7156159DETAILED ACTION
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
The present application, filed on January 22, 2021, is accepted.
Claims 1 – 20 are being considered on the merits.

Drawings
The drawings, filed on January 22, 2021, are accepted.

Specification
The specification, filed on January 22, 2021, is accepted.

Claim Rejections - 35 USC § 101
35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.


Claims 8 and 19 are rejected under 35 U.S.C. 101 because the claimed invention is directed to software per se without significantly more. The claim recites the logic that would perform functions of claim 1 which include receiving key identifiers and storing encrypted data. This judicial exception is not integrated into a practical application because the claim describe the logic that would cause the functionality of claim 1 and does not have a practical implementation. The claims do not include additional elements that are sufficient to amount to significantly more than the judicial exception because there is no additional element presented to further limits the claimed invention.

Claims 9 – 18 rejected under 35 U.S.C. 101 because These claims are directed towards computer-readable storage medium which is not limited to falling under the statutory classes of invention set forth. These claims in using the term “computer program product” in accordance with paragraph 106 – 107 of pages 35 in Applicants’ Specification, allow for the computer-readable storage medium to be signals. Based on current USPTO Policy, when the computer readable medium is not specifically defined as excluding signals i.e. non-transitory in the Specification the broadest reasonable interpretation is used according to MPEP 2111, thus the computer readable medium may embody signals, i.e. transitory media. The Examiner notes that paragraph 106 – 107 only discloses examples of the “computer program product” and does not define the “computer program product” as excluding signals for example non-transitory. Accordingly, the Examiner suggests that Applicants amend the claims to add a limitation to direct the language of the ‘computer program product’ claims to only include the non-transitory embodiment which would remove the possibility of claiming signals.

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1 – 20 are rejected under 35 U.S.C. 103 as being unpatentable over US 9141822 B2 to Lehnhardt et al., (hereinafter, “Lehnhardt”) in view of US 20200034528 A1 to Yang et al., (hereinafter, “Yang”).
Regarding claim 1, Lehnhardt teaches a computer-implemented method, comprising: receiving, by a storage system, encrypted data and a set of key identifiers, wherein each key identifier is associated with information specifying a storage location for which the key identifier is authorized; [Lehnhardt, col. 2 lines 31 – 40 discloses The cryptographic key and key identifier that is stored in one of the security tokens is specific to the authorized user such that a data item that is inserted into the database upon a respective entry of the data item by that user is encrypted with that user's cryptographic key and can only be retrieved and decrypted by the same user as the user needs to present the security token for the retrieval and decryption operation. Alternatively, the user has to memorize the cryptographic key and its key identifier for entry into the respective client computer.] storing, by the storage system, the encrypted data in at least one storage location; [Lehnhardt, col. 4 lines 59 – 67 discloses each one of the databases stores encrypted data items whereby the encryption is performed with one of the user or user-group specific cryptographic keys of the security tokens. Each one of the encrypted data items is stored in conjunction with the key identifier, but not the key itself, that was used for encryption of the data item as an attribute. This facilitates to limit the search in the database for retrieval of an encrypted data item to such data items that have been encrypted by a given cryptographic key.], but Lehnhardt does not teach receiving, by the storage system, at least one key identifier of the set of key identifiers with a data access request; and determining, by the storage system, whether the data access request is authorized for the at least one key identifier.  
However, Yang does teach receiving, by the storage system, at least one key identifier of the set of key identifiers with a data access request; [Yang, para. 13 discloses receive a file request for a requested file stored in the non-volatile storage memory, wherein the requested file corresponds to one of the encrypted data files in the plurality of encrypted data files, and wherein the file request is received from a requesting process operating on the rich operating system; and transmit file request data to the trusted access monitoring application, wherein the file request data comprises file access data associated with the requested file and process identification data associated with the requesting process. Para. 85 discloses the file access data may include file identification data, such as a MAC file label, associated with the encrypted file. The file access data may also include key information associated with the encrypted file. The key information may be required to derive the encryption key associated with that encrypted file.] and determining, by the storage system, whether the data access request is authorized for the at least one key identifier. [Yang, para. 13 discloses the trusted access monitoring application is configured to: receive the file request data; determine file identification data associated with the requested file from the file access data; determine whether the requesting process is permitted to access the requested file by comparing the file identification data and the process identification data with file access criteria stored by the trusted access monitoring application;]
Therefore, it would have been obvious to one of ordinary skill within the art before the effective filling date to combine Yang’s system with Lehnhardt’s system, with a motivation to provide, by a trusted application, personalized and cryptographically secure access control that can reduce or eliminate problems associated with access control that is implemented directly in the kernel of the primary operating system. The access control system may still be integrated into the file systems of the kernel of a rich operating system, i.e. through use of the access monitoring module. In some embodiments, the trusted application that operates in the trusted operating system can intercept and examine all file requests and operations directed at encrypted files stored in the non-volatile storage memory (e.g. through communication with the access monitoring module) [Yang, para. 12]

