DETAILED ACTION
Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
In view of the Appeal Brief filed on 11/18/2025, PROSECUTION IS HEREBY REOPENED.
To avoid abandonment of the application, appellant must exercise one of the following two options:
(1) file a reply under 37 CFR 1.111 (if this Office action is non-final) or a reply under 37 CFR 1.113 (if this Office action is final); or,
(2) initiate a new appeal by filing a notice of appeal under 37 CFR 41.31 followed by an appeal brief under 37 CFR 41.37. The previously paid notice of appeal fee and appeal brief fee can be applied to the new appeal. If, however, the appeal fees set forth in 37 CFR 41.20 have been increased since they were previously paid, then appellant must pay the difference between the increased fees and the amount previously paid.
A Supervisory Patent Examiner (SPE) has approved of reopening prosecution by signing below:
/Jeffrey Nickerson/ Supervisory Patent Examiner, Art Unit 2432
Response to Arguments
Regarding claims rejected under 35 USC 101:
Applicant's arguments have been fully considered but they are not persuasive.
Applicant first notes the Desjardins memo, stating that “Director Squires cautioned that Examiners and panels should not evaluate claims at "a high level of generality" and should treat "precedent with more care, especially when acting sua sponte…" Even though the discussion in Desjardins is directed to artificial intelligence (AI) innovations, the APR admitted to "the confusing nature of existing § 101 jurisprudence." Id. Appellant submits that such caution must be considered here, even if directed to a different technology, at least because of the overlap in complexity between AI innovations in Desjardins and the cryptographic approaches in the present application, both being overly generalized or simplified to the point where innovation itself may be lost... the Office Action wrongly interprets claim 1 to generalize and trivialize Appellant's claim… The Office Action's generalization of the claims to a trivial case is specifically the issue that Director Squires cautioned about in the decision in Desjardins.”
In response, it is noted that the claims have been interpreted and examined using the broadest reasonable interpretation, as a person of ordinary skill in the art, in light of applicant’s specification, which is required by lengthy legal precedent of the courts and the MPEP. Thus, appellant’s unsupported allegations that the claims have been “over-generalized”, when Appellant has not demonstrated in any way that the interpretation set forth is not the BRI by a PHOSITA, or that the examples provided in the 101 rejection are not within the scope of the BRI by a PHOSITA, is meaningless. Claim are not “over-generalized” if applicant’s claims and the BRI is really broad. All limitations were considered by the examiner during claim interpretation. In the case of independent claim 1, the claim language is drawn to “encrypting,” “providing,” “separately encrypting,” “receiving,” “receiving,” “determining,” and “providing” steps. These steps can be reasonably interpreted as being drawn to the trivial case of key recovery by means of encryption and personal authorization.
For instance, “encrypting a cryptographic key with a restore key, the cryptographic key to encrypt data for a customer” is merely a step of encrypting a key with a key encrypting key; “providing metadata comprising first information associated with the cryptographic key and comprising second information that is different from the first information and that is associated with the restore key;” includes providing literally any two pieces of information that are respectively “associated with” each key; “separately encrypting the metadata with the restore key to generate encrypted metadata;” is merely another step of encrypting information (e.g., encrypting encryption/decryption information (such as the algorithm used, padding information, timestamps, and so forth) with the same key encrypting key; “sending the encrypted cryptographic key and the encrypted metadata to different entities” is merely a step of providing the encrypted information to different entities, which are not even recited as being computer entities; “receiving a copy of the encrypted cryptographic key and a copy of the encrypted metadata” is merely a step of receiving information, and is not performed under any particular computer communication protocol; “receiving authorization permission to authorize a restore request from one or more authorized sources” is merely a step of receiving authorization, which again is not recited as being provided under any particular communication protocol to differentiate over an interpretation of a person giving authorization; “the restore request including the copy of the cryptographic key as encrypted under the restore key and the copy of the metadata as encrypted under the restore key” merely specifies the format of data received, which can be written or verbal since the claim does not specify any data structure; “determining, in response to receiving the authorization permission, to authorize the restore request based at least in part on comparing the copy of the encrypted metadata with the encrypted metadata” is merely a step of performing a comparison based on received information. All of these steps may be performed by humans using pen and paper or even mentally. And, the BRI of the claim includes the trivial case, therefore, the trivial case must be considered for any analysis under 101 or 102/103 or 112. It would be contrary to decades of legal precedent to ignore the trivial case that falls within the scope of the claim. An example of trivial case includes using a simple cipher such as Caesar cipher substitution (e.g., the “restore key” being to shift all alphanumerical values right). None of these steps are drawn to a particular computer, any particular communication protocol, or even an encryption algorithm which would be too difficult to do by hand using pen and paper.
The final limitation of claim 1 recites “providing a secure environment for operations associated with the data for the customer based in part on the restored cryptographic key.” This limitation does not actually specify the particulars of the “secure environment,” which does not appear in the specification such that it could have a defined meaning. While Applicant argues points to [0002] of the instant specification and argues that “[t]he allegation that "providing" [is not] explained in sufficient detail" or that "how the "providing" is 'based in part on the restored cryptographic key' [is not included]," is only argumentative to maintain the improper generalization and trivialization of the claims,” the claim language does not in fact recite any environment beyond “computer implemented” nor does the instant specification actually define this term. Further, while “providing” may be “computer implemented,” the claim does not even specify the “secure environment” or “operations” as being necessarily “computer implemented.”
It is additionally noted that neither the “operations” nor “based in part” are defined with respect to anything beyond merely using the restored key for its given purpose (i.e., using an encryption key to perform encryption). Further, the ultimate “providing” limitation is a result-oriented whereby limitation disguised as a positive, active step of the claimed method. This limitation is simply the result achieved by performing every prior step of the method. That is, if one performs all the prior steps of “encrypting…”, “providing…”, “separately encrypting…”, “receiving…”, “receiving…”, and “determining…” steps then a secure environment exists for future operations. While the “secure environment” may be interpreted as, e.g., a secure room, it can also merely refer to the result of the key recovery allowing use of the key. In fact, this seems to be confirmed in Applicant’s arguments on page 12 stating that “it is readily apparent that "a secure environment for operations" is a secure computer environment provided at least because data in the environment and any use associated with operations in the environment is subject to encryption using the restored cryptography key.” This is something that can be performed by humans using pen and paper. Thus, this limitation can also be reasonably interpreted as being drawn to steps performable by humans mentally or using pen and paper.
Since the claim language can be reasonably interpreted under the trivial case of key recovery by means of encryption and personal authorization, then it is not being evaluated at a level of generality beyond its scope. The trivial case is in fact part of the broadest reasonable interpretation for the claim language.
With respect to the comparison to Desjardins, it is noted that the particular application at issue was drawn to a machine learning model and a detailed algorithm for training the model. It recited the specifics of the computer technology at issue, and detailed technical improvements to the model using the algorithm. In contrast, the instant claim does not recite any particular technological environment, and its proposed technical improvement is the use of encryption and authorization without any specific algorithm beyond the verbs of “encrypting” and “authoriz[ing].” The instant claim is neither drawn to training a machine learning model nor does it recite its technological improvement at the same level of detail as in Desjardins. It is further noted that the underlying technology of Desjardins, machine learning models, was generally first invented in the 21st Century. This is in comparison to the underlying technology of the instant application, cryptography with keys, whose first known use was as early as 1500BC, literally over 3 millenniums ago, but definitely was is common use by governments and militaries in the 500-100BC timeframe.
