Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

DETAILED ACTION
The present office action is responsive to communications received on 05/05/2021.

Information Disclosure Statement
The information disclosure statement (IDS) submitted on 05/05/2021 is in compliance with the provisions of 37 CFR 1.97. Accordingly, the information disclosure statement is being considered by the examiner.

Status of Claims
Claims 12-16 are withdrawn from consideration.
Claims 1-11 and 17-20 are pending.

Election/Restrictions
Restriction to one of the following inventions is required under 35 U.S.C. 121:
I.	Invention I: claims 1-11 and 17-20, drawn to determining, by a user device and based on one or more characteristics, that the user device is to back up a hardware key. Which is useful to determine on a user device if a backup is necessary to avoid unnecessary backups using hashing, classified in H04L 9/0643.
II.	Invention II: claims 12-16, drawn to receive, from a user device, a hardware key associated with a hardware component of the user device, wherein the hardware key has been encrypted by the user device; and decrypting the encrypted hardware key, classified in H04L 9/0825.

The inventions are distinct, each from the other because of the following reasons:
Inventions I and II are related as sub-combinations disclosed as usable together in a single combination.  The sub-combinations are distinct if they do not overlap in scope and are not obvious variants, and if it is shown that at least one sub-combination is separately usable.  In the instant case, the sub-combinations are separately classified, wherein invention I is usable for determining by a user device and based on one or more characteristics, that the user device is to back up a hardware key. Which is useful to determine on a user device if a backup is necessary to avoid unnecessary backups using hashing; wherein sub-combination I does not require decrypting a hardware key, and sub-combination II does not require hashing or determining by a user device the backup of a hardware key.  See MPEP § 806.05(d).
The examiner has required restriction between sub-combinations usable together. Where applicant elects a sub-combination and claims thereto are subsequently found allowable, any claim(s) depending from or otherwise requiring all the limitations of the allowable sub-combination will be examined for patentability in accordance with 37 CFR 1.104.  See MPEP § 821.04(a).  Applicant is advised that if any claim presented in a continuation or divisional application is anticipated by, or includes all the limitations of, a claim that is allowable in the present application, such claim may be subject to provisional statutory and/or non-statutory double patenting rejections over the claims of the instant application. 

Restriction for examination purposes as indicated is proper because all these inventions listed in this action are independent or distinct for the reasons given above and there would be a serious search and examination burden if restriction were not required because one or more of the following reasons apply:
(a) the inventions have acquired a separate status in the art in view of their different classification;
(b) the inventions have acquired a separate status in the art due to their recognized divergent subject matter;
(c) the inventions require a different field of search (for example, searching different classes/subclasses or electronic resources, or employing different search queries); 
(d) the prior art applicable to one invention would not likely be applicable to another invention;
(e) the inventions are likely to raise different non-prior art issues under 35 U.S.C. 101 and/or 35 U.S.C. 112, first paragraph. 
Applicant is advised that the reply to this requirement to be complete must include (i) an election of an invention to be examined even though the requirement may be traversed (37 CFR 1.143) and (ii) identification of the claims encompassing the elected invention. 
 The election of an invention may be made with or without traverse. To reserve a right to petition, the election must be made with traverse. If the reply does not distinctly and specifically point out supposed errors in the restriction requirement, the election shall be treated as an election without traverse. Traversal must be presented at the time of election in order to be considered timely.  Failure to timely traverse the requirement will result in the loss of right to petition under 37 CFR 1.144. If claims are added after the election, applicant must indicate which of these claims are readable on the elected invention.
If claims are added after the election, applicant must indicate which of these claims are readable upon the elected invention.
Should applicant traverse on the ground that the inventions are not patentably distinct, applicant should submit evidence or identify such evidence now of record showing the inventions to be obvious variants or clearly admit on the record that this is the case. In either instance, if the examiner finds one of the inventions unpatentable over the prior art, the evidence or admission may be used in a rejection under 35 U.S.C. 103(a) of the other invention.
During a telephone conversation with Ms. So Ko (Reg. No.: 78801) on December 6, 2022 an election was made without traverse to Invention I.  Therefore, claims 12-16 are withdrawn from further consideration by the examiner, 37 CFR 1.142(b), as being drawn to a non-elected invention.


Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

The factual inquiries for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.
Claims 1-4, 8, 10, 17 and 19 are rejected under 35 U.S.C. 103 as being unpatentable over Field et al. (US 20190005274 A1) hereinafter referred to as Field in view of Chandrashekar (US 20210011815 A1) hereinafter referred to as Chandrashekar.

With respect to claim 1, Field discloses: A method, comprising: identifying, by a user device, one or more characteristics of the user device; determining, by the user device and based on the one or more characteristics, that the user device is to back up a hardware key that is associated with a hardware component of the user device; (interpreted in view of the open-ended examples of device characteristics recited by applicant specifications ¶15; Field ¶31 recites using a unique key ID that comprises a certificate thumbprint, mapped to characteristics, and identifying a decryption key for encrypted data and client determine to send it from client device to server, wherein the sending to the server is interpreted to be backing-up the encrypted key. Additionally, Field ¶40 discloses that the key is associated with unique key ID which is also associated with client device ID when reciting “One set of encryption/decryption key(s) may be used to encrypt a particular cluster of data. Each cluster of data may be classified in many different ways, including, but not limited to, classifying data based on a client's ID, a client's system's ID”).
determining, by the user device, that the user device has an operation key; retrieving, by the user device, the hardware key from a first data structure that is included in the user device; encrypting, by the user device and based on the operation key, the hardware key; (Field ¶31 discloses using a determined public key, mapped to the operation key, on the client device to encrypt the decryption key when reciting “The decryption key is further encrypted using a public key. A corresponding private key configured to decrypt the encrypted decryption key is sent to the server”).
processing, by the user device and after encrypting the hardware key, the hardware key to generate a hash value; (Field ¶46 discloses “hybrid signature schemes may be used, in which a cryptographic hash function is computed as a unique identifier associated with a decryption key that is used to decrypt the data, or used to decrypt the encrypted decryption key.” Further support is found in Field ¶79 reciting “A thumbprint may be a hash that is calculated from the content of the cluster of data using a thumbprint algorithm. The hash may be based off of any combination of the encrypted data, the encryption key, the unique ID, a client identifier and/or any other information stored at or associated with the client system. Each cluster of encrypted data is separately identified via a unique certificate thumbprint.”)
Field does not explicitly disclose: determining, by the user device, that the hash value is not included in a registry of the user device; and transmitting, by the user device and based on determining that the hash value is not included in the registry, the hardware key to a server device to cause the hardware key to be backed up in a second data structure associated with the server device.
However, Chandrashekar in an analogous art discloses: determining, by the user device, that the hash value is not included in a registry of the user device; (a registry is interpreted as a storage area or database given the broadest reasonable interpretation. Chandrashekar ¶46 “determine that local data has changed relative to a previous backup. For example, the local data may include a file that has been previously backed up to a backup storage system. An indication of the previous backup of the local data may be accessed from the backup manifest 203. The backup manifest 203 may store a hash of the local data that was previously backed up. The hash of the local data may be generated based on a hash function, which may be a function that may map data onto data (a hash) of a fixed size. The hash function may therefore generate a hash that may change as the underlying data on which the hash function operates changes. For example, a hash of data that has changed may be different than a hash of the original data. Any hash function may be used so long as the resulting hash is dependent on the input data on which the hash function operates. Examples of hash functions include a cyclic redundancy check (CRC) hash function, a secure hash algorithm (SHA) hash function, and/or other types of hash functions.” Wherein the changed hash is interpreted to mean that the new changed hash value was not included in a registry of the user device and the data can be interpreted to include any type of data such as a key in view of the prior art, Field).
and transmitting, by the user device and based on determining that the hash value is not included in the registry, the hardware key to a server device to cause the hardware key to be backed up in a second data structure associated with the server device.  (Chandrashekar ¶48 disclose backing up the new changed hash value when reciting “The machine-readable instructions 504 may cause the processor to transmit a backup copy of the local data to a remote backup storage system. For example, responsive to the determination that the local data has changed, the processor may transmit a copy of the local data (the “backup copy”) to the remote backup storage system.”).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Field wherein determining, by the user device, that the hash value is not included in a registry of the user device; and transmitting, by the user device and based on determining that the hash value is not included in the registry, the hardware key to a server device to cause the hardware key to be backed up in a second data structure associated with the server device as disclosed by Chandrashekar so that updated versions of the local data may be periodically backed up, which may be automatic by the apparatus or on-demand based on a user request to perform a backup (see Chandrashekar ¶48).