As per claim 2, modified Lehnhardt teaches the computer-implemented method of claim 1, wherein the encrypted data is encrypted using an encryption key, wherein the encryption key is associated with the set of key identifiers. [Lehnhardt, col. 4 lines 59 – 67 discloses each one of the databases stores encrypted data items whereby the encryption is performed with one of the user or user-group specific cryptographic keys of the security tokens. Each one of the encrypted data items is stored in conjunction with the key identifier, but not the key itself, that was used for encryption of the data item as an attribute. This facilitates to limit the search in the database for retrieval of an encrypted data item to such data items that have been encrypted by a given cryptographic key.]

As per claim 3, modified Lehnhardt teaches the computer-implemented method of claim 2, wherein the storage system does not have access to the encryption key. [Lehnhardt, col. 4 lines 62 – 67 discloses Each one of the encrypted data items is stored in conjunction with the key identifier, but not the key itself, that was used for encryption of the data item as an attribute. This facilitates to limit the search in the database for retrieval of an encrypted data item to such data items that have been encrypted by a given cryptographic key. Col. 5 lines 40 – 51 discloses The cryptographic key and key identifier are automatically erased from the memory of the client computer and no copy is retained by the client computer when one of the following events occurs a time-out condition is fulfilled, e.g. a predefined time period of user inaction with respect to the application program has occurred, the database connection and/or the network session is interrupted, the application program is closed by the user or automatically by logging out the user, the power supply of the client computer is interrupted.]  

Regarding claim 4, modified Lehnhardt teaches the computer-implemented method of claim 1, but Lehnhardt does not teach comprising terminating the data access request in response to determining that the data access request is not authorized for the at least one key identifier.  
However, Yang does teach comprising terminating the data access request in response to determining that the data access request is not authorized for the at least one key identifier. [Yang, para. 94 discloses If the KMTA determines that the requesting process is not permitted to perform the requested file operation, the KMTA can generate an access denied signal. The KMTA can transmit the access denied signal to the TA agent. Upon receiving the access denied signal, the TA agent rejects the file operation request from the requesting process. The TA agent can prevent the requesting process from performing the requested operation on the requested encrypted file. Para. 83 discloses A trusted access monitoring application (also referred to as a key management trusted application, key management TA or KMTA) can operate on the trusted operating system. The trusted access monitoring application can be configured to communicate with the file access monitoring module in order to implement secure access control in response to file requests received by the file access monitoring module.] 
Therefore, it would have been obvious to one of ordinary skill within the art before the effective filling date to combine Yang’s system with Lehnhardt’s system, with a motivation to provide, by a trusted application, personalized and cryptographically secure access control that can reduce or eliminate problems associated with access control that is implemented directly in the kernel of the primary operating system. The access control system may still be integrated into the file systems of the kernel of a rich operating system, i.e. through use of the access monitoring module. In some embodiments, the trusted application that operates in the trusted operating system can intercept and examine all file requests and operations directed at encrypted files stored in the non-volatile storage memory (e.g. through communication with the access monitoring module) [Yang, para. 12]

As per claim 5, Lehnhardt teaches the computer-implemented method of claim 1, wherein the set of key identifiers includes a root key identifier and associated child key identifiers. [Lehnhardt, col. 3 lines 11 – 23 discloses Upon entry of the user's cryptographic key and key identifier into the client computer the key identifier is sent from the client computer to the database system. In response to receipt of the key identifier the database system returns the set of encrypted cryptographic keys that are assigned to the received key identifier such that the client computer can decrypt that additional set of cryptographic keys using the key that the user has entered. When a query is performed one or more of the additional key identifiers can be used as alternative or additional search criteria in order to include data items into the search that can be decrypted by one of the cryptographic keys that are available on the client computer.] 
As per claim 6, modified Lehnhardt teaches the computer-implemented method of claim 1. wherein at least one key identifier of the set of key identifiers is associated with a temporal limitation. [Lehnhardt, col. 5 lines 40 – 51 discloses The cryptographic key and key identifier are automatically erased from the memory of the client computer and no copy is retained by the client computer when one of the following events occurs a time-out condition is fulfilled, e.g. a predefined time period of user inaction with respect to the application program has occurred, the database connection and/or the network session is interrupted, the application program is closed by the user or automatically by logging out the user, the power supply of the client computer is interrupted.]