Applicant next points to the USPTO patent eligibility examples, and example 41 in particular. Specifically, Applicant writes that “if the precedent, examples, and the Director's decision in Desjardins are to be ignored, it can be argued that Example 41 can also be taken under a trivial case, using the present Examination standards. Then, in Example 41, "transmitting the ciphertext word signal to a computer terminal" may also be performed by human data entry of a ciphertext word signal into a computer terminal without regard to the computer terminal necessarily being a "computer environment" or performing any aspect of the cryptography scheme in Example 41. Similarly, every computer-based cryptography scheme may be generalized and trivialized to exclude patent protection.” In response, it is first noted that the patent eligibility examples are non-precedential and non-binding. Further, example 41 is drawn to “establishing cryptographic communications between a first computer terminal and a second computer terminal” by use of a novel and specific encryption algorithm that is outlined in detail. In contrast, the instant claim is drawn to generally performing encryption without any specific algorithm; performing authorization without any specific algorithm, and the “secure environment” is completely undefined. One of ordinary skill in the art would recognize that the claim of example 41 is drawn to a particular secure channel protocol between computers since that sufficiently limits the use of the mathematical concepts to the practical application of transmitting the ciphertext word signal to a computer terminal over a communication channel. Where the claimed invention of example 41 provides a secure communication protocol so that a ciphertext word signal can be transmitted between computers of people who do not know each other or who have not shared a private key between them in advance of the message being transmitted, the claimed invention merely recites generally providing a secure environment as a result of encryption without any specified algorithm, computer technology, or computer environment.
Where Applicant argues that “[c]laim 1 already recites the use of the cryptographic key to encrypt data for a customer, which makes apparent the use of the restored cryptographic key is also to encrypt data for a customer using a computer, that the computer prior to the encryption may be unsecured, and the ability to use the restored cryptographic key makes the environment in which the computer is operating a secure environment for all operations associated with the data,” the examiner again notes that merely referencing a general use of encryption to “secure” an “environment” is addressing a problem that transcends computing because encryption by definition is used to secure environments. That is, the claimed result that is achieved transcends computers and would be achieved without them. Further, encryption has been used to secure environments in that manner (e.g., any communication or private writings) since before the invention of computers.
Where Applicant argues that “[t]here should be no dispute that the limitation of "providing a secure environment for operations associated with the data for the customer" is fully within a computer environment and is made possible "based in part on the restored cryptographic key," which is a result of the specific encryption and decryption steps of claim 1,” it is again noted that the claim terms are not sufficiently descriptive of computer technology, and that the instant specification does not provide a definition for this limitation beyond merely using an encryption key for its intended purpose. However, it is also noted that adding the words “apply it” (or an equivalent) with the judicial exception, or mere instructions to implement an abstract idea on a computer, or merely using a computer as a tool to perform an abstract idea is not sufficient—see MPEP 2106.05(f). Here, Applicant’s arguments amount to stating that the secure environment is merely that of a computer environment, and that this is sufficient to overcome the abstract idea interpretation.
With respect to prong 2 of step 2A, Applicant additionally argues that “claim 1 is directed to improvements in computer environments and to address the technical challenge of compromises to a key management service or system that is within a computerized environment; and the claim is to provide a secure environment for operations associated with the data for the customer based in part on the restored cryptographic key.” However, the key management service or system, the computerized environment, the secure environment, the customer, and the operations are not detailed in the claim language beyond their noun. As per MPEP 2106.04(d)(1), if the specification explicitly sets forth an improvement but in a conclusory manner (i.e., a bare assertion of an improvement without the detail necessary to be apparent to a person of ordinary skill in the art), the examiner should not determine the claim improves technology. Likewise, the claim needs to include the components or steps of the invention that provide the improvement described in the specification. Merely referencing the use of encryption in association with at least one base level computer is not considered to be sufficient integrating the judicial exception into a practical application.
With respect to step 2B, Applicant first argues that “there are additional elements in claim 1, in the recitations of sending and receiving cryptographic materials, representing communications or transmission to provide such a secure environment. This may include sending the encrypted cryptographic key and the encrypted metadata to different entities, receiving a copy of the encrypted cryptographic key and a copy of the encrypted metadata, and providing a secure environment for operations associated with the data for the customer based in part on the restored cryptographic key, which are all a combination of additional elements in claim 1 that are more than generic or conventional aspects in a computer environment.” In response, it is noted that merely referencing the use of encryption, sending and receiving encrypted data, and authorizing the use of received data without reciting any particular computer, particular algorithm, particular protocol, or even particular computer environment beyond “computer implemented” is not sufficient. As previously discussed above, the steps of the claim may be reasonable interpreted as being performable by human activity, and the additional elements amount to mere computerization.
Applicant additionally argues that “any language differences between claim 1 and example 41 discussed herein do not rise to the level of factual distinctions that would then make Example 41 irrelevant or less relevant to the section 101 analysis… Appellant submits that the challenged language in claim 1 is not factually distinct from Example 41, as explained in the prior section… such allegation is an attempt at generalization and trivialization of the claim and may apply to any cryptography scheme as argued in the Office Action - even to Example 41 and even if unsupported by the art of record, as detailed in Appellant's discussion of the errors of the section 103 rejection. The allegation is based on a fundamentally flawed interpretation and should be given no weight in this appeal.” In response, it is again noted that the instant claims have been given their broadest reasonable interpretation which includes the trivial example outlined above, and that example 41 is drawn to a specific cryptographic algorithm for providing a secure channel between two computers. In contrast, the instant claims are drawn to generic encryption, generic sending and receiving, and a “secure environment” that is not defined in the claim or the specification beyond being secure because an encryption key is used for encryption. Further, the scope of the “operations associated with the data for the customer based in part on the restored cryptographic key” is not clear due to the modifiers of “associated” and “based in part on.” For instance, this claim language may mean that the environment is secure for operations that are merely associated with the encryption, but do not even use encryption themselves (e.g., sending and receiving data that has been encrypted outside of the claim scope). Additionally, “based in part” can mean that the key is referenced but not directly used for encryption.
Regarding claims rejected under 35 USC 103:
Applicant’s arguments have been fully considered and are persuasive. Therefore, the rejection has been withdrawn. However, upon further consideration, a new ground(s) of rejection is made in view of Herman (US 2010/0229005 A1).
Double Patenting
The nonstatutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper timewise extension of the “right to exclude” granted by a patent and to prevent possible harassment by multiple assignees. A nonstatutory double patenting rejection is appropriate where the conflicting claims are not identical, but at least one examined application claim is not patentably distinct from the reference claim(s) because the examined application claim is either anticipated by, or would have been obvious over, the reference claim(s). See, e.g., In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969).
A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) or 1.321(d) may be used to overcome an actual or provisional rejection based on nonstatutory double patenting provided the reference application or patent either is shown to be commonly owned with the examined application, or claims an invention made as a result of activities undertaken within the scope of a joint research agreement. See MPEP § 717.02 for applications subject to examination under the first inventor to file provisions of the AIA as explained in MPEP § 2159. See MPEP § 2146 et seq. for applications not subject to examination under the first inventor to file provisions of the AIA . A terminal disclaimer must be signed in compliance with 37 CFR 1.321(b).
The filing of a terminal disclaimer by itself is not a complete reply to a nonstatutory double patenting (NSDP) rejection. A complete reply requires that the terminal disclaimer be accompanied by a reply requesting reconsideration of the prior Office action. Even where the NSDP rejection is provisional the reply must be complete. See MPEP § 804, subsection I.B.1. For a reply to a non-final Office action, see 37 CFR 1.111(a). For a reply to final Office action, see 37 CFR 1.113(c). A request for reconsideration while not provided for in 37 CFR 1.113(c) may be filed after final for consideration. See MPEP §§ 706.07(e) and 714.13.