With respect to claim 2, Field in view of Chandrashekar disclose: The method of claim 1, further comprising: updating the registry of the user device to include the hash value as a registry key value associated with the hardware component. (Field discloses that the determined keys are hashed as recited in Field ¶46 “hybrid signature schemes may be used, in which a cryptographic hash function is computed as a unique identifier associated with a decryption key that is used to decrypt the data, or used to decrypt the encrypted decryption key.” Further support is found in Field ¶79 reciting “A thumbprint may be a hash that is calculated from the content of the cluster of data using a thumbprint algorithm. The hash may be based off of any combination of the encrypted data, the encryption key, the unique ID, a client identifier and/or any other information stored at or associated with the client system. Each cluster of encrypted data is separately identified via a unique certificate thumbprint.”)

With respect to claim 3, Field in view of Chandrashekar disclose: The method of claim 1, wherein the one or more characteristics comprises at least one of: an organizational identifier associated with the user device.  (Field ¶31 recites using a unique key ID that comprises a certificate thumbprint, mapped to characteristics, and identifying a decryption key for encrypted data and client determine to send it from client device to server, wherein the sending to the server is interpreted to be backing-up the encrypted key. Additionally, Field ¶40 discloses that the key is associated with unique key ID which is also associated with client device ID when reciting “One set of encryption/decryption key(s) may be used to encrypt a particular cluster of data. Each cluster of data may be classified in many different ways, including, but not limited to, classifying data based on a client's ID, a client's system's ID”).

With respect to claim 4, Field in view of Chandrashekar disclose: The method of claim 1, wherein determining that the user device is to back up the hardware key comprises: determining, based on the one or more characteristics, that the user device utilizes the hardware key; determining, based on the one or more characteristics, that the user device is able to back up the hardware key; and determining, based on determining that the user device utilizes the hardware key and that the user device is able to back up the hardware key, that the user device is to back up the hardware key. (interpreted in view of the open-ended examples of device characteristics recited by applicant specifications ¶15; as mapped in the independent claim Field ¶31 and ¶40 disclose determining a hardware key based on client characteristics and backing up the key. Additionally, Field ¶61-63 disclose using Trivial File Transfer Protocol (TFTP) to authenticate the client to establish communication to allow file sending and receiving between the client and the server. Which is interpreted as determining if the device is able to back up the hardware key based on the client being authenticated first otherwise the client would not be able to back up the key).

With respect to claim 8, Field in view of Chandrashekar disclose: The method of claim 1, wherein processing the hardware key to generate the hash value comprises: processing, using a secure hash algorithm (SHA), the hardware key to generate the hash value. (Chandrashekar ¶46 discloses hashing the data is done by secure hash algorithm (SHA) when reciting “determine that local data has changed relative to a previous backup. For example, the local data may include a file that has been previously backed up to a backup storage system. An indication of the previous backup of the local data may be accessed from the backup manifest 203. The backup manifest 203 may store a hash of the local data that was previously backed up. The hash of the local data may be generated based on a hash function, which may be a function that may map data onto data (a hash) of a fixed size. The hash function may therefore generate a hash that may change as the underlying data on which the hash function operates changes. For example, a hash of data that has changed may be different than a hash of the original data. Any hash function may be used so long as the resulting hash is dependent on the input data on which the hash function operates. Examples of hash functions include a cyclic redundancy check (CRC) hash function, a secure hash algorithm (SHA) hash function, and/or other types of hash functions.”)

With respect to claim 10, Field in view of Chandrashekar disclose: The method of claim 1, wherein transmitting the hardware key to the server device comprises: causing, based on the operation key, a secure connection to be established between the user device and the server device; and sending the hardware key to the server device via the secure connection. (Field ¶61-62 disclose using TFTP for secure connection to send and receive files between the client and server).