Regarding claim 8, modified Lehnhardt teaches a system, comprising: a processor; and logic integrated with the processor, executable by the processor, or integrated with and executable by the processor, the logic being configured to perform the method of claim 1. [Lehnhardt, col. 3 lines 24 – 41 discloses In accordance with embodiments of the invention the application program is operational for generating an electronic signature for the encrypted data item and/or the key identifier. The database system is operational for checking the validity of the electronic signature and for executing the database insert command only if the electronic signature is valid. This provides an additional level of security against sabotage. In accordance with alternative embodiment of the invention the application program is operational for generating an electronic signature for the unencrypted data item and/or the key identifier. The database system is not operational for checking the validity of the electronic signature, as it has no access to the unencrypted data item, and executes the database insert command without checking the validity of the electronic signature. The checking of the validity of the electronic signature is performed by the application program after retrieval and decryption of the data item. This also provides an additional level of security against sabotage.]  

Regarding claim 9, modified Lehnhardt teaches a computer program product for controlling access to encrypted data on a storage system, the computer program product comprising: one or more computer readable storage media, and program instructions collectively stored on the one or more computer readable storage media, the program instructions comprising: program instructions to perform the method of claim 1. [Lehnhardt col. 7 lines 65 – 67 to col. 8 lines 1 – 9 discloses a computer system 100 that comprises multiple sets of client computers, i.e. a number I of sets S1, S2, . . . Si, . . . SI-1, SI. Each one of the sets Si is located in a respective trusted environment 102 that is in some way access restricted. For example, the set S1 of client computers is located within trusted environment 102.1, set S2 of client computers in trusted environment 102.2, . . . set Si of client computers in trusted environment 102.i etc. such that there is a one-to-one relationship between sets Si of client computers and trusted environments 102.i. Alternatively at least one, some or all of the client computers are located outside a trusted environment, such as in a vehicle.]
	
	Regarding claim 10, it recites features similar to features within claim 1, therefore, it is rejected in a similar manner. 

	Regarding claims 11 – 14, they recite feature similar to feature within claims 3 – 6, therefore, they are rejected in a similar manner.

As per claim 17, modified Lehnhardt teaches the computer program product of claim 10, comprising program instructions to associate the encryption key with the key identifiers in the set in response to encrypting the data. [Lehnhardt, col. 4 lines 59 – 67 discloses Each one of the databases stores encrypted data items whereby the encryption is performed with one of the user or user-group specific cryptographic keys of the security tokens. Each one of the encrypted data items is stored in conjunction with the key identifier, but not the key itself, that was used for encryption of the data item as an attribute. This facilitates to limit the search in the database for retrieval of an encrypted data item to such data items that have been encrypted by a given cryptographic key.]

Regarding claim 18, it recites features similar to features within claim 9, therefore, it is rejected in a similar manner. 

Regarding claim 19, it recites features similar to features within claim 8, therefore, it is rejected in a similar manner.