The USPTO Internet website contains terminal disclaimer forms which may be used. Please visit www.uspto.gov/patent/patents-forms. The actual filing date of the application in which the form is filed determines what form (e.g., PTO/SB/25, PTO/SB/26, PTO/AIA /25, or PTO/AIA /26) should be used. A web-based eTerminal Disclaimer may be filled out completely online using web-screens. An eTerminal Disclaimer that meets all requirements is auto-processed and approved immediately upon submission. For more information about eTerminal Disclaimers, refer to www.uspto.gov/patents/apply/applying-online/eterminal-disclaimer.
Claims 1-20 are rejected on the ground of nonstatutory double patenting as being unpatentable over at least claims 1-12, 13, and 18 of U.S. Patent No. 9,882,888 B2 in view of Jueneman (US 2008/0263363 A1). The patent claims are considered to teach the instant claims as mapped below (they further teach independent claims 7 and 14 for substantially the same reasons as claim 1 below, and dependent claims 15-20 for substantially the same reasons as elements of dependent claims 2-6 and 8-14 below), but do not specify separately encrypting the metadata with the restore key to generate encrypted metadata. However, it would have been obvious to one of ordinary skill in the art at the time to modify the teachings of the patent claims with [0041] of Jueneman to further implement separately encrypting metadata because the substitution of one known element for another (encrypting data as a whole versus piecewise or in steps) would have yielded predictable results to one of ordinary skill in the art at the time.
Instant Application
US 9,882,888 B2
1. (Previously Presented) A computer implemented method, comprising:
encrypting a cryptographic key with a restore key, the cryptographic key to encrypt data for a customer;
providing metadata comprising first information associated with the cryptographic key and comprising second information that is different from the first information and that is associated with the restore key; separately encrypting the metadata with the restore key to generate encrypted metadata;
sending the encrypted cryptographic key and the encrypted metadata to different entities;
receiving a copy of the encrypted cryptographic key and a copy of the encrypted metadata;
receiving authorization permission to authorize a restore request from one or more authorized sources, the restore request including the copy of the cryptographic key as encrypted under the restore key and the copy of the metadata as encrypted under the restore key; and
determining, in response to receiving the authorization permission, to authorize the restore request based at least in part on comparing the copy of the encrypted metadata with the encrypted metadata; and
providing a secure environment for operations associated with the data for the customer based in part on the restored cryptographic key.
1. A computer implemented method for managing a cryptographic key, comprising:
storing, in a data store managed by a key management service, a cryptographic key for use in encrypting data for a customer of a service provider associated with the cryptographic key, the key management service being operated in a service provider environment of the service provider, the cryptographic key associated with metadata;
receiving a suspend request to suspend storage of the cryptographic key by the key management service;
generating a restore key to be associated with the customer;
encrypting the cryptographic key with the restore key and the metadata with the restore key;
retaining a copy of the metadata as encrypted under the restore key;
sending, to the customer, the cryptographic key as encrypted under the restore key;
sending to the customer the metadata as encrypted under the restore key;
destroying any copy of the cryptographic key stored by the key management service;
receiving a restore request to cause to the key management service to store a copy of the cryptographic key, the restore request including a copy of the cryptographic key as encrypted under the restore key and a copy of the metadata as encrypted under the restore key;
comparing the copy of the metadata as encrypted under the restore key received with the restore request with the copy of the metadata as encrypted under the restore key; and
authorizing the restore request based at least in part on the comparing.
2. (Original) The computer implemented method of claim 1, further comprising: storing, in a data store managed by a key management service, the cryptographic key for use in encrypting data for a customer of a service provider associated with the cryptographic key, the key management service being operated in a service provider environment of the service provider, the cryptographic key associated with the metadata.
1. …storing, in a data store managed by a key management service, a cryptographic key for use in encrypting data for a customer of a service provider associated with the cryptographic key, the key management service being operated in a service provider environment of the service provider, the cryptographic key associated with metadata…
3. (Original) The computer implemented method of claim 1, further comprising: updating the metadata with audit information indicating at least one of a customer initiating a suspend request or a time of initiating the suspend request.
2. The computer implemented method of claim 1, wherein the metadata includes audit information indicating one of a customer initiating the suspend request or a time of initiating the suspend request; and wherein authorizing the restore request includes decrypting the copy of the cryptographic key as encrypted under the restore key using the restore key and storing the cryptographic key in the key management service on behalf of the customer.
4. (Previously Presented) The computer implemented method of claim 1, further comprising: receiving a suspend request to suspend storage of the cryptographic key; generating the restore key; retaining a copy of the encrypted metadata; and destroying any copy of the cryptographic key which is under control or managed by a cryptographic service.
1. …receiving a suspend request to suspend storage of the cryptographic key by the key management service; generating a restore key to be associated with the customer… retaining a copy of the metadata as encrypted under the restore key… destroying any copy of the cryptographic key stored by the key management service…
5. (Previously Presented) The computer implemented method of further comprising: receiving a restore request to cause to store a copy of the cryptographic key; decrypting the copy of the encrypted cryptographic key using the restore key to generate a local copy of the cryptographic key; and making available the local copy of the cryptographic key to a customer to perform one or more operations using the local copy of the cryptographic key.
1. … receiving a restore request to cause to the key management service to store a copy of the cryptographic key, the restore request including a copy of the cryptographic key as encrypted under the restore key and a copy of the metadata as encrypted under the restore key…
4. The computer implemented method of claim 3, further comprising:
making available the local copy of the secret to the first authorized customer to perform one or more operations using the local copy of the secret.
6. (Original) The computer implemented method of claim 1, further comprising: sending the encrypted cryptographic key to a first customer; and sending the encrypted metadata to a second customer.
5. The computer implemented method of claim 4, further comprising:
causing a notification to be sent to at least one of the first authorized customer or the second authorized customer in response to receiving a restore request.
12. The computer implemented method of claim 3, further comprising:
splitting the local copy of the secret into at least first information and second information using an information splitting algorithm; and
providing the first information to first authorized customer and the second information to the second authorized customer,
wherein restoring the local copy of the secret includes receiving at least the first information and the second information.
8. (Previously Presented) The computing system of claim 7, wherein the instructions, when executed, further cause the computing system to: receive a restore request to cause to store a copy of the cryptographic key; and send a notification to a customer.
5. The computer implemented method of claim 4, further comprising:
causing a notification to be sent to at least one of the first authorized customer or the second authorized customer in response to receiving a restore request.
9. (Original) The computing system of claim 8, wherein the instructions, when executed, further cause the computing system to: decrypt the copy of the encrypted cryptographic key using the restore key at an expiration of a predetermined period of time.
6. The computer implemented method of claim 5, further comprising:
in response to causing the notification to be sent, decrypting the copy of the secret at an expiration of a predetermined period of time.
10. (Original) The computing system of claim 7, wherein the instructions, when executed, further cause the computing system to: flag the encrypted cryptographic key as pending deletion; and destroy any copy of the cryptographic key when an acknowledgment of receipt of the encrypted cryptographic key is received; or provide a copy of the encrypted cryptographic key when a determined amount of time passes before the acknowledgment of receipt is received.
10. The computer implemented method of claim 3, further comprising:
in response to providing the first authorized customer a copy of the secret encrypted under the first restore key, flagging the local copy of the secret as pending deletion;
destroying any copy of the secret when an acknowledgment of receipt of the secret encrypted under the first restore key is received; or
providing the first authorized customer a copy of the secret encrypted under the first restore key when a determined amount of time passes before the acknowledgment of receipt is received.
11. (Original) The computing system of claim 7, wherein the instructions, when executed, further cause the computing system to: encrypt the restore key using a second restore key at an expiration of an interval of time; and send a copy of the restore key encrypted under the second restore key; or receive the copy of the encrypted cryptographic key, decrypt the encrypted cryptographic key, and encrypt the cryptographic key using the second restore key.
