncryptedCredential and sends to Dashlane’s servers; EncryptedCredential serves as item identification): 
obtaining the encrypted digital item (page 9 section k, Dashlane’s servers send Bob the EncryptedCredential), the encrypted item key, and a public encryption key of the system from service provider server (page 9 section k, Dashlane’s servers send Bob the BobEncryptedObjectKey); 
obtaining the item key by decrypting the encrypted item key using the private encryption key of the external system (page 9 section k, Bob decrypts BobEncryptedObjectKey with his private key and gets the ObjectKey); and 
obtaining the unencrypted digital item by decrypting the encrypted digital item using the item key (page 9 section k, Bob decrypts the EncryptedCredential with the ObjectKey and adds Alice’s plain text credential to his own personal data).
It would have been obvious to one or ordinary skill in the art before the effective filing date of the claimed invention to combine the unique item key teachings of Dashlane with the trusted device-to-device channel teachings of Riscombe-Burton in view of Fosmark, in order to limit damage caused by malicious interception or leakage of a key by generating a key for individual encrypted items, as the individual keys would only be usable for a single item, thereby providing a measure of forward secrecy (i.e. future keys cannot be used to decrypt past items).

Regarding Claim 16:
Riscombe-Burton in view of Fosmark teaches the system of claim 11.
Neither Riscombe-Burton nor Fosmark explicitly teaches wherein, to obtain the item key, the processor executes the instruction to: 
generate a symmetric key for encrypting the digital item; and use the symmetric key as the item key.
However, Dashlane teaches the concept wherein, to obtain an item key, a processor executes an instruction to : 
generate a symmetric key for encrypting the digital item (page 9 section k, Alice generates 256-bit AES key called ObjectKey; ObjectKey used for both encryption of EncryptedCredential and decryption, and is therefore symmetric key); and 
use the symmetric key as the item key (page 9 section k, Alice encrypts her credential with ObjectKey, creating EncryptedCredential).
It would have been obvious to one or ordinary skill in the art before the effective filing date of the claimed invention to combine the unique item key teachings of Dashlane with the trusted device-to-device channel teachings of Riscombe-Burton in view of Fosmark, in order to limit damage caused by malicious interception or leakage of a key by generating a key for individual encrypted items, as the individual keys would only be usable for a single item, thereby providing a measure of forward secrecy (i.e. future keys cannot be used to decrypt past items).

Claim(s) 9-10 is/are rejected under 35 U.S.C. 103 as being unpatentable over Riscombe-Burton in view of Fosmark and Dashlane, and further in view of Lee et al (PGPUB 2021/0195563).

Regarding Claim 9:
Riscombe-Burton in view of Fosmark and Dashlane teaches the method of claim 6.
Neither Riscombe-Burton nor Fosmark nor Dashlane explicitly teaches wherein obtaining the item key includes: 
obtaining a second encrypted item key, encrypted with the public encryption key of the sender system; and 
obtaining the item key by decrypting the second encrypted item key using the private encryption key of the sender system.
However, Lee teaches the concept wherein obtaining an item key includes (paragraph 99, user equipment (UE) may be provisioned with root key):
obtaining a second encrypted item key, encrypted with a public encryption key of a sender system (paragraph 99, UI downloads encrypted root key from server, where the root key is encrypted using device public key); and 
obtaining the item key by decrypting the second encrypted item key using a private encryption key of the sender system (paragraph 99, encrypted root key decrypted using device private key associated with device public key).
It would have been obvious to one or ordinary skill in the art before the effective filing date of the claimed invention to combine the encrypted key distribution teachings of Lee with the trusted device-to-device channel teachings of Riscombe-Burton in view of Fosmark and Dashlane, in order to provide a means of secure key distribution to any device in a network which requires use of the key by protecting the key in transit using well-known and understood PKI techniques such as encrypting the key using the public key of the device which shall receive the key, thereby preventing anyone who does not possess the corresponding private key from decrypting it.