Regarding claim 20, Lehnhardt teaches a system, comprising: a client side system, the client side system comprising: a first processor; and logic integrated with the first processor, executable by the first processor, or integrated with and executable by the first processor, [Lehnhardt, col. 11 lines 39 – 41 discloses The client computer Cij has a processor 146 for execution of a program module 148 that may be part of the operating system and for execution of the application program 104] the logic being configured to: encrypt, by the first processor, data using an encryption key, wherein the encryption key is associated with a set of key identifiers; [Lehnhardt, col. 11 lines 59 – 64 discloses The application program 104 further comprises a program module 156 for encryption of a data item by means of the key 108 and a program module 158 for decryption of an encrypted data item using the key 108. The client computer Cij has a working volatile memory 160 for storing a copy of the cryptographic key 108 and its key identifier 110] provide, by the first processor, a storage system with the set of key identifiers, wherein each key identifier is associated with information specifying a storage location the key identifier is authorized for; [Lehnhardt, col. 2 lines 31 – 40 discloses The cryptographic key and key identifier that is stored in one of the security tokens is specific to the authorized user such that a data item that is inserted into the database upon a respective entry of the data item by that user is encrypted with that user's cryptographic key and can only be retrieved and decrypted by the same user as the user needs to present the security token for the retrieval and decryption operation. Alternatively, the user has to memorize the cryptographic key and its key identifier for entry into the respective client computer.] and the storage system, the storage system comprising: a second processor; and logic integrated with the second processor, executable by the second processor, or integrated with and executable by the second processor, [Lehnhardt, col. 14 lines 20 – 25 discloses That database query is communicated to the database DBi via the database connection and processed by the database DBi in step 224. In response to the database query the database may return one or more encrypted hits to the application program 104, i.e. one or more data items that contain the encrypted search term, in step 226.] the logic being configured to: receive, by the second processor, the encrypted data and the set of key identifiers; store, by the second processor, the encrypted data in at least one storage location; receive, by the second processor, the at least one key identifier of the set of key identifiers with the data access request; [Lehnhardt, col. 2 lines 31 – 40 discloses The cryptographic key and key identifier that is stored in one of the security tokens is specific to the authorized user such that a data item that is inserted into the database upon a respective entry of the data item by that user is encrypted with that user's cryptographic key and can only be retrieved and decrypted by the same user as the user needs to present the security token for the retrieval and decryption operation. Alternatively, the user has to memorize the cryptographic key and its key identifier for entry into the respective client computer.], but Lehnhardt does not teach send, by the first processor, at least one key identifier of the set of key identifiers to the storage system with a data access request, wherein the storage system is configured to determine whether the data access request is authorized for the at least one key identifier; and determine, by the second processor, whether the data access request is authorized for the at least one key identifier.
However, yang does teach send, by the first processor, at least one key identifier of the set of key identifiers to the storage system with a data access request, wherein the storage system is configured to determine whether the data access request is authorized for the at least one key identifier; [Yang, para. 13 discloses the trusted access monitoring application is configured to: receive the file request data; determine file identification data associated with the requested file from the file access data; determine whether the requesting process is permitted to access the requested file by comparing the file identification data and the process identification data with file access criteria stored by the trusted access monitoring application;] and determine, by the second processor, whether the data access request is authorized for the at least one key identifier. [Yang, para. 16 discloses the file access data included in the file request data may be encrypted file access data, where the encrypted file access data is encrypted using a secret access key stored by the trusted access monitoring application; and the trusted access monitoring application may be configured to determine the file access data from the received file request data by: determining the secret access key associated with the requested file; decrypting the encrypted file access data using the secret access key; and determining the file access data as the decrypted file access data.]
Therefore, it would have been obvious to one of ordinary skill within the art before the effective filling date to combine Yang’s system with Lehnhardt’s system, with a motivation to provide, by a trusted application, personalized and cryptographically secure access control that can reduce or eliminate problems associated with access control that is implemented directly in the kernel of the primary operating system. The access control system may still be integrated into the file systems of the kernel of a rich operating system, i.e. through use of the access monitoring module. In some embodiments, the trusted application that operates in the trusted operating system can intercept and examine all file requests and operations directed at encrypted files stored in the non-volatile storage memory (e.g. through communication with the access monitoring module) [Yang, para. 12]

7.	Claims 7 and 15 – 16 are rejected under 35 U.S.C. 103 as being unpatentable over US 9141822 B2 to Lehnhardt et al., (hereinafter, “Lehnhardt”) in view of US 20200034528 A1 to Yang et al., (hereinafter, “Yang”) in further view of US 20210165909 A1 to Park et al., (hereinafter, “Park”).
Regarding claim 7, modified Lehnhardt teaches the computer-implemented method of claim 1, but modified Lehnhardt does not teach wherein the key identifiers are generated and/or managed by a key identifier manager, wherein the encryption key is generated and/or managed by a key manager which is separate from the key identifier manager. 
However, Park does teach wherein the key identifiers are generated and/or managed by a key identifier manager, [Park, para. 63 discloses the security manager 110 may also be referred to herein as a security manager circuit. Para. 64 discloses the security manager 110 may generate the key list List_Key, the permission list List_Pms, and the public key list List_PKey. para. 65 discloses the authentication module 112 may determine whether a user ID obtained in response to making an authentication request to a user is a user ID having legitimate authority to access the user data, based on user authentication information provided by the user. In an exemplary embodiment, the authentication module 112 may receive a key list from the secure memory 200 and may determine whether a user ID included in the key list matches the user ID obtained from the user. Thus, the security manager 110, by way of the authentication module 112, may determine whether to allow access to the user data by authenticating the user ID obtained from the user.] wherein the encryption key is generated and/or managed by a key manager which is separate from the key identifier manager. [Park, para. 63 discloses the key generator 120 may also be referred to herein as a key generator circuit. Para. 67 discloses the key generator 120 may randomly generate a key. In an example, the key may be referred to as a data encryption key DEK. The key generator 120 may include a plurality of ring oscillators. The plurality of ring oscillators may generate randomly fluctuating signals, and the key generator 120 may generate keys having random numbers based on signals generated by the plurality of ring oscillators.]
Therefore, it would have been obvious to one of ordinary skill within the art before the effective filling date to combine Park’s system with modified Lehnhardt’s system, with a motivation for the security manager 110, by way of the authentication module 112, may determine whether to allow access to the user data by authenticating the user ID obtained from the user. [Park, para. 65]