11. The computer implemented method of claim 3, further comprising rotating the first restore key, wherein rotating the first restore key includes:
encrypting the first restore key using the second restore key at an expiration of a determined interval of time and providing the first authorized customer a copy of the first restore key encrypted under the second restore key; or
in response to receiving a copy of the secret encrypted under the first restore key, decrypting the secret encrypted under the first restore key and encrypting the secret using the second restore key, wherein a copy of the secret encrypted under the second restore key is provided to the second authorized customer.
12. (Original) The computing system of claim 7, wherein the instructions, when executed, further cause the computing system to: encrypt the restore key under a second restore key; send the encrypted cryptographic key to a primary account; send a copy of the restore key encrypted under the second restore key to a secondary account; receive the copy of the encrypted cryptographic key from the primary account; receive the copy of the restore key encrypted under the second restore key from the secondary account; restore the restore key encrypted under the second restore key using a second key; and restore the encrypted cryptographic key using the restore key.
11. The computer implemented method of claim 3, further comprising rotating the first restore key, wherein rotating the first restore key includes:
encrypting the first restore key using the second restore key at an expiration of a determined interval of time and providing the first authorized customer a copy of the first restore key encrypted under the second restore key; or
in response to receiving a copy of the secret encrypted under the first restore key, decrypting the secret encrypted under the first restore key and encrypting the secret using the second restore key, wherein a copy of the secret encrypted under the second restore key is provided to the second authorized customer.
12. The computer implemented method of claim 3, further comprising:
splitting the local copy of the secret into at least first information and second information using an information splitting algorithm; and
providing the first information to first authorized customer and the second information to the second authorized customer,
wherein restoring the local copy of the secret includes receiving at least the first information and the second information.
13. (Original) The computing system of claim 7, wherein the instructions, when executed, further cause the computing system to: store, in a data store managed by a key management service, the cryptographic key for use in encrypting data for a customer of a service provider associated with the cryptographic key, the key management service being operated in a service provider environment of the service provider, the cryptographic key associated with the metadata.
1. …storing, in a data store managed by a key management service, a cryptographic key for use in encrypting data for a customer of a service provider associated with the cryptographic key, the key management service being operated in a service provider environment of the service provider, the cryptographic key associated with metadata…
Claims 1-20 are rejected on the ground of nonstatutory double patenting as being unpatentable over at least claims 1-12, 14, and 19 of U.S. Patent No. 9,071,429 B1 in view of Jueneman (US 2008/0263363 A1). The patent claims are considered to teach the instant claims as mapped below (they further teach independent claims 7 and 14 for substantially the same reasons as claim 1 below, and dependent claims 15-20 for substantially the same reasons as elements of dependent claims 2-6 and 8-14 below), but do not specify separately encrypting the metadata with the restore key to generate encrypted metadata. However, it would have been obvious to one of ordinary skill in the art at the time to modify the teachings of the patent claims with [0041] of Jueneman to further implement separately encrypting metadata because the substitution of one known element for another (encrypting data as a whole versus piecewise or in steps) would have yielded predictable results to one of ordinary skill in the art at the time.
Instant Application
US 9,071,429 B1
1. (Previously Presented) A computer implemented method, comprising:
encrypting a cryptographic key with a restore key, the cryptographic key to encrypt data for a customer;
providing metadata comprising first information associated with the cryptographic key and comprising second information that is different from the first information and that is associated with the restore key; separately encrypting the metadata with the restore key to generate encrypted metadata;
sending the encrypted cryptographic key and the encrypted metadata to different entities;
receiving a copy of the encrypted cryptographic key and a copy of the encrypted metadata;
receiving authorization permission to authorize a restore request from one or more authorized sources, the restore request including the copy of the cryptographic key as encrypted under the restore key and the copy of the metadata as encrypted under the restore key; and
determining, in response to receiving the authorization permission, to authorize the restore request based at least in part on comparing the copy of the encrypted metadata with the encrypted metadata;
providing a secure environment for operations associated with the data for the customer based in part on the restored cryptographic key.
1. A computer implemented method for managing a cryptographic key, comprising:
storing, in a data store managed by a key management service, a cryptographic key for use in encrypting data for a customer of a service provider associated with the cryptographic key, the key management service being operated in a service provider environment of the service provider;
receiving a suspend request to suspend storage of the cryptographic key by the key management service;
generating a restore key to be associated with the customer;
encrypting the cryptographic key with the restore key;
encrypting at least a portion of metadata associated with the cryptographic key under the restore key to generate encrypted metadata, the at least a portion of metadata being associated with the restore key;
updating the at least a portion of metadata with audit information and retaining a copy of the encrypted metadata at the key management service;
sending, to the customer, the cryptographic key as encrypted under the restore key;
destroying any copy of the cryptographic key stored by the key management service;
receiving a restore request to cause to the key management service to store a copy of the cryptographic key, the restore request including a copy of the cryptographic key as encrypted under the restore key;
comparing at least a copy of metadata received with the restore request with the copy of the encrypted metadata at the key management service;
authorizing the restore request based at least in part on the comparing; and
decrypting the copy of the cryptographic key as encrypted under the restore key using the restore key and storing the copy of the cryptographic key and a copy of the encrypted metadata in the key management service on behalf of the customer.
2. (Original) The computer implemented method of claim 1, further comprising: storing, in a data store managed by a key management service, the cryptographic key for use in encrypting data for a customer of a service provider associated with the cryptographic key, the key management service being operated in a service provider environment of the service provider, the cryptographic key associated with the metadata.
1. …storing, in a data store managed by a key management service, a cryptographic key for use in encrypting data for a customer of a service provider associated with the cryptographic key, the key management service being operated in a service provider environment of the service provider…
3. (Original) The computer implemented method of claim 1, further comprising: updating the metadata with audit information indicating at least one of a customer initiating a suspend request or a time of initiating the suspend request.
1. …receiving a suspend request to suspend storage of the cryptographic key by the key management service…
2. The computer implemented method of claim 1, wherein the audit information indicates at least one of a customer initiating the suspend request or a time of initiating the suspend request.
4. (Previously Presented) The computer implemented method of claim 1, further comprising: receiving a suspend request to suspend storage of the cryptographic key; generating the restore key; retaining a copy of the encrypted metadata; and destroying any copy of the cryptographic key.
1. …receiving a suspend request to suspend storage of the cryptographic key by the key management service… updating the at least a portion of metadata with audit information and retaining a copy of the encrypted metadata at the key management service…
5. (Previously Presented) The computer implemented method of The computer implemented method of further comprising: receiving a restore request to cause to store a copy of the cryptographic key; decrypting the copy of the encrypted cryptographic key using the restore key to generate a local copy of the cryptographic key; and making available the local copy of the cryptographic key to a customer to perform one or more operations using the local copy of the cryptographic key.
1. … receiving a restore request to cause to the key management service to store a copy of the cryptographic key, the restore request including a copy of the cryptographic key as encrypted under the restore key… decrypting the copy of the cryptographic key as encrypted under the restore key using the restore key and storing the copy of the cryptographic key and a copy of the encrypted metadata in the key management service on behalf of the customer.
4. The computer implemented method of claim 3, further comprising:
making available the local copy of the secret to the customer to perform one or more operations using the local copy of the secret.
6. (Original) The computer implemented method of claim 1, further comprising: sending the encrypted cryptographic key to a first customer; and sending the encrypted metadata to a second customer.
13. The computer implemented method of claim 3, further comprising:
splitting the local copy of the secret into at least first information and second information using an information splitting algorithm; and
providing the first information to a first customer and the second information to a second customer,
wherein restoring the local copy of the secret includes receiving at least the first information and the second information.