Regarding Claim 10:
Riscombe-Burton in view of Fosmark, Dashlane, and Lee teaches the method of claim 9.  In addition, Dashlane teaches wherein sharing the encrypted digital item includes: 
obtaining a symmetric master key using a master password and a salt value (page 2 section b, user’s personal data is ciphered on user’s device; 32-bit salt is generated and used with User Master Password to generate AES 256-bit key (i.e. “master symmetric key”) for deciphering; page 9 section k, private key is stored in user’s personal data); 
generating the public encryption key of the sender system and the private encryption key of the sender system (page 9 section k, upon account creation, unique pair of public and private RSA keys are created for each user; the private key is stored in the user’s personal data); and 
encrypting the private encryption key of the sender system using the symmetric master key, such that the private encryption key of the sender system is unavailable in the absence of the symmetric master key (page 2 section b, User Master Password which is only known by the user is used to generate symmetric AES 256-bit key for ciphering and deciphering the user’s personal data on the user’s device, i.e. ciphering and deciphering the private key stored in user’s personal data).
The rationale to combine Riscombe-Burton and Dashlane is the same as provided for claim 6 due to the overlapping subject matter between claims 6 and 10.

Claim(s) 18 is/are rejected under 35 U.S.C. 103 as being unpatentable over Riscombe-Burton in view of Fosmark, and further in view of Lee.

Regarding Claim 18:
Riscombe-Burton in view of Fosmark teaches the system of claim 11.
Neither Riscombe-Burton nor Fosmark explicitly teaches wherein, to obtain the item key, the processor executes the instruction to: 
obtain a second encrypted item key, encrypted with the public encryption key of the system; and 
obtain the item key, wherein, to obtain the item key, the processor executes the instruction to use the private encryption key of the system to decrypt the second encrypted item key.
However, Lee teaches the concept wherein, to obtain an item key, a processor executes an instruction to (paragraph 99, user equipment (UE) may be provisioned with root key): 
obtain a second encrypted item key, encrypted with a public encryption key of a system (paragraph 99, UI downloads encrypted root key from server, where the root key is encrypted using device public key); and 
obtain the item key, wherein, to obtain the item key, the processor executes the instruction to use a private encryption key of the system to decrypt the second encrypted item key (paragraph 99, encrypted root key decrypted using device private key associated with device public key).
It would have been obvious to one or ordinary skill in the art before the effective filing date of the claimed invention to combine the encrypted key distribution teachings of Lee with the trusted device-to-device channel teachings of Riscombe-Burton in view of Fosmark, in order to provide a means of secure key distribution to any device in a network which requires use of the key by protecting the key in transit using well-known and understood PKI techniques such as encrypting the key using the public key of the device which shall receive the key, thereby preventing anyone who does not possess the corresponding private key from decrypting it.

Claim(s) 19 is/are rejected under 35 U.S.C. 103 as being unpatentable over Riscombe-Burton in view of Fosmark and Lee, and further in view of Dashlane.

Regarding Claim 19:
Riscombe-Burton in view of Fosmark and Lee teaches the system of claim 18.
Neither Riscombe-Burton nor Fosmark nor Lee explicitly teaches wherein, to share the encrypted digital item, the processor executes the instruction to: 
use a master password and a salt value to obtain a symmetric master key; 
generate the public encryption key of the system and the private encryption key of the system; and 
use the symmetric master key to encrypt the private encryption key of the system, such that the private encryption key of the system is unavailable in the absence of the symmetric master key.
However, Dashlane teaches the concept wherein, to share an encrypted digital item, a processor executes an instruction to: 
use a master password and a salt value to obtain a symmetric master key (page 2 section b, user’s personal data is ciphered on user’s device; 32-bit salt is generated and used with User Master Password to generate AES 256-bit key (i.e. “master symmetric key”) for deciphering; page 9 section k, private key is stored in user’s personal data); 
generate a public encryption key of a system and a private encryption key of the system (page 9 section k, upon account creation, unique pair of public and private RSA keys are created for each user; the private key is stored in the user’s personal data); and 
use the symmetric master key to encrypt the private encryption key of the system, such that the private encryption key of the system is unavailable in the absence of the symmetric master key (page 2 section b, User Master Password which is only known by the user is used to generate symmetric AES 256-bit key for ciphering and deciphering the user’s personal data on the user’s device, i.e. ciphering and deciphering the private key stored in user’s personal data).
It would have been obvious to one or ordinary skill in the art before the effective filing date of the claimed invention to combine the password-based key teachings of Dashlane with the trusted device-to-device channel teachings of Riscombe-Burton in view of Fosmark, in order to improve the security environment by encrypting keys using password-based keys, thereby increasing the entropy of the system and resulting in an improved security environment.

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to FORREST L CAREY whose telephone number is (571)270-7814. The examiner can normally be reached 9:00AM-5:30PM M-F.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Ashok Patel can be reached on 5712723972. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/FORREST L CAREY/Examiner, Art Unit 2491                                                                                                                                                                                                        


/ASHOKKUMAR B PATEL/Supervisory Patent Examiner, Art Unit 2491