With respect to claim 17, Field discloses: A user device, comprising: one or more processors configured to: retrieve a hardware key associated with a hardware component of the user device from a first data structure that is included in the user device; (interpreted in view of the open-ended examples of device characteristics recited by applicant specifications ¶15; Field ¶31 recites using a unique key ID that comprises a certificate thumbprint, mapped to characteristics, and identifying a decryption key for encrypted data and client determine to send it from client device to server, wherein the sending to the server is interpreted to be backing-up the encrypted key from client device memory. Additionally, Field ¶40 discloses that the key is associated with unique key ID which is also associated with client device ID when reciting “One set of encryption/decryption key(s) may be used to encrypt a particular cluster of data. Each cluster of data may be classified in many different ways, including, but not limited to, classifying data based on a client's ID, a client's system's ID”).
encrypt the hardware key; (Field ¶31 discloses using a determined public key, mapped to the operation key, on the client device to encrypt the decryption key when reciting “The decryption key is further encrypted using a public key. A corresponding private key configured to decrypt the encrypted decryption key is sent to the server”).
process, after encrypting the hardware key, the hardware key to generate a hash value; (Field ¶46 discloses “hybrid signature schemes may be used, in which a cryptographic hash function is computed as a unique identifier associated with a decryption key that is used to decrypt the data, or used to decrypt the encrypted decryption key.” Further support is found in Field ¶79 reciting “A thumbprint may be a hash that is calculated from the content of the cluster of data using a thumbprint algorithm. The hash may be based off of any combination of the encrypted data, the encryption key, the unique ID, a client identifier and/or any other information stored at or associated with the client system. Each cluster of encrypted data is separately identified via a unique certificate thumbprint.”)
Field does not explicitly disclose: determine that the hash value is not included in a registry of the user device; and transmit, based on determining that the hash value is not included in the registry, the hardware key to a server device to cause the hardware key to be backed up in a second data structure associated with the server device.
However, Chandrashekar in an analogous art discloses: determine that the hash value is not included in a registry of the user device; (a registry is interpreted as a storage area or database given the broadest reasonable interpretation. Chandrashekar ¶46 “determine that local data has changed relative to a previous backup. For example, the local data may include a file that has been previously backed up to a backup storage system. An indication of the previous backup of the local data may be accessed from the backup manifest 203. The backup manifest 203 may store a hash of the local data that was previously backed up. The hash of the local data may be generated based on a hash function, which may be a function that may map data onto data (a hash) of a fixed size. The hash function may therefore generate a hash that may change as the underlying data on which the hash function operates changes. For example, a hash of data that has changed may be different than a hash of the original data. Any hash function may be used so long as the resulting hash is dependent on the input data on which the hash function operates. Examples of hash functions include a cyclic redundancy check (CRC) hash function, a secure hash algorithm (SHA) hash function, and/or other types of hash functions.” Wherein the changed hash is interpreted to mean that the new changed hash value was not included in a registry of the user device and the data can be interpreted to include any type of data such as a key in view of the prior art, Field).
and transmit, based on determining that the hash value is not included in the registry, the hardware key to a server device to cause the hardware key to be backed up in a second data structure associated with the server device. (Chandrashekar ¶48 disclose backing up the new changed hash value when reciting “The machine-readable instructions 504 may cause the processor to transmit a backup copy of the local data to a remote backup storage system. For example, responsive to the determination that the local data has changed, the processor may transmit a copy of the local data (the “backup copy”) to the remote backup storage system.”).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Field wherein determining, by the user device, that the hash value is not included in a registry of the user device; and transmitting, by the user device and based on determining that the hash value is not included in the registry, the hardware key to a server device to cause the hardware key to be backed up in a second data structure associated with the server device as disclosed by Chandrashekar so that updated versions of the local data may be periodically backed up, which may be automatic by the apparatus or on-demand based on a user request to perform a backup (see Chandrashekar ¶48).

With respect to claim 19, Field in view of Chandrashekar disclose: The user device of claim 17, wherein the one or more processors, to process the hardware key to generate the hash value, are configured to: process, using a secure hash algorithm (SHA), the hardware key to generate the hash value. (Chandrashekar ¶46 discloses hashing the data is done by secure hash algorithm (SHA) when reciting “determine that local data has changed relative to a previous backup. For example, the local data may include a file that has been previously backed up to a backup storage system. An indication of the previous backup of the local data may be accessed from the backup manifest 203. The backup manifest 203 may store a hash of the local data that was previously backed up. The hash of the local data may be generated based on a hash function, which may be a function that may map data onto data (a hash) of a fixed size. The hash function may therefore generate a hash that may change as the underlying data on which the hash function operates changes. For example, a hash of data that has changed may be different than a hash of the original data. Any hash function may be used so long as the resulting hash is dependent on the input data on which the hash function operates. Examples of hash functions include a cyclic redundancy check (CRC) hash function, a secure hash algorithm (SHA) hash function, and/or other types of hash functions.”)