8. (Previously Presented) The computing system of claim 7, wherein the instructions, when executed, further cause the computing system to: receive a restore request to cause to store a copy of the cryptographic key; and send a notification to a customer.
11. The computer implemented method of claim 4, further comprising:
causing a notification to be sent to at least one of each authorized customer of the secret or at least one authorized customer of the secret in response to receiving the restore request.
12. The computer implemented method of claim 11, further comprising:
in response to causing the notification to be sent, decrypting the copy of the secret encrypted under the restore key using the restore key at an expiration of a predetermined period of time.
9. (Original) The computing system of claim 8, wherein the instructions, when executed, further cause the computing system to: decrypt the copy of the encrypted cryptographic key using the restore key at an expiration of a predetermined period of time.
12. The computer implemented method of claim 11, further comprising:
in response to causing the notification to be sent, decrypting the copy of the secret encrypted under the restore key using the restore key at an expiration of a predetermined period of time.
10. (Original) The computing system of claim 7, wherein the instructions, when executed, further cause the computing system to: flag the encrypted cryptographic key as pending deletion; and destroy any copy of the cryptographic key when an acknowledgment of receipt of the encrypted cryptographic key is received; or provide a copy of the encrypted cryptographic key when a determined amount of time passes before the acknowledgment of receipt is received.
8. The computer implemented method of claim 3, further comprising:
in response to providing the customer a copy of the secret encrypted under the restore key, flagging the local copy of the secret as pending deletion;
destroying any copy of the secret when an acknowledgment of receipt of the secret encrypted under the restore key is received; or
providing the customer a copy of the secret encrypted under the restore key when a determined amount of time passes before the acknowledgment of receipt is received.
11. (Original) The computing system of claim 7, wherein the instructions, when executed, further cause the computing system to: encrypt the restore key using a second restore key at an expiration of an interval of time; and send a copy of the restore key encrypted under the second restore key; or receive the copy of the encrypted cryptographic key, decrypt the encrypted cryptographic key, and encrypt the cryptographic key using the second restore key.
9. The computer implemented method of claim 3, further comprising rotating the restore key, wherein rotating the restore key includes:
encrypting the restore key using a second restore key at an expiration of a determined interval of time and providing the customer a copy of the restore key encrypted under the second restore key; or
in response to receiving a copy of the secret encrypted under the restore key, decrypting the secret encrypted under the restore key and encrypting the secret using a second restore key, wherein a copy of the secret encrypted under the second restore key is provided to the customer.
12. (Original) The computing system of claim 7, wherein the instructions, when executed, further cause the computing system to: encrypt the restore key under a second restore key; send the encrypted cryptographic key to a primary account; send a copy of the restore key encrypted under the second restore key to a secondary account; receive the copy of the encrypted cryptographic key from the primary account; receive the copy of the restore key encrypted under the second restore key from the secondary account; restore the restore key encrypted under the second restore key using a second key; and restore the encrypted cryptographic key using the restore key.
10. The computer implemented method of claim 3, further comprising:
encrypting the restore key under a second restore key;
providing a copy of the restore key encrypted under a second key to a second authorized customer, wherein the customer and the second authorized customer are authorized customers of the secret;
receiving a restore request, the restore request including a copy of the secret encrypted under the restore key and a copy of the restore key encrypted under the second key;
restoring the restore key encrypted under the second key using the second key; and
restoring the secret encrypted under the restore key using the restore key.
13. (Original) The computing system of claim 7, wherein the instructions, when executed, further cause the computing system to: store, in a data store managed by a key management service, the cryptographic key for use in encrypting data for a customer of a service provider associated with the cryptographic key, the key management service being operated in a service provider environment of the service provider, the cryptographic key associated with the metadata.
1. …storing, in a data store managed by a key management service, a cryptographic key for use in encrypting data for a customer of a service provider associated with the cryptographic key, the key management service being operated in a service provider environment of the service provider;…
Claim Rejections - 35 USC § 101
35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.
Claims 1-20 are rejected under 35 U.S.C. 101 because the claimed invention is directed to an abstract idea without significantly more. Note that the courts do not distinguish between mental processes that are performed entirely in the human mind and mental processes that require a human to use a physical aid (e.g., pen and paper or a slide rule) to perform the claim limitation (refer to MPEP 2106.04(a)(2)).
Example independent claim 7 recites the following abstract idea limitations: A computing system, comprising: encrypt a cryptographic key with a restore key, the cryptographic key to encrypt data for a customer (i.e., calculations performable by a mental process—e.g., encrypting a key with a key-encrypting key by following a mathematical algorithm via pen and paper or use of a cipher); provide metadata comprising first information associated with the cryptographic key and comprising second information that is different from the first information and that is associated with the restore key (i.e., data gathering and analysis performable by a mental process—e.g., obtaining encryption metadata required for a decryption algorithm, such as key identifiers, algorithm identifiers, key size, owner, and so forth); separately encrypt the metadata with the restore key to generate encrypted metadata (i.e., calculations performable by a mental process—e.g., encrypting the encryption metadata with the key-encrypting key by following a mathematical algorithm via pen and paper or use of a cipher); send the encrypted cryptographic key and the encrypted metadata to different entities (i.e., data storage as part of methods of organizing human activity—e.g., providing information such as paper records to be held by trusted entities); receive a copy of the encrypted cryptographic key and a copy of the encrypted metadata (i.e., data retrieval as part of methods of organizing human activity—e.g., requesting and receiving information from trusted entities which were previously asked to hold said information); receiving authorization permission to authorize a restore request from one or more authorized sources, the restore request including the copy of the cryptographic key as encrypted under the restore key and the copy of the metadata as encrypted under the restore key (i.e., data gathering and analysis as part of methods of organizing human activity—e.g., obtaining agreed upon information as part of an agreed upon protocol to exchange information); and determine, in response to receiving the authorization permission, whether to authorize the restore request based at least in part on comparing the copy of the encrypted metadata with the encrypted metadata (i.e., data analysis as part of a mental process—e.g., comparing stored information with received information); and providing a secure environment for operations associated with the data for the customer based in part on the restored cryptographic key (calculations performable by a mental process—e.g., using a restored cryptographic key for encryption operations).
Example independent claim 7 recites the following limitations which may comprise additional elements that are sufficient to amount to significantly more than the judicial exception: at least one processor; and memory including instructions that, when executed by the at least one processor, cause the computing system to [perform the claim steps].
With respect to step 2A, this judicial exception is not integrated into a practical application because adding the words “apply it” (or an equivalent) with the judicial exception, or mere instructions to implement an abstract idea on a computer, or merely using a computer as a tool to perform an abstract idea is not considered to be sufficient—see MPEP 2106.05(f). In this case, the claim recites “at least one processor; and memory including instructions that, when executed by the at least one processor, cause the computing system to [perform the abstract idea limitations].” However, this appears to merely be automation of the abstract idea by the base elements of any computer (a processor and memory). The claim does not appear to recite any application beyond use of a computer for merely obtaining data, sending data, comparing data, and performing encryption processing which would otherwise be done via pen and paper and methods of organizing human activity. As such, the claim is considered to merely use the processor and memory as a tool to perform the abstract idea.
With respect to an improvement in the functioning of a computer, or an improvement to other technology or technical field, it is noted that the claimed invention is addressing a problem that transcends computing: a particular key recovery algorithm (performable by a human—e.g., Alice and Bob with pen and paper) rather than to improving the functioning of a computer, or an improvement to other technology or technical field.