Regarding claim 15, modified Lehnhardt teaches the computer program product of claim 10, but modified Lehnhardt does not teach wherein the key identifiers are generated and/or managed by a key identifier manager.  
However, Park does teach wherein the key identifiers are generated and/or managed by a key identifier manager.  [Park, para. 63 discloses the security manager 110 may also be referred to herein as a security manager circuit. Para. 64 discloses the security manager 110 may generate the key list List_Key, the permission list List_Pms, and the public key list List_PKey. para. 65 discloses the authentication module 112 may determine whether a user ID obtained in response to making an authentication request to a user is a user ID having legitimate authority to access the user data, based on user authentication information provided by the user. In an exemplary embodiment, the authentication module 112 may receive a key list from the secure memory 200 and may determine whether a user ID included in the key list matches the user ID obtained from the user. Thus, the security manager 110, by way of the authentication module 112, may determine whether to allow access to the user data by authenticating the user ID obtained from the user.] 
Therefore, it would have been obvious to one of ordinary skill within the art before the effective filling date to combine Park’s system with modified Lehnhardt’s system, with a motivation for the security manager 110, by way of the authentication module 112, may determine whether to allow access to the user data by authenticating the user ID obtained from the user. [Park, para. 65]

Regarding claim 16, modified Lehnhardt teaches the computer program product of claim 15, but modified Lehnhardt does not teach wherein the encryption key is generated and/or managed by a key manager which is separate from the key identifier manager.  
However, Park does teach wherein the encryption key is generated and/or managed by a key manager which is separate from the key identifier manager. [Park, para. 63 discloses the key generator 120 may also be referred to herein as a key generator circuit. Para. 67 discloses the key generator 120 may randomly generate a key. In an example, the key may be referred to as a data encryption key DEK. The key generator 120 may include a plurality of ring oscillators. The plurality of ring oscillators may generate randomly fluctuating signals, and the key generator 120 may generate keys having random numbers based on signals generated by the plurality of ring oscillators.]
Therefore, it would have been obvious to one of ordinary skill within the art before the effective filling date to combine Park’s system with modified Lehnhardt’s system, with a motivation for the security manager 110, by way of the authentication module 112, may determine whether to allow access to the user data by authenticating the user ID obtained from the user. [Park, para. 65]

Conclusion
Pertinent prior art made of record however not relied upon includes:
US 8397084 B2 to Ranade
“Described is a technology by which data is efficiently and securely stored in a single instance store. A hash value is computed from data in its unencrypted form. The hash value is used to reference a single instance of that data when stored in its encrypted form. In this manner, duplicate data blocks are detectable independent of their encryption, yet stored in an encrypted form in a single instance store. In one aspect, context information for decrypting the encrypted data is stored in association with the data. When the client wants to restore the data, the client sends the hash value for that block to the single instance store service. The service returns the block and the associated context information. The client uses the context information to decrypt the block. For example, the context may comprise a key identifier which the client uses to lookup the correct key.”
US 11349644 B1 to Stapleton
“A system and method for protecting Sensitive Personal Information (SPI) from Multi-Party Access (MPA), including receiving a request for access to a data record, encrypting the data record using a random symmetric key to generate an encrypted data record, storing the encrypted data record on a database, encrypting the symmetric key to generate an encrypted symmetric key by using a public key associated with the client device or a key encryption key associated with the one or more processors, and transmitting a message including the encrypted symmetric key. The message causes the client device to access the data record using the database and the encrypted symmetric key.”
Any inquiry concerning this communication or earlier communications from the examiner should be directed to Phuc Pham whose telephone number is (571)272-8893. The examiner can normally be reached Monday - Thursday 7:30 AM - 4:30 PM; Friday 8:00 AM - 12:00 PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Kambiz Zand can be reached on (571)272-3811. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/P.P./Patent Examiner, Art Unit 2434                                                                                                                                                                                                        /KAMBIZ ZAND/Supervisory Patent Examiner, Art Unit 2434