Claims 5-6 and 18 are rejected under 35 U.S.C. 103 as being unpatentable over Field in view of Chandrashekar as applied to claims 1-4, 8, 10, 17 and 19 above, and further in view of Negi et al. (US 20160099814 A1) hereinafter referred to as Negi.

With respect to claim 5, Field in view of Chandrashekar disclose: The method of claim 1, 
They do not explicitly disclose: wherein the operation key, the user device, and the server device are associated with an entity, and wherein determining that the user device has the operation key comprises: identifying a third data structure included in the user device that is associated with the entity; searching the third data structure for the operation key; and determining that the user device has the operation key based on successfully searching the third data structure for the operation key.
However, Negi in an analogous art discloses: wherein the operation key, the user device, and the server device are associated with an entity, (Negi ¶17 “the security co-processor 120 of the local computing device 102 and the security co-processor of the remote computing device 106 are members of the same group (e.g., the same manufacturing lot), then their private EPID keys are valid asymmetric key pairs with the same public EPID key.” Wherein the manufacturer in this instance is mapped to the entity).
and wherein determining that the user device has the operation key comprises: identifying a third data structure included in the user device that is associated with the entity; (Negi ¶16 discloses manufacturer of the device, mapped to the entity of association to the co-processor 120. The co-processor is different from processor 110and memory 114 illustrated in Negi Fig. 1, and therefore is mapped to the third data structure, wherein a key can be stored or provisioned when reciting “the security co-processor 120 may be embodied as a Trusted Platform Module (TPM), a manageability engine (ME), or an out-of-band processor. In some embodiments, one or more hardware keys 122 are stored or provisioned into the security co-processor 120. For example, a private Enhanced Privacy Identification (EPID) key and/or another private hardware key may be provisioned into the security co-processor 120 during the manufacturing process of the security co-processor 120. In other embodiments, EPID or other hardware keys may be provisioned into one or more other components of the local computing device 102. Additionally, in some embodiments, a hardware key certificate (e.g., an EPID certificate) is also stored or provisioned into the security co-processor 120. The hardware key certificate may include the public hardware key corresponding to the private hardware key provisioned into the security co-processor 120 and may be signed by the manufacturer of the security co-processor 120.”)
searching the third data structure for the operation key; and determining that the user device has the operation key based on successfully searching the third data structure for the operation key. (Negi ¶21 discloses revocation list on local computing device 102 to identify revoked keys within the local computing device which is interpreted that the key is searched in the co-processor and either found or not found based on the revocation list and recites “the group identification identifies a hardware key group of the security co-processor of the remote computing device 106 (e.g., an EPID group). Although the group identification may specifically identify a particular hardware component of a computing device, for simplicity, the group identification may be referred to herein generally as being a group identification “of the computing device.” The local computing device 102 determines whether, for example, the EPID key of the remote computing device 106 has been revoked.”).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Field and Chandrashekar wherein the operation key, the user device, and the server device are associated with an entity, and wherein determining that the user device has the operation key comprises: identifying a third data structure included in the user device that is associated with the entity; searching the third data structure for the operation key; and determining that the user device has the operation key based on successfully searching the third data structure for the operation key as disclosed by Negi to ensure a security certificate is associated with the hardware manufacturer (see Negi ¶16).