With respect to step 2B, the claim does not include additional elements that are sufficient to amount to significantly more than the judicial exception because the “at least one processor; and memory including instructions that, when executed by the at least one processor, cause the computing system to [perform the abstract idea limitations]” limitations are considered to be adding the words “apply it” (or an equivalent) with the judicial exception, or mere instructions to implement an abstract idea on a computer, or merely using a computer as a tool to perform an abstract idea, which is not considered to be sufficient—see MPEP 2106.05(f). In this case, the hardware processors and associated memory are base elements of any computer which would be configured to perform the abstract idea. Since these limitations amount to using any computer to perform the abstract idea, they are not considered to include additional elements that are sufficient to amount to significantly more than the judicial exception.
Independent claim 1 recites substantially the same claim language as claim 7 above, but further does not include the processor and memory limitations, and is therefore likewise rejected for the same reasons. Independent claim 14 recites substantially the same claim language as claim 7 above, but recites a “non-transitory computer-readable storage medium including instructions that, when executed by at least one processor of a computing device, cause the computing device to [perform the abstract idea limitations].” This is considered to be substantially similar to the processor and memory above, and the claim is therefore likewise rejected.
Regarding dependent claim 2, it recites the following abstract idea limitations: storing, in a data store managed by a key management service (extra solution data storage activity performable by a human—e.g., storing written information in a cabinet), the cryptographic key for use in encrypting the data for the customer of a service provider associated with the cryptographic key (evaluation as part of a mental process—e.g., following an encryption algorithm to encrypt data), the key management service being operated in a service provider environment of the service provider, the cryptographic key associated with the metadata (business relations as part of certain methods of organizing human activity—e.g., the particular contractual relationships of a service provider and key management service). Since dependent claim 2 merely further specifies the abstract idea, it is rejected under the same analysis as that of its parent claim above.
Regarding dependent claim 3, it recites the following abstract idea limitations: updating the metadata with audit information indicating at least one of the customer initiating a suspend request or a time of initiating the suspend request (i.e., data gathering and analysis as part of a mental process—e.g., annotating a customer request type or timestamp as part of the encryption metadata). Since dependent claim 3 merely further specifies the abstract idea, it is rejected under the same analysis as that of its parent claim above.
Regarding claim 4, it recites the following abstract idea limitations: receiving a suspend request to suspend storage of the cryptographic key (i.e., data gathering as part of a mental process—e.g., obtaining a suspend request verbally, telephonically, via pen and paper, or otherwise); generating the restore key (i.e., calculations performable by a mental process—e.g., deriving a key by following a key derivation algorithm); retaining a copy of the encrypted metadata (i.e., data storage performable by a mental process—e.g., storing data in a file drawer); and destroying any copy of the cryptographic key (i.e., data gathering and manipulation as part of a mental process—e.g., obtaining copies of information and erasing or overwriting them). Since dependent claim 4 merely further specifies the abstract idea, it is rejected under the same analysis as that of its parent claim above.
Regarding dependent claim 5, it recites the following abstract idea limitations: receiving a restore request to cause to store a copy of the cryptographic key (i.e., data gathering and manipulation as part of a mental process—e.g., obtaining and storing data responsive to a request to do so); decrypting the copy of the encrypted cryptographic key using the restore key to generate a local copy of the cryptographic key (i.e., calculations performable by a mental process—e.g., decryption by following a mathematical algorithm via pen and paper or a cipher); and making available the local copy of the cryptographic key to the customer to perform one or more operations using the local copy of the cryptographic key (i.e., methods of organizing human activity—e.g., providing agreed upon information to a customer as part of a business transaction). Since dependent claim 5 merely further specifies the abstract idea, it is rejected under the same analysis as that of its parent claim above.
Regarding dependent claim 6, it recites the following abstract idea limitations: sending the encrypted cryptographic key to a first customer; and sending the encrypted metadata to a second customer (i.e., methods of organizing human activity—e.g., sending information to different parties as agreed upon). Since dependent claim 6 merely further specifies the abstract idea, it is rejected under the same analysis as that of its parent claim above.
Regarding dependent claim 8, it is rejected for substantially the same reasons as claim 5 above.
Regarding dependent claim 9, it recites the following abstract idea limitations: decrypt the copy of the encrypted cryptographic key using the restore key at an expiration of a predetermined period of time (i.e., calculations performable by a mental process—e.g., decryption by following a mathematical algorithm via pen and paper or a cipher, following an agreed-upon expiration time). Since dependent claim 9 merely further specifies the abstract idea, it is rejected under the same analysis as that of its parent claim above.
Regarding dependent claim 10, it is rejected for substantially the same reasons as claim 4 above.
Regarding dependent claim 11, it recites the following abstract idea limitations: encrypt the restore key using a second restore key at an expiration of an interval of time (i.e., calculations performable by a mental process—e.g., encryption of a key with a key-encrypting key after a known period of time); and send a copy of the restore key encrypted under the second restore key; or receive the copy of the encrypted cryptographic key, decrypt the encrypted cryptographic key, and encrypt the cryptographic key using the second restore key (i.e., calculations performable by a mental process—e.g., reencryption under rotated key-encrypting keys, where the reencryption may be done via pen and paper or cipher). Since dependent claim 11 merely further specifies the abstract idea, it is rejected under the same analysis as that of its parent claim above.
Regarding dependent claim 12, it recites the following abstract idea limitations: encrypt the restore key under a second restore key (i.e., calculations performable by a mental process—e.g., encryption of a key with a key-encrypting key via pen and paper or a cipher); send the encrypted cryptographic key to a primary account; send a copy of the restore key encrypted under the second restore key to a secondary account (i.e., methods of organizing human activity—e.g., sending information to different parties as agreed upon); receive the copy of the encrypted cryptographic key from the primary account; receive the copy of the restore key encrypted under the second restore key from the secondary account (i.e., methods of organizing human activity—e.g., receiving information from different parties as agreed upon); restore the restore key encrypted under the second restore key using a second key; and restore the encrypted cryptographic key using the restore key (i.e., calculations performable by a mental process—e.g., multi-step decryption by following a mathematical decryption algorithm via pen and paper or a cipher). Since dependent claim 12 merely further specifies the abstract idea, it is rejected under the same analysis as that of its parent claim above.
Regarding dependent claim 13, it is substantially similar to dependent claim 2 above, and is therefore rejected under the same analysis.
Regarding dependent claims 15-19, they are rejected for substantially the same reasons as claims 9-13 above.
Regarding dependent claim 20, it is rejected for substantially the same reasons as claim 3 above.
Claim Rejections - 35 USC § 112
The following is a quotation of the first paragraph of 35 U.S.C. 112(a):
(a) IN GENERAL.—The specification shall contain a written description of the invention, and of the manner and process of making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it pertains, or with which it is most nearly connected, to make and use the same, and shall set forth the best mode contemplated by the inventor or joint inventor of carrying out the invention.
The following is a quotation of the first paragraph of pre-AIA 35 U.S.C. 112:
The specification shall contain a written description of the invention, and of the manner and process of making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it pertains, or with which it is most nearly connected, to make and use the same, and shall set forth the best mode contemplated by the inventor of carrying out his invention.
Claims 1-20 are rejected under 35 U.S.C. 112(a) or 35 U.S.C. 112 (pre-AIA ), first paragraph, as failing to comply with the written description requirement. The claim(s) contains subject matter which was not described in the specification in such a way as to reasonably convey to one skilled in the relevant art that the inventor or a joint inventor, or for applications subject to pre-AIA 35 U.S.C. 112, the inventor(s), at the time the application was filed, had possession of the claimed invention. Independent claim 1 recites “separately encrypting the metadata with the restore key to generate encrypted metadata,” which is considered to be new matter. Independent claims 8 and 14 likewise recite substantially similar language.
The instant specification discusses the claimed metadata in [0011], [0022]-[0024], [0026], and [0031]. While the specification described encrypting the metadata with the restore key (e.g., “a restore key can be created and used to encrypt the key material, along with any metadata (e.g., policies) for the key material;” “K1_restore 244 is used to encrypt K1 242 along with at least a portion of the metadata associated with K1;” “the restore key is used to encrypt 306 the master key along with at least a portion of the metadata associated with the master key”), it does not describe “separately encrypting.” For one, there is no mention of the phrase “separately encrypting.” Additionally, no unique definition of “separately” is provided (e.g., whether it refers to different encryption steps, different encryption algorithms, sending portions of data in different packets, and so forth).
The instant specification further states that “[h]aving created K1_restore 244 and encrypting K1 under K1_restore, the cryptographic service exports K1 as encrypted under K1_restore 246 to the client device and at least a portion of the associated metadata. Additionally or alternatively, as described, such metadata can be preserved in the cryptographic service or some other service and only K1 as encrypted under K1_restore 246 is exported” in [0023]. This likewise does not describe “separately encrypting” because it merely implies that metadata can be kept rather than being sent (“such metadata” further being unclear as to whether it refers to encrypted or unencrypted metadata). At most, the instant specification appears to only support differently storing an encrypted key and associated metadata (possibly encrypted or not).
The dependent claims do not fix the abovementioned deficiencies and are therefore likewise rejected with their respective parent claims.
Claims 1-20 are rejected under 35 U.S.C. 112(a) or 35 U.S.C. 112 (pre-AIA ), first paragraph, as failing to comply with the written description requirement. The claim(s) contains subject matter which was not described in the specification in such a way as to reasonably convey to one skilled in the relevant art that the inventor or a joint inventor, or for applications subject to pre-AIA 35 U.S.C. 112, the inventor(s), at the time the application was filed, had possession of the claimed invention. Independent claims 1, 7, and 14 each recite “provid[e / ing] a secure environment for operations associated with the data for the customer based in part on the restored cryptographic key,” which was not described in the specification in such a way as to reasonably convey to one skilled in the relevant art that the inventor or a joint inventor. Specifically, the specification does not define or describe “a secure environment” as claimed.
The dependent claims do not rectify this issue and are therefore likewise rejected with their respective parent claims.
The following is a quotation of 35 U.S.C. 112(b):
(b) CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.
The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.
Claims 1-20 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA 35 U.S.C. 112, the applicant), regards as the invention. Independent claims 1, 7, and 14 each recite “provid[e / ing] a secure environment for operations associated with the data for the customer based in part on the restored cryptographic key,” which renders the respective claims indefinite because it is not clear how to interpret this limitation.
It is first not clear whether “based in part on the restored cryptographic key” is modifying “providing,” “operations,” or “associated.” For instance, the secure environment may be provided based on the restored key; or the secure environment may be provided for operations, where the operations are based on the restored key; or the operations may be “associated with the data for the customer” based on the restored key (i.e., that the association relies on the restored key).
Secondly, there is insufficient antecedent basis for “the restored cryptographic key” in the claim. The claim does not positively recite restoring the key, and it does not specify “a restored cryptographic key.”
The dependent claims do not rectify this issue and are therefore likewise rejected with their respective parent claims.
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
Claim(s) 1-2, 4-5, 7-8, and 13-15 is/are rejected under 35 U.S.C. 103 as being unpatentable over Biddle (US 2008/0141040 A1) in view of Carman (US 6,272,632 B1) and Herman (US 2010/0229005 A1).
Regarding claim 1, Biddle discloses: A computer implemented method, comprising:
encrypting a cryptographic key with a restore key, the cryptographic key to encrypt data for a customer;
Refer to at least FIG. 3 and [0039] of Biddle with respect to an exemplary decryption key 220 protected by, e.g., encryption with a recovery key 250.
Refer to at least [0038] of Biddle with respect to decryption keys being used in encryption.
providing metadata;
Refer to at least [0041], [0044] and [0056] of Biddle with respect to access information for the decryption key. Further refer to at least [0039] and [0062] of Biddle, where the access information may additionally protect the recovery key.
sending the encrypted cryptographic key and the metadata;
Refer to at least [0056] of Biddle with respect to sending “the protected decryption key and corresponding information needed to access the decryption key via the protected decryption key” to off-site storage.
receiving a copy of the encrypted cryptographic key and a copy of the metadata;
Refer to at least [0052] of Biddle with respect to returning the protected decrypted key from off-site storage. Further refer to at least [0025] of Biddle, wherein “the information required to access at least one protected decryption key is likewise provided.”
receiving authorization permission to authorize a restore request from one or more authorized sources, the restore request including the copy of the cryptographic key as encrypted under the restore key [and the metadata]; and determining, in response to receiving the authorization permission, to authorize the restore request based at least in part on comparing the copy of the encrypted metadata with the encrypted metadata.
Refer to at least [0024] and [0050] of Biddle with respect to authorization.
Refer to at least [0008], [0039], and [0061]-[0062] of Biddle with respect to allowing restoration of the decryption key via use of the access information; the provided access information being correct.
Biddle does not disclose: the metadata specifically comprising first information associated with the cryptographic key and comprising second information that is associated with the restore key; separately encrypting the metadata with the restore key to generate encrypted metadata; sending the encrypted key and encrypted metadata to different entities; the metadata further being encrypted metadata; the restore request including the copy of the metadata as encrypted under the restore key. However, Biddle in view of Carman discloses: the metadata specifically comprising first information associated with the cryptographic key and comprising second information that is associated with the restore key; the metadata further being encrypted metadata;
Refer to at least FIG. 10, Col. 7, Ll. 58-33, and Col. 12, Ll. 41-Col. 13, Ll. 15 of Carman with respect to key recovery field information including user secret (e.g., cryptographic key KS) information such as a size and type; a verification digest and an access rule used for recovery operations (associated with a recovery key such as a KRC key). The abovementioned values are encrypted with a KRC key as in Col. 5, Ll. 58-Col. 6, LL. 3 of Carman.
sending the encrypted key and encrypted metadata to different entities;
Refer to at least Col. 3, Ll. 9-15, Col. 4, Ll. 45-50, and Col. 19, Ll. 1-14 of Carman with respect to multiple KRCs and sending the KRFs to multiple KRCs.
the restore request including the copy of the metadata as encrypted under the restore key.
Refer to at least FIG. 11 and Col. 6, Ll. 42-44 of Carman with respect to a restore request that includes sending the KRF.
The teachings of Biddle and Carman both concern user secret recovery and are considered to be within the same field of endeavor and combinable as such.
Therefore it would have been obvious to one of ordinary skill in the art before the filing date of Applicant’s invention to modify the teachings of Biddle to include a KRF with protected keys for at least the purpose of improving security through challenge response (i.e., as per the access rules and corresponding authentication tests in Carman—e.g., Col. 8, Ll. 14-22) as an additional factor of authentication in an integrated manner; for at least the purpose of compatibility with multiple formats and redundant recovery centers (i.e., as per the fields in FIG. 10 of Carman). It is noted that [0050] of Biddle includes entry of a shared secret for provision of a protected key.
Biddle-Carman does not specify: separately encrypting the metadata with the restore key to generate encrypted metadata. However, Biddle-Carman in view of Herman discloses: separately encrypting the metadata with the restore key (the same key as used to encrypt the data with which the metadata is associated in Herman) to generate encrypted metadata.
Refer to at least FIG. 3 and [0040]-[0042] of Herman with respect to whitening / encrypting data and also whitening / encrypting associated metadata with the same selected key.
The teachings of Herman concern encryption and are considered to be combinable with those of Biddle-Carman as they concern encryption (e.g., encrypting data and metadata together).
Therefore it would have been obvious to one of ordinary skill in the art before the filing date of Applicant’s invention to modify the teachings of Biddle-Carman to include a separate encryption step for the metadata portions because the particular known technique was recognized as part of the ordinary capabilities of one skilled in the art.