With respect to claim 6, Field in view of Chandrashekar disclose: The method of claim 1, 
They do not explicitly disclose: wherein the first data structure is associated with a trusted platform module (TPM) component of the user device, and wherein retrieving the hardware key from the first data structure comprises: communicating with the TPM component to obtain access to the first data structure; and retrieving the hardware key from the first data structure after obtaining access to the first data structure.
However, Negi in an analogous art discloses: wherein the first data structure is associated with a trusted platform module (TPM) component of the user device, and wherein retrieving the hardware key from the first data structure comprises: communicating with the TPM component to obtain access to the first data structure; and retrieving the hardware key from the first data structure after obtaining access to the first data structure. (Negi ¶16 discloses local device processor 120 embodied as a TPM when reciting “The security co-processor 120 may be embodied as any hardware component(s) or circuitry capable of establishing a trusted execution environment. For example, the security co-processor 120 may be embodied as a Trusted Platform Module (TPM)” Wherein Negi ¶65 and ¶85 disclose examples that use the processor, as understood by the examiner, of retrieving public hardware key of a hardware key certificate when reciting “retrieving a public key of the manufacturer corresponding to a private key used to sign the hardware key certificate”).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Field and Chandrashekar wherein the first data structure is associated with a trusted platform module (TPM) component of the user device, and wherein retrieving the hardware key from the first data structure comprises: communicating with the TPM component to obtain access to the first data structure; and retrieving the hardware key from the first data structure after obtaining access to the first data structure as disclosed by Negi to ensure security processing of data (see Negi ¶16).

With respect to claim 18, Field in view of Chandrashekar disclose: The user device of claim 17, wherein the one or more processors, to retrieve the hardware key from the first data structure, are configured to: 
They do not explicitly disclose: communicate with a cryptoprocessor of the user device to obtain access to the first data structure; and retrieve the hardware key from the first data structure after obtaining access to the first data structure.
However, Negi in an analogous art discloses: communicate with a cryptoprocessor of the user device to obtain access to the first data structure; and retrieve the hardware key from the first data structure after obtaining access to the first data structure. (Negi ¶16 discloses local device processor 120 embodied as a TPM when reciting “The security co-processor 120 may be embodied as any hardware component(s) or circuitry capable of establishing a trusted execution environment. For example, the security co-processor 120 may be embodied as a Trusted Platform Module (TPM)” Wherein Negi ¶65 and ¶85 disclose examples that use the processor, as understood by the examiner, of retrieving public hardware key of a hardware key certificate when reciting “retrieving a public key of the manufacturer corresponding to a private key used to sign the hardware key certificate”).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Field and Chandrashekar with communicating with a cryptoprocessor of the user device to obtain access to the first data structure; and retrieve the hardware key from the first data structure after obtaining access to the first data structure as disclosed by Negi to ensure security processing of data (see Negi ¶16).

Claim 7 is rejected under 35 U.S.C. 103 as being unpatentable over Field in view of Chandrashekar as applied to claims 1-4, 8, 10, 17 and 19 above, and further in view of Angus (US 20160294829 A1) hereinafter referred to as Angus.

With respect to claim 7, Field in view of Chandrashekar disclose: The method of claim 1, wherein encrypting the hardware key comprises: 
They do not explicitly disclose: processing, using an advanced encryption standard (AES) algorithm with the operation key as an encrypting key, the hardware key.
However, Angus in an analogous art discloses: processing, using an advanced encryption standard (AES) algorithm with the operation key as an encrypting key, the hardware key. (Angus ¶75 “he encryption module 404 may generate a random Advanced Encryption Standard (AES) key and encrypt the key with the received public key”).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Field and Chandrashekar with using an advanced encryption standard (AES) algorithm with the operation key as an encrypting key, the hardware key as disclosed by Angus to securely encrypt a key (see Angus ¶75).

Claims 9 and 20 are rejected under 35 U.S.C. 103 as being unpatentable over Field in view of Chandrashekar as applied to claims 1-4, 8, 10, 17 and 19 above, and further in view of Ito et al. (US 20100174919 A1) hereinafter referred to as Ito.

With respect to claim 9, Field in view of Chandrashekar disclose: The method of claim 1, wherein determining that the hash value is not included in the registry of the user device comprises: 
They do not explicitly disclose: identifying a set of registry key values in the registry, determining that the hash value does not match any registry key value of the set of registry key values; and determining that the hash value is not included in the registry based on determining that the hash value does not match any registry key value of the set of registry key values.
However, Ito in an analogous art discloses: identifying a set of registry key values in the registry, determining that the hash value does not match any registry key value of the set of registry key values; and determining that the hash value is not included in the registry based on determining that the hash value does not match any registry key value of the set of registry key values. (Ito ¶136 “the data encryption/decryption function unit 160 reads all pieces of key information from the normal key table 128 and extracts a reference hash value from each piece of key information, and compares the generated hash value and each extracted reference hash value (S13).” Wherein Fig. 5 illustrates list of keys and hashes 128).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Field and Chandrashekar with identifying a set of registry key values in the registry, determining that the hash value does not match any registry key value of the set of registry key values; and determining that the hash value is not included in the registry based on determining that the hash value does not match any registry key value of the set of registry key values as disclosed by Ito to ensure accurate and secure comparison to find a key (see Ito ¶136).