Regarding claim 2, Biddle-Carman-Herman discloses: The computer implemented method of claim 1, further comprising: storing, in a data store managed by a key management service, the cryptographic key for use in encrypting data for a customer of a service provider associated with the cryptographic key, the key management service being operated in a service provider environment of the service provider, the cryptographic key associated with the metadata.
Refer to at least FIG. 1 of Biddle with respect to branch offices, central/web servers, and associated storages.
Refer to at least [0044] of Biddle with respect to the off-site storage being any storage associated with elements of FIG. 1.
Regarding claim 4, Biddle-Carman-Herman discloses: The computer implemented method of claim 1, further comprising: receiving a suspend request to suspend storage of the cryptographic key; generating the restore key; retaining a copy of the encrypted metadata; and destroying all copies or at least one copy of the cryptographic key which is under control or managed by a cryptographic service.
Refer to at least [0007] and [0046] of Biddle with respect to removing decryption keys from storage during a disaster; the access information is not recited to be removed.
Regarding claim 5, it is rejected for substantially the same reasons as claims 1 and 5 above (i.e., the citations; a user recovers the decryption key encrypted with the restore key for, e.g., decrypting an encrypted volume).
Regarding independent claim 7, it is substantially similar to independent claim 1 above, and is therefore rejected for substantially the same reasons (i.e., the citations and obviousness rationale).
Regarding claim 8, it is rejected for substantially the same reasons as claim 7 above.
Regarding claim 13, it is substantially similar to claim 2 above, and is therefore likewise rejected.
Regarding independent claim 14, it is substantially similar to independent claim 1 above, and is therefore rejected for substantially the same reasons (i.e., the citations and obviousness rationale).
Regarding claim 15, it is substantially similar to claim 8 above, and is therefore likewise rejected.
Claim 3, 6, and 20 is/are rejected under 35 U.S.C. 103 as being unpatentable over Biddle-Carman-Herman as applied to claims 1-2, 4-5, 7-8, and 13-15 above, and further in view of Kohno (US 9,489,523 B2).
Regarding claim 3, Biddle-Carman-Herman does not fully disclose all elements of: updating the metadata with audit information indicating at least one of a customer initiating a suspend request or a time of initiating the suspend request. However, Biddle-Carman-Herman in view of Kohno discloses: updating the metadata with audit information indicating at least one of a customer initiating a suspend request or a time of initiating the suspend request.
Refer to at least Col. 2, Ll. 15-44, Col. 7, Ll. 50-Col. 8, Ll. 13, and Col. 9, ll. 6-16 of Kohno with respect to updating audit data per every user request.
The teachings of Biddle-Carman-Herman and Kohno concern key storage, management, and encryption. Accordingly, they are considered to be combinable as such.
Therefore it would have been obvious to one of ordinary skill in the art before the filing date of Applicant’s invention to modify the teachings of Biddle-Carman to include support for suspend requests and auditing information for at least the purposes outlined in Col. 5, Ll. 38-50 of Kohno (i.e., providing strong audit security).
Regarding claim 6, Biddle-Carman-Herman does not fully disclose all elements of: sending the encrypted cryptographic key to a first customer; and sending the encrypted metadata to a second customer. However, Biddle-Carman-Herman in view of Kohno discloses: sending the encrypted cryptographic key to a first customer; and sending the encrypted metadata to a second customer.
Refer to at least FIG. 4 and Col. 15, Ll. 22-30 of Kohno with respect to key requests from a first device and auditing data being associated with its paired device.
The teachings of Biddle-Carman-Herman and Kohno concern key storage, management, and encryption. Accordingly, they are considered to be combinable as such.
Therefore it would have been obvious to one of ordinary skill in the art before the filing date of Applicant’s invention to modify the teachings of Biddle-Carman-Herman to include support for paired devices for at least the purposes outlined in at least Col. 12, Ll. 44-Col. 13, Ll. 20 of Kohno (i.e., improved auditing protection).
Regarding claim 20, it is substantially similar to claim 3 above, and is therefore likewise rejected.
Claim 10 and 17 is/are rejected under 35 U.S.C. 103 as being unpatentable over Biddle-Carman-Herman as applied to claims 1-2, 4-5, 7-8, and 13-15 above, and further in view of Al-Salqan (US 6,549,626 B1).
Regarding claim 10, Biddle-Carman-Herman does not fully disclose all elements of: flag the encrypted cryptographic key as pending deletion; and destroy any copy of the cryptographic key when an acknowledgment of receipt of the encrypted cryptographic key is received; or provide a copy of the encrypted cryptographic key when a determined amount of time passes before the acknowledgment of receipt is received. However, Biddle-Carman-Herman in view of Al-Salqan discloses: flag the encrypted cryptographic key as pending deletion; and destroy any copy of the cryptographic key when an acknowledgment of receipt of the encrypted cryptographic key is received; or provide a copy of the encrypted cryptographic key when a determined amount of time passes before the acknowledgment of receipt is received.
Refer to at least Col. 4-5, LI. 62-9 of Al-Salqan with respect to deletion of a key recovery file from key recovery file storage after its provision,
Col. 7, LI. 1 -10 of Al-Salqan are also believed to be applicable.
The teachings of Biddle-Carman are combinable with the teachings of Al-Salqan at least because they concern secure storage of keys, key recovery operations.
Therefore it would have been obvious to one of ordinary skill in the art at the time of Applicant's invention to modify the teachings of Biddle-Carman-Herman with the teachings of Al-Salqan such that any copy of the secret is deleted only after its provision for at least the purpose of making sure the keys aren’t accidentally lost due to connectivity issues.
Regarding claim 17, it is substantially similar to claim 10 above, and is therefore likewise rejected.
Claim 9, 11, 16, and 18 is/are rejected under 35 U.S.C. 103 as being unpatentable over Biddle-Carman-Herman as applied to claims 1-2, 4-5, 7-8, and 13-15 above, and further in view of Lee (US 8,565,422 B2).
Regarding claim 11, Biddle-Carman does not fully disclose all elements of: encrypt the restore key using a second restore key at an expiration of an interval of time; and send a copy of the restore key encrypted under the second restore key; or receive the copy of the encrypted cryptographic key, decrypt the encrypted cryptographic key, and encrypt the cryptographic key using the second restore key. However, Biddle-Jueneman in view of Lee discloses: encrypt the restore key using a second restore key at an expiration of an interval of time; and send a copy of the restore key encrypted under the second restore key; or receive the copy of the encrypted cryptographic key, decrypt the encrypted cryptographic key, and encrypt the cryptographic key using the second restore key.
Refer to at least Col. 9, Ll. 46-Col. 10, Ll.18 of Lee with respect to key rotation for a key storage and management device.
The teachings of Biddle-Carman-Herman are combinable with the teachings Lee at least because they concern secure storage of keys, key recovery operations.
Therefore it would have been obvious to one of ordinary skill in the art at the time of Applicant's invention to modify the teachings of Biddle-Carman-Herman with the teachings of Lee to include support for key rotation for at least the purpose of increasing security (i.e., the increased security from key freshness; reduced risk of total compromise).
Regarding claim 18, it is substantially similar to claim 11 above, and is therefore likewise rejected.
Regarding claims 9 and 16, they are rejected for substantially the same reasons as elements of claim 11 above.
Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to VADIM SAVENKOV whose telephone number is (571)270-5751. The examiner can normally be reached 12PM-8PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jeffrey L Nickerson can be reached at (469) 295-9235. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/Jeffrey Nickerson/Supervisory Patent Examiner, Art Unit 2432
/V.S/Examiner, Art Unit 2432