With respect to claim 20, Field in view of Chandrashekar disclose: The user device of claim 17, wherein the one or more processors, to determine that the hash value is not included in the registry of the user device, are configured to: 
They do not explicitly disclose: identify a set of registry key values associated with the hardware component in the registry, determine that the hash value does not match any registry key value of the set of registry key values; and determine that the hash value is not included in the registry based on determining that the hash value does not match any registry key value of the set of registry key values.
However, Ito in an analogous art discloses: identify a set of registry key values associated with the hardware component in the registry, determine that the hash value does not match any registry key value of the set of registry key values; and determine that the hash value is not included in the registry based on determining that the hash value does not match any registry key value of the set of registry key values. (Ito ¶136 “the data encryption/decryption function unit 160 reads all pieces of key information from the normal key table 128 and extracts a reference hash value from each piece of key information, and compares the generated hash value and each extracted reference hash value (S13).” Wherein Fig. 5 illustrates list of keys and hashes 128).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Field and Chandrashekar with identifying a set of registry key values associated with the hardware component in the registry, determine that the hash value does not match any registry key value of the set of registry key values; and determine that the hash value is not included in the registry based on determining that the hash value does not match any registry key value of the set of registry key values as disclosed by Ito to ensure accurate and secure comparison to find a key (see Ito ¶136).

Claim 11 is rejected under 35 U.S.C. 103 as being unpatentable over Field in view of Chandrashekar as applied to claims 1-4, 8, 10, 17 and 19 above, and further in view of Jiang (US 20190036893 A1) hereinafter referred to as Jiang.

With respect to claim 11, Field in view of Chandrashekar disclose: The method of claim 10, wherein causing the secure connection to be established between the user device and the server device comprises: 
They do not explicitly disclose: causing, based on using the operation key as a session key, a transport layer security (TLS) connection to be established between the user device and the server device.
However, Jiang in an analogous art discloses: causing, based on using the operation key as a session key, a transport layer security (TLS) connection to be established between the user device and the server device. (Jiang ¶20 “TLS utilizes public-key cryptographies, such as RSA (refers to the crypto algorithm developed by Rivest, Shamir and Adleman) and/or Elliptic Curve (EC), to establish a private session key agreed between two parties through an asymmetric handshaking process.” Used in communication between client and sever illustrated in Fig. 1)
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Field and Chandrashekar with causing, based on using the operation key as a session key, a transport layer security (TLS) connection to be established between the user device and the server device as disclosed by Jiang since this is a common function of a TLS connection (see Jiang background ¶3).

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. Fontaine (US 11233647 B1) col 16 lines 15-67 disclose hashing a key descriptor ID, which comprises an encrypted key. Consequently, using key descriptor ID locator to compare hashed keys to locate a key descriptor ID from a list of keys in a key factory, wherein locating the key descriptor is interpreted to mean finding or not finding it and the key factory is mapped to a key registry. The cited portion recites “The Key Factory hashes the Key Descriptor and encrypts it with the hash (technique known as “Convergent Encryption”) to produce the Encrypted Key Descriptor. (Because the Key Descriptor includes truly random strings, i.e. the keys themselves, there is no need for salting). The hash which was used to encrypt the Key Descriptor also becomes the Key Descriptor ID. The Key Factory hashes the Key Descriptor ID to produce a Key Descriptor Locator … the Key Factory can add the Key Descriptor ID to its lists of ready-to-use keys”.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to HANY S GADALLA whose telephone number is (571)272-2322. The examiner can normally be reached Mon to Fri 8:30AM - 5:00PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Carl Colin can be reached on (571) 272-3862. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/H.S.G./Examiner, Art Unit 2493

/Michael Simitoski/Primary Examiner, Art Unit